Problem with about:blank

Hey all,

Pleeease!! I need some help! It all started when I was inadvertently attacked by the Renos Hoax program a few days ago. As you know, everytime I tried to use IE, it would redirect me to a page to buy software to cure the problem etc etc. At other times I would get about:blank then be redirected. When I ran AdAware it didn't detect the program. My antivirus program (F-Secure) picked up the infection, but couldn't delete the program. It told me to follow the steps to manually delete the files, which I did. However, once I did that, I couldn't get online at all. My browser would lock up as it was trying to be redirected to a "404dns.com" that I noticed in the lower left hand area. It would never connect, just keep trying. I never even got a white "The page cannot be displayed" notice. Furthermore, it seemed that no connection with the internet could be established. For example, my antivirus updates couldn't connect, antimalware programs didn't update and I couldn't use remote desktop either. I know it isn't my internet connection, b/c my other machine connects fine on the same line.
So, I used my other computer to look for help online and found Major Geeks. I've gone through the "Read and Run Me First before asking for support" file. I had to burn the programs to CD to put on my defective machine. All was done except I couldn't use SpyBot S&D b/c everytime I tried it it said I had to update definitions first, and since it couldn't connect online I couldn't do that. I also can't use any online virus or trojan scans like Panda or Bitdefender either b/c I can't use my browser at all.
Next I went through the "Special Removal Procedure" for "about:Blank and/or HSA" b/c it seemed most appropriate for my problem. I did the simplified method first then tried my best to work through the complicated one. The problem I had was I really couldn't find anything in my HijackThis log that met the criteria listed except a questionable BHO item and a "proxyoverride" item. I followed all the steps I could (couldn't figure out how to search the registry (steps 13b thru 13d)) but I think I did bascially everything else.
So now (sorry for the long-windedness, but I'm trying to be complete)--after all that, I am back to a "The page cannot be displayed" page when I open IE. There is still a sort of a redirection attempt or something. It says in the lower left hand area "res://C:\Windows\system32\shdoclc.dll/dnserror.htm" as I try to open any page. It flashes very quickly. No program can connect to the internet still, same as before.
Did I screw my computer up when I was trying to fix it? Am I still infected? I have attached my logs from Hijack this and about:buster. The log named "Hijackthis1" is the log PRIOR to my running through the "about:blank and/or HSA Hijacker problems" method and the one named just "Hijackthis" is my most recent one from today. Please please please help me. Would I be better off just to re-image my machine, or is this even an option?

Thanks Rob Johnston

 

Thank you so much for your quick reply!

I ran the SpywareQuake Removal Procedure, and both the smitfiles log and a new HijackThis log are attached. When I came to the part where I looked for dll files to change to DDD files, I couldn't find any. Later, when I looked through for the other list of programs to delete, again I didn't find any. However, the three programs "dcomcfg" "regperf" and "stdole3" WERE on my computer when all this started 2 days ago. I remember b/c I saw them listed in the history file of Windows Defender and so I deleted them then. I didn't see them this time in System32.

In regards to your question about internet access--yes, I have no internet access at all. When I use my ethernet cable on my functioning computer, it works fine. But when I try to enable the LAN on my malfunctioning computer, it can't connect. When I try to repair the connection, it finally says it was unable to renew my IP address. But you should also know that in regards to the broken LSP chain, before I had any responses to this query, I plugged my HijackThis log into an online tester (via copying the log onto my good computer) and it told me to run "lspfix" from cexx.com, which I did before I got your message. The O10 line is gone from my new HijackThis log, but I still cannot access the internet. Finally, the winsflt.dll file IS in my System32 folder (as is a winsflte.dll file if that matters).

Thank you again for all you ongoing help and work!

 

I ran through the HijackThis and fixed all that you told me to, as well as resetting my web settings. After that, my internet connection still wasn't up. However, then I deleted the Charter Security Suite and now it IS connecting and everything seems to be working fine. I'm with you, I don't know if that was the actual cause for the break or not, but I'm going to go with a different firewall and antivirus program now. Who do you suggest for that?

I did go ahead and attach my HijackThis log. (I couldn't get the one I saved after deleting Charter to upload though.)

Thank you so much for all you help. You are a God-send.

Rob