Need Help! about:blank Win98

There is no System Restore in Win98. Just ignore that step. Also there will be no Network Security Service in Win9x or WinMe, so just ignore/skip that too.

What do you mean by, "Once I disabled all 6 under troubleshooting"?
These scanning tools will not necessarily fix the about:blank problem. The main reason for running all of these tools is to get your system into a somewhat known clean state so that cleaning of more difficult problems like about:blank and HSA hijacks are not as difficult.

First try running About:Buster as per its instructions. After that, if you still have a problem, make sure you have HijackThis version 1.98.2 and post a log as a .txt file attachment.

 

About:Buster is listed in the READ ME FIRST link.

 

Did you:
- update about:buster before running
- did you run about:buster twice as per its instructions (run once, then reboot, and run again)


I do not see a HijackThis log attachment. Also it would be good if you attached the about:buster logs if you saved each one.

You need to save the HijackThis log to a .txt file or it will not upload. The default file name with HJT is hijackthis.log. Change it to hijackthis.txt or hjtlog.txt (anything name you like but with a .txt extension).

 

Okay! As you can see About:Buster is finding things wrong. Let's try fixing some items with HijackThis but I'm not sure it will work by itself so we will interleave a couple other steps. Please print these instructions or save them locally because I am going to have you disconnect from the Internet (physically disconnect the analog modem or cable/dsl modem connection to make sure) and I also want you to EXIT all browser (Internet Explorer, Firefox etc) sessions when I tell you to. But first read thru this and make sure you understand how to do everything and have click on the links I gave you to read.

Preparation steps (you may know these but I'm double checking):
- Know how to boot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
- Enable view of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650


Note if you have rebooted you PC since your HijackThis post, the filenames below may have changed. So we may have to start again with another HijackThis log. You will have to see when you try to do these steps:

1) Physically disconnect from the Internet and exit all browser sessions now.
2) Bring up Task Manager by hitting CTRL-ALT-DEL and click Processes. Then find and end the below process:
NTWT.EXE

3) Run HijackThis and put checks on the following lines and then click Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\rglgn.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {8696EA96-4885-7421-3479-8D61C40F9882} - C:\WINDOWS\SYSTEM\MFCBW32.DLL
O4 - HKLM\..\RunServices: [NTWT.EXE] C:\WINDOWS\SYSTEM\NTWT.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com

4) Run about:buster and save the log to ab1.txt
5) reboot in safe mode
6) Use Windows Explorer to locate and delete (tell me what happens for each of these):
C:\WINDOWS\system\rglgn.dll
C:\WINDOWS\SYSTEM\MFCBW32.DLL
C:\WINDOWS\SYSTEM\NTWT.EXE
7) Run about:buster (while still in safe mode) and save the log to ab2.txt
8) Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to like www.majorgeeks.com (for now please use this URL, you can change it to what you want later when the problem is totally resolved). Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
9) Empty your recycle bin
10) Reboot in normal mode.
11) Run about:buster and save the log to ab3.txt
12) Now reconnect your cables to the internet and run Internet Explorer. Open and close IE a couple of times.
13) Now perform another HijackThis scan.
14) Post the three About:Buster logs and the new HijackThis log (as attachments).
15) Tell me if still having a problem (but I will most likely be able to tell from the final HJT log).

 

Good! Hopefully you kept your computer running as these kinds of problems cannot be fixed if you begin the steps and do not complete before a reboot occurs.

I worried about this not being found:
C:\WINDOWS\SYSTEM\MFCBW32.DLL

Was the log still exactly the same as posted when you got to step 3?
Maybe About:Buster will pick it up and delete it.
If we do not get ALL of the problems files removed, it will respawn itself again after we complete all these steps. And then we will have to do another similar set of steps. Note that this is not too unusal. Quite often it does take some repetition to kill these kinds of problems.

 

Your log looks clean now. Good job!

The change of your start page to google from majorgeeks was my fault. In step 11 where I had you run about:buster a 3rd time causes this. AB resets you to google since they cannot assume what it you should have for a start page. Just reset your page now to what you want.

And here is a canned speech, some of which you may already have:

Make sure you get your system protected from reoccurrence of issues like this. Here are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly
patched OS.
a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
Do this at least once a month.
b. Never add any site to your Trusted Sites Zone.

2) Anti Virus: make sure you have one and keep it updated. Here are some good free ones:
http://majorgeeks.com/download1968.html Avast
http://majorgeeks.com/download886.html AVG
The top two hands down. Better than Norton or McAfee!
Only run ONE AV!

3) Firewall: if you don't have one get one of these below. The last two are free versions:
Don't care if your on dial up or High Speed....you must have a firewall
http://majorgeeks.com/download738.html Kerio Personal Firewall
http://majorgeeks.com/download3356.html Sygate Personal Firewall Free
http://www.majorgeeks.com/download388.html ZoneAlarmFree

4) Get a Temp File/Cookies/index.dat cleaner
http://majorgeeks.com/download4191.html CCleaner (Crap Cleaner)

5) SpyWare Prevention (These prevent, they are not scanners. Scanners are listed later.)
http://majorgeeks.com/download2859.html SpyWare Blaster
http://majorgeeks.com/download3045.html SpyWare Guard

6) SpyWare Scanners/Removers
http://majorgeeks.com/download2471.html SpyBot (Use the Immunize feature. I don't activate the TeaTimer)
http://majorgeeks.com/download506.html Ad-aware SE
http://www.majorgeeks.com/download4283.html VX2 Cleaner Plug-In for Ad-Aware