Hey everybody on this forum, im new here and i heard you guys work wonders on fixing problems on computers. My problem is in my internet explorer, all i keep getting is a msblank.html problem and my internet wont work, i already ran ad-aware and CWshredder and nothing worked, if it wouldnt be any trouble please help here i posted my hijack list, thank you skysthelimit

Logfile of HijackThis v1.99.1
Scan saved at 9:37:46 PM, on 10/27/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\popcorn72.exe
C:\VEXPLITE\MONLITE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\System32\msblank.html
R3 - URLSearchHook: (no name) - {08E540E1-9218-1A4D-8AA1-8C42F3712956} - SetupExeDll.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: ActiveX Control - {3D8F0A3E-48AC-4967-93F5-E2CACAFB5B3B} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IE SP2 AddOn - {ABBA349B-7F75-4A38-8CF9-E7932CE09B62} - blank (file missing)
O2 - BHO: ActiveX Control - {DB1D0922-E0FE-4491-B6B2-3DBF1876B785} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [dnsquerx] C:\Program Files\Merak\dnsquerx.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125445706615
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0007.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E61CEFA-9498-4F81-B2A9-06BC26B96F52}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EDA5757-4FFF-499B-89E1-FF6D215B8B57}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

Hi

Please move HJT from your Desktop to its own folder on your C: so backups can be created. Do this before continuing.
===

Close all windows!

Check the following in HJT and click 'Fix Checked'

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\System32\msblank.html
R3 - URLSearchHook: (no name) - {08E540E1-9218-1A4D-8AA1-8C42F3712956} - SetupExeDll.dll (file missing)

O2 - BHO: ActiveX Control - {3D8F0A3E-48AC-4967-93F5-E2CACAFB5B3B} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IE SP2 AddOn - {ABBA349B-7F75-4A38-8CF9-E7932CE09B62} - blank (file missing)
O2 - BHO: ActiveX Control - {DB1D0922-E0FE-4491-B6B2-3DBF1876B785} - blank (file missing)

O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\popcorn72.exe rundll.dll,LoadMouseProfile

O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0007.exe
===

Go to Add/Remove Programs in Control Panel and look for the following. Un-install if found:

Merak
===

Download CWShredder 2.15 from here. (http://www.intermute.com/products/cwshredder.html) Check for updates first and then Run it and press the *fix,* not scan and allow it to clean the infection. Close all browser and explorer windows before hitting the fix button.
===

View hidden files and folders - explained here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Go into Safe Mode - explained here (http://www.computerhope.com/issues/chsafe.htm)
===

Find and Delete the following:

C:\WINNT\System32\popcorn72.exe << this file
===

Reboot into Normal Mode
===

Scan your PC with the following:

Panda Activescan (http://www.pandasoftware.com/products/activescan.htm)
===

Post a new HJT log :)

Thank you for helping i did everything you said and here is the new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:16:31 PM, on 10/27/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\VEXPLITE\MONLITE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\System32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\System32\msblank.html
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [dnsquerx] C:\Program Files\Merak\dnsquerx.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125445706615
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E61CEFA-9498-4F81-B2A9-06BC26B96F52}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EDA5757-4FFF-499B-89E1-FF6D215B8B57}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

You still have not moved HJT. Please move HJT from your Desktop to its own folder on your C: so backups can be created. Do this before continuing.
===

Go into Safe Mode - explained here (http://www.computerhope.com/issues/chsafe.htm)
===

Close all windows!

Check the following in HJT and click 'Fix Checked'

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\System32\msblank.html

O4 - HKLM\..\Run: [dnsquerx] C:\Program Files\Merak\dnsquerx.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E61CEFA-9498-4F81-B2A9-06BC26B96F52}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EDA5757-4FFF-499B-89E1-FF6D215B8B57}: NameServer = 85.255.113.108,85.255.112.25
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
===

Find and Delete the following:

C:\Program Files\Merak << this folder
C:\WINNT\System32\msblank.html this file
===

Reboot into Normal Mode
===

Go here (http://virusscan.jotti.org/) and type in the following (or copy and paste).

C:\VEXPLITE\MONLITE.EXE

The file will be scanned by various anti-virus scanners. Post the results here
===

Post a new HJT log :)

Can you also please do the following;

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\System32\msblank.html

O4 - HKLM\..\Run: [dnsquerx] C:\Program Files\Merak\dnsquerx.exe

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

thank you guys for helpin i have just returned from a trip but i will have the update for you guys to take a look at thank you

Okay trogan_1000 i did everything u asked for me in the second response from you
so i ran the scan from the instructions and here are the results

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

And here is my hijackthis log:

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\VEXPLITE\MONLITE.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125445706615
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

i cant stress enough how much you guys are helping me thank you

Your missing the top bit from your HJT log but thats okay :)
===

1) Did you do the scan I asked at the bottom of my first post? If not, please do it and tell me the results.

2) You need to get an Anti-Virus on your computer if you havn't got one. There are some FREE good ones available. Let me know.

3) I'm not sure about this entry in your HJT log.

O1 - Hosts: localhost 127.0.0.1

Wait to see what crunchie says

:thumbsup:

Did you follow the instructions from post #5? That 01 entry is likely to be wareout related.