Websites load, then blank page

Out of nowhere, I can't get on the web. My connection is fine and I can ping websites. I try to load a page and the brower immediately goes to a blank page with "http:///" in the address bar, which I have never seen. I scanned for spyware with 2 different softwares and scanned for viruses with NAV. Nothing. I finally kill winpack.exe and my problem is solved. After some searching, I realize that this is a Windows web management file.

Any ideas why this might be happening?

 

winpack.exe is not a file I'd expect to see running unless you are doing something strange with a really old OS version (Win 3.1 or maybe 95).

It sounds like your system has been pretty completely hijacked by some sort of malware. Get Hijackthis (see quicklinks in my signature) and unzip it to a folder of it's own. I like c:\hjt but any folder will do as long as it's not the desktop or a temp folder.

Run HJT, scan, and create a log file then post the log file here so we can take a look. Don't try to use Hijackthis to fix anything yourself or you can destroy your operating system.

Once we have the log file, this thread will be moved to the spyware removal section of the forum.

 

hijackthis log file

Logfile of HijackThis v1.99.0
Scan saved at 5:43:12 PM, on 12/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpserver.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpACtrl.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\WINDOWS\System32\msxml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Downloaded Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CyberPatrolNew] C:\Program Files\SurfControl\CyberPatrol\cphq.exe /m
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [msxml] C:\WINDOWS\System32\msxml.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/install/guidedsolutions.cab
O16 - DPF: {B80F9FCE-DFDD-4A2A-8AA9-E05C6B7D4ED3} (SWToolBar Class) - http://www.smileyworld.com/toolbar/SmileyWorld.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service - Unknown - C:\Program Files\Softex\OmniPass\Omniserv.exe

 

sdallen24--I am not sure this helps much but others have had the problem. Unfortunately I have not seen that it was fixed.
http://discussions.virtualdr.com/showthread.php?s=&threadid=164163&highlight=http///
http://discussions.virtualdr.com/showthread.php?s=&threadid=161242&highlight=http///
You can see the reference that it might be due to a CoolWebSearch variant. But once again no confirmation.
You might run CWShredder, but I think you should get advice from someone more knowledgeable on this.

 

High probability that the file msxml.exe in the C:\WINDOWS\System32 folder is malware related. Would you locate the file and check it's properties, posting whatever information is found. I would also suggest scanning your PC with RAV, and posting it's report.

 

msxml.exe used to be a MS program for XML Application Development, but it is no longer in use by MS, and it seems, indeed, to be the sign of a spyware worm.
http://startup.iamnotageek.com/srch-msxml.exe.html