Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Compaq Laptop Keeps Clicking To Homepage - Even When Not Online!


  • Please log in to reply
5 replies to this topic

#1 Novice_Tim

Novice_Tim

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 25 January 2007 - 06:53 PM

Thank you for your help.

As above, my laptop upon booting up begins to "click" to the Google homepage - or try to - even when I am not online. This problem seemed to begin when I installed the Kodak easyshare software. I then uninstalled the Easyshare but problem continues. I have done the things on the list, and here is Hijack This logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:45 AM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\JUSearch\juspc.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\DOCUME~1\TIMPIK~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157572267066
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157648431546
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


At one point a black dialog box popped up with the following:

C:\WINDOWS\System32\ScsiAccess.EXE

I don't know if that has anything to do with it or not...

I also have Juno installed which some friends say could be a problem...

Thank you so much for any help or advice.

~ Tim

BC AdBot (Login to Remove)

 


#2 Novice_Tim

Novice_Tim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 28 January 2007 - 02:36 AM

It's me - I'm adding information - and also asking if someone could please check out my logfile and respond.

I don't think I made it clear enough that, when this problem starts, you can't really do anything. Friends have advised me to "run this" or "download that" but you can't do anything because the whole laptop is involved with aggressively and incessantly clicking back to the Google homepage (the IE frame comes up automatically). Before you know it I could have 40 or 50 IE windows up, trying to access the homepage, with more coming up and no way to shut them down...

Sometimes I try to quickly hit "close group" but this takes time and the windows just keep coming. I can't even get to Control-ALT-Delete to look at running processes etc.

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 PM

Posted 29 January 2007 - 12:44 PM

Hi Novice_Tim,

Sorry for the delay, the logs forum is very busy.

Are you still struggling with this problem? And it's the same that you posted about back in August here?-- http://www.bleepingcomputer.com/forums/t/60340/keeps-going-back-to-my-home-page-google/

I was about to suggest that you try booting into safe mode to attempt a System Restore to before the time you installed the Kodak software, but you probably don't have a Restore Point that old.

I agree with Buckeye_Sam in that older thread that this doesn't sound like malware, but a software issue and NetZero could well be the culprit. Let's try a couple of things, even tho it may not be malware HijackThis may be able to help with this.

First just boot into Safe Mode<--link with instructions. Do not choose safe mode with networking if available. Does the behavior still occur?

While you are in safe mode, you will need to unzip HijackThis so the backups it makes are safe. For what I have in mind you may very well need those backups.

Create a folder on your desktop by right clicking then choose New>Folder, then name it HJT. Now locate HijackThis.zip wherever you saved it to, and drag it into the new folder. Now right click HijackThis.zip>Extract All>Next>Next>Finish. You can also double-click HijackThis.zip to open it and then drag HijackThis.exe into the new folder. If you have any problems with it at all, see this thread for more detailed instructions, just be sure to run HJT unzipped from now on.

Then post me a new HijackThis log and let me know how things are running in safe mode.

The thing about people

is they change

when they walk away.--Mipso


#4 Novice_Tim

Novice_Tim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 03 February 2007 - 03:18 PM

Thank you, PapaKid

I'm sorry I haven't checked the Bleepingcomputer forum til now. I must tell you, I got so frustrated that I decided to dedicate that laptop to non-internet activities, such as word processing, creating newsletters, working with photos, etc. - and I removed my Internet Explorer 7!!!!!!!!!!!

I don't know if that sounds stupid, but the laptop is about 4 years old and I don't know how much life it has left. (As an example of my doubts about it, the battery went awhile back and I have not even replaced it because I don't know if it's worth investing in it or just "get by" til I someday get a new one...)

It is running just fine now, faster than ever and when I need to send something i just burn it onto a CD-R and use my desktop...

I do want to thank you, and I think you guys do a great job.

You don't need to reply to this, but I am curious as to what you think about what I've done - does it sound dumb to you or is it reasonable considering all I've told you??

Thanks Again.

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 PM

Posted 03 February 2007 - 10:57 PM

Well, I don't like to call anyone stupid. I don't necessarily agree with your decision, but it is your property and your choice and I imagine there are other factors that I'm not aware of involved.

I don't own any laptops but from what I hear they are designed to last about three years--many desktops are the same. But that is mostly referring to hardware and if that is still solid you could get much more out of it. Yours appears to be a software problem, which is much cheaper to fix--if nothing else you could reformat and re-install windows.

It might be something very simple. I'm not sure what all you have tried to do to fix it, but it would be nice if you would let me try a couple things as you've got my curiosity up. We learn from each other--if we can find out what the problem is, it can benefit others experiencing the same. It benefits me to gain more knowledge and it benefits you--a laptop is not really meant to be used just like a desktop.

So I guess I'm saying I recommend that you not give up so easily. I would consider it a favor if you would at least let me know how you got the bad behavior to stop. You said before it happens "even when I am not online." Did you mean to say even when not using a browser? That it stops when you are not connected? What type of connection do you use--dial-up, cable, etc.?

Then if you decide to let me try to help you, move HijackThis into its own folder and post a fresh HijackThis log, please. What I have in mind will only cost you some time.

The thing about people

is they change

when they walk away.--Mipso


#6 Novice_Tim

Novice_Tim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 06 February 2007 - 02:36 AM

To PapaKid:

Thank you for taking such interest in this situation. It started when I was overseas in the Netherlands Antilles (there two years). We had a wireless network set up in the school office and I could come and go with the laptop.

That's when I first found out about Bleepingcomputer and contacted you guys.

When the problem is occuring - which tends to be intermittent but then gets worse and seems to happen all the time upon booting up - it will take other 'frames' you are working in (sorry I don't know all the terminology) and, like, convert them to an IE window, if that makes sense. For example, I'd go into Control Panel to try something and then my Control Panel window would 'become' my Google homepage, and then start clicking like crazy - each time it clicks it flickers and returns to the Google homepage - or whatever homepage there may be - like you are hitting the back button. At first it clicks like this once every 10 or 15 seconds but then speeds up and is clicking "back to the homepage" as I say - about a zillion times a second!

When I was working online it would - by itself - click back to the homepage. Very frustrating. This is when I'd get on one of the school computers and try to "research" the problem, and that's when I learned the term "hijacking" which I thought was very appropriate to my situation.

I had numerous people try to help. Some said "there's dust on your keyboard", and "go back to a restore point" and "the so-and-so button might be stuck", while others told me it is a virus, trojan, worm, etc. etc. I tried all kinds of stuff at well-meaning peoples' advice, who knew more about computers than I did.

I called some local computer places and they basically all indicated that they would wipe and reinstall (again, if that's the correct terminology). I wanted to try to avoid that since I had just done that a few months earlier and lost a bunch of stuff - not documents i saved them - but programs that had been installed and I couldn't get them in Curacao (that I knew of).

My co-worker told me you should wipe and re-install every 6 months or so anyway, just as a matter of good maintenance, but I have yet to figure that out because it seems like a big hassle and you lose stuff.

WHen I got back home (August) I did wipe and re-install by myself, and thought "now I'll be done with this problem" and it still came back. My brother later told me about zeroing out the HD and I became interested in that, but then it always seemed a bit over my head technically.

In October I was at my company's headquarters (in Missouri and I'm in NJ) and a couple guys helped me with my laptop. They kept it overnight and I don't even know what all they did to it. When I got it back it had a lot of stuff upgraded on it, including - - I don't think I can remember all what - - but "service packs" and all this stuff.

It was good for about a month and then started up again.

So I "got rid of the problem" by uninstalling IE and dedicating the laptop to non-internet tasks. Maybe I should get Mozilla on a disk - or some other browser - and load it in instead because I heard a lot of hackers want to attack IE because it's Microsoft...

You know, they say ignorance is bliss. For the time being I am so happy to have my laptop back again, using it for Word and PPT and composing our newsletter, editing photos, and then burning them onto CD-R's, etc. Eventually I may miss the internet connectivity which I am currently just doing here with my desktop, but for now I am naively happy.

Eventually I'll get a new laptop, and it will have Vista on it and all the current protective measures, and then I'll run it til I crash into another wall at some point. At least I have learned some things through the experience of virtually losing the functionality of my laptop...

But like I said, I really appreciate what you guys do. I will try to do another Hijack This logfile and send it to you. I was surprised when I did it the first time and the guy said he didn't think it looked like a malware problem at all. I was so hopeful that this thing would be readily recognizable, but to this day I can't seem to find anyone who is familiar with this particular problem, and I feel that if I bring it to the Geek Squad or Firedog or some local place they will take the easy route and just wipe and re-install.

I really should give a donation because you guys offered the most help out of all the options that I could think of. OK, yeah, I think I'll do that...

Anyways, thanks very much for your work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users