Browser Home Page Highjack

[PCproblems]

My Internet Explorer browser home page has been highjacked and I can't change it back. It goes to a "Privacy Vulnerability Detected" page, which has links to some other security software company. I'm running Windows 98 SE. I ran Highjackthis and I got the following log but I don't know which lines to fix. Can anyone tell me?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.un td.com;127.0.0.1;localhost;*windowsupdate.microsof t.com;*windowsupdate.com;*wustat.windows.com;*.pog o.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHELPER.DLL
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\JUNO6\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\PROGRAM FILES\JUNO6\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\XPOINT\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\XPOINT\PE\PCRecSA.exe -noshow
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\THINKPAD\UTILIT~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\THINKPAD\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KEYPAD] USBNUMP.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Xpagent] C:\PROGRA~1\XPOINT\agent\xpagent.exe win9x
O4 - HKLM\..\RunServices: [Xpclient] C:\PROGRA~1\XPOINT\EEClient\xpclient.exe /s
O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe
O4 - HKLM\..\RunServices: [VidSvr]
O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\JUNO6\QSACC\X1EXEC.EXE
O4 - HKCU\..\Run: [Juno_uoltray] C:\PROGRAM FILES\JUNO6\EXEC.EXE regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Startup: Event Reminder.lnk = C:\PMG4\PMREMIND.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/227
O12 - Plugin for .mpe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

Your help would be greatly appreciated.

John

[Mobo]

Hi and welcome.

To start I must tell you that I have never come across this hijack before so do you have any idead where you may have picked up the hijacker ?

If so can you pm me with any details like recent out of ordinary sites visited as well as recent downloads.

To begin lets have you rescanonce again with hijackthis, insert a check next to each then close all open browser windows and click "fix checked"


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm


R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
dll32.exe powrprof.dll,LoadCurrentPwrScheme


O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home

__________________________________________________ ___________

Now please :
1.Click Start > Run.
2. Type regedit
3.Click OK

4. Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run

5. In the right pane, delete the value:

"FastStart" = "%System%\ntnut32.exe home"


6. Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000535-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}

7. In the right pane, delete the value:

"Compatibility Flags" = "0x00000400"

8. Navigate to the subkey:

"url1" = "http://www.lolita***-x.com/"
"url2" = "http://www.hardcore-***-movies.com/"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

9. In the right pane, delete the value:

"url1" = "[Web site on the lolita***-x.com domain]"
"url2" = "[Web site on the hardcore-***-movies.com domain]"

10. Exit the Registry Editor.

_____________________________________-

To reset the Internet Explorer Search page:;

1. Start Microsoft Internet Explorer.
2. Click the Search button on the toolbar.
3. In the Search pane, click Customize.
4. Click Reset.
5. Click Autosearch Settings.
6. Select a search site from the drop-down list, and then click OK.
7. Click OK.

__________________________________________________ ___
5. To reset the Internet Explorer home page

1. Start Microsoft Internet Explorer.
2. Connect to the Internet, and then go to the page that you want to set as your home page.
3. Click Tools > Internet Options.
4. In the Home page section of the General tab, click Use Current > OK.

__________________________________________________ _________

Run an online scan here as well and set it to auto clean:
http://housecall.trendmicro.com/