HijackThis-How do I fix?

Hi,My homepage has been hijacked by ZG18.com whatever that is. I can change the homepage in internet options but it reverts back to this nasty one each time I turn my computer back on. I have run hijackthis and this is the log file it produced. I am not very computer literate. What do I do now?? Any help would be very much appreciated.
My computer is a pentium IV. 1.4GHz, 128MB Ram,
and I run VET antiviris software
Logfile of HijackThis v1.97.7
Scan saved at 10:19:18 AM, on 11/05/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\VET\VETTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ZG18.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ZG18.COM
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ZG18.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ZG18.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ZG18.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ZG18.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ZG18.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ZG18.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ZG18.COM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://ZG18.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://ZG18.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://ZG18.COM
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
O4 - HKLM\..\Run: [VetTray] C:\VET\VETTRAY.EXE
O4 - HKLM\..\Run: [KEWelcomeReBoot] Q:\WELCOME.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WlN32] regedit -s C:\$NtUninstallQ887678$\WINSYS2.cer
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ887678$\WINSYS2.cer
O4 - HKLM\..\RunOnce: [WlN32] C:\$NtUninstallQ887678$\WINSYS.vbs
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38084.7243865741

There seems to be a lot there but I hope that some one can make sense of it all.
Thanks in advance.

 

Thankyou for your help and time Chaslang. I will give it a go.

 

I tried what you suggested chaslang. Hijaakthis fixes the problem but only untill I reboot. When I run Hijaakthis after a reboot all of the things that I thought that I had removed keep returning.

I also ran CWS shredder which told me that my system was clear.

Any other thoughts??

 

Yes, I have readthe spyware threads in FAQ but maybe something had gone over my head.
I have been running adaware and i just downloaded spybot and gave it a run along with adaware then hijackthis again. No luck the nasty beastie still reappears after reboot. My apologies if I am asking something that has already been covered. I have been unable to find (or if i have found it, to understand), any info that will release my captured homepage.
Thanks.

 

Browser HiJack

Hi There
Here are two programs that might help - I don't have the URLs but google should find them for you
BHO Demon
Start Page Guard
I have used both with IE6 and their use is self explanatory. I hope they might solve your problem.
That aside it seems to me that in the HJ Jungle you posted there is a file loading at bootup which is the cause of the problem. I would take a good look at what files are loading and see if you can pin the problem there. Your HJ post shows (to my mind) an inordinate amount of unnecessary programs running at the time of your Hj shot and buried in there somewhere may be the nasty.
Hope this helps - if not come back - I have rarely seen a problem on here that has not been solved by the mighty Geeks combined brainpower
Cheers
Robert

 

Thanks again for more help.

I have deleted C:\IDC\WEBKA.DLL file and folder. Spybot can't have picked it up. The first time that I ran spybot it found 5 critical things to be fixed and I had no choice but to let it fix them all.
I down loaded kill2me it detected nothing but I let it run anyway. No change.
When I go to change my home page in internet options the default page is changed also to zg18.com.
When I first went to the link that sent me to this site VET popped up a warning that said something about \$NtUninstallQ887678$(something or other)vps(i think) was not cleared for trojan horse. Does this make sense??
I don't know if this info sheds any more light on things.
I will try the other programs, Major Attitude, later today when I have more time.
Thanks again

 

This anti-trojan tool:
http://www.majorgeeks.com/download.php?det=3951
is one of the best around, and free to use for 30 days. Might help.