Homepage Hijacker HELP!!!

It advises I dont get rid of everything, would someone help please. I cant seem to be able to post on Lavasoft as it wont let me register for help...blasted Free Version...

I dont know if this helps but my IE Home page keeps changing to this-

mk:@MSITStore:C:WINDOWSstart.chm::/start.html

This is shown below...can i just delete from registry?

Anyway here is Log File-

Logfile of HijackThis v1.97.7
Scan saved at 21:00:36, on 26/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesGrisoftAVG6avgcc32.exe
C:PROGRA~1PESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:WINDOWSSystem32ctfmon.exe
C:PROGRA~1PANICW~1POP-UP~1PSFree.exe
C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe
C:PROGRA~1GrisoftAVG6avgserv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:WINDOWSSystem32nvsvc32.exe
C:PROGRA~1NORTON~1SPEEDD~1nopdb.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSSystem32devldr32.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAlexDesktopHijackThis.exe
C:Program FilesMessengermsmsgs.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:WINDOWSstart.chm::/start.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:WINDOWSstart.chm::/start.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~2AdvToolsADVCHK.EXE
O4 - HKLM..Run: [AVG_CC] C:Program FilesGrisoftAVG6avgcc32.exe /startup
O4 - HKLM..Run: [PestPatrol Control Center] C:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsour...html/UDConn.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...atch/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7613.5311689815
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?223
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

I did fu*-ck it up but I think I've sorted it!!!!

I can hear a collective sigh of relief.

I deleted the entries from the registry withouht backing it up ( I KNOW I I KNOW) and worst of all without really understanding WFT i was doing and then IE wouldnt work (DOH!!!) but.....I didnt get a GCSE in Woodwork for nothing!!!!

I sussed out I had simply deleted the Binary data for the Home/Start page so I copied the stuff I deleted from my Bro's computer (all the binary stuff) and entered a new key. And would you believeeeee it my internet is now working all good once more.

If nothing else I know a hell of alot more now than two hrs ago and I THANK EACH AND EVERYONE OF U FOR YOUR HELP.

Moral of the story is...DONT FU*K around when u dont have a clue...

I can now view porn once again...oh and download fruities ofcourse!!!

Emulators	Upload File
MFME 5 & Above	JPeMu Machines
MFME (Older Versions)	Project Amber
BFMulator Machines

#21 Monopoly60v8

#22 ady

#23 Guest_LekyUK_*

#24 ady

#25 Guest_LekyUK_*

1 user(s) are reading this topic