pc problems, hijackthis log posted

I've been having problems with my PC since going on Broadband and maybe a bit before. It is taking ages to boot up, tends to hang or even crash regularly, programmes take an age to start, basically I'm contemplating reformatting the hard drive and reinstalling Windows 98 and starting from fresh.
Downloaded 'Highjack this' and this is the log generated :-

Logfile of HijackThis v1.98.2
Scan saved at 23:10:34, on 24/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tjgo.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [STManager] C:/PROGRAM FILES/SPEEDTOUCH/DR SPEEDTOUCH/DRST.EXE -b
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {AFCC4840-7786-11D3-B61F-903557C10000} - http://www.dell.com/ (file missing) (HKCU)
O9 - Extra button: Freeserve - {E52BF8C0-898B-11D3-B61F-A06A4AC10000} - http://www.freeserve.net/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\lspak.dll
O12 - Plugin for .inp: C:\PROGRA~1\INTERN~1\Plugins\npincplg.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\NpHcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {BF8AEBF6-0656-11d4-9EFF-00B0D011B1AE} (Communities.com TPV Support 01) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.sexyplugin.com/diallerfiles/037190.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FMC14106/thin.cab
O16 - DPF: {00000000-0000-0000-0000-000020000000} - http://www.pgsconnect.com/access/ukgolwla2x.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gba10.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gba10.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=a8afb5e3addc81d471a9ad7ec082e32ce47b7c85f5442489be492f74ce322fc356a5d5cf3556ee90c73a6827f33f87a533 cfd8c078219c2c7ca35d1bf3ad745ec8:6b28f764a56613cf4e9bcc2b541c4eb9
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {3A24D876-8980-7CBB-1AB1-531F7BCB2CA7} - http://213.159.117.150/1/rdgFR10.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O18 - Protocol: ayb - (no CLSID) - (no file)

One other thing which seems a bit odd is that 'Explorer' has vanished from the 'Control Alt Delete' start task menu.

Hope this is of help and someone can help.

Cheers Ian.

Hi Ian,

What's a format? No need to format, just follow these instructions....

You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.

If you have any questions before starting the fix, please don't hesitate to ask!

Please download and run LSPFix from here:

http://cexx.org/LSPFix.exe

On the opening screen, click "I know what I'm doing".. Check all instances of "lspak.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish.

Next...

You have a coolwebsearch infection, among other things. Please download CWShredder from Here Save it to a convenient location such as your Desktop

Close ALL browser windows or it may not work! Run CWShredder and select "Fix" (do not just Scan). It will automatically remove the infections.

Next...

Logoff your internet connection. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tjgo.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://www.sexyplugin.com/diallerfiles/037190.exe
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FMC14106/thin.cab
O16 - DPF: {00000000-0000-0000-0000-000020000000} - http://www.pgsconnect.com/access/ukgolwla2x.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gba10.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gba10.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=a8afb5e3addc81d471a9ad7ec082e32ce47b7c85f5442489be492f74ce322fc356a5d5cf3556ee90c73a6827f33f87a533 cfd8c078219c2c7ca35d1bf3ad745ec8:6b28f764a56613cf4e9bcc2b541c4eb9
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {3A24D876-8980-7CBB-1AB1-531F7BCB2CA7} - http://213.159.117.150/1/rdgFR10.exe
O18 - Protocol: ayb - (no CLSID) - (no file)

This is a resource hog you can fix too:

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

Next....

Open My Computer, browse to C:\documents and settings\User Name(repeat for all users)\local settings\temp folder and delete all files and folders in it.

Open My Computer, browse to C:\Windows\Temp folder and delete all files and folders in it.

Open Internet Explorer click Tools > Internet Options > General. Check "delete all offline content", click "Delete Files" then Click OK.

Empty your Recycle Bin.

Next...

Download Ad-aware SE from:

http://www.lavasoft.de/support/download/

Install, run Adaware, click the "Check for Updates now" link. Install the latest reference file

Perform a "Full system scan" with Adaware. Remove all checked items.

Then....

Download the VX2 cleaner add-on for Ad-aware SE from

http://download.lavasoft.de.edgesui...lvx2cleaner.exe

Follow the following steps on how to use Lavasoft’s VX2 Cleaner plug-in

Close Ad-Aware SE
Install the VX2 Cleaner by double clicking on the file you downloaded above: plvx2cleaner.exe
Start Ad-Aware SE
Go to “Add-ons”
Select the VX2 Cleaner plug-in and click “Run Tool”
If your computer isn’t infected, click “Close”.

If your computer is infected

Select “Clean System”
Reboot your computer
Scan your computer with Ad-Aware
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Reboot and post a fresh HijackThis log.

Tom