derbiz trojan - hijack this log

i've recently got a derbiz trojan on my computer and i ran a hijack this log and this is what i got. i cant find derbiz and i suspect i got lots of extra spyware too etc can anyone see?

Logfile of HijackThis v1.99.0
Scan saved at 21:38:42, on 30/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLUS!\DELUXECD\DELUXECD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL (file missing)
O2 - BHO: BUILD 01 DEFY - {4B432F3F-E89B-D3F8-511A-A541E213F0F9} - C:\PROGRAM FILES\LOGOWINDOW\MOVE TRANS.DLL
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL (file missing)
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O3 - Toolbar: rectencchin - {CB02F733-BEE1-1B80-D47C-BD3F17E52E29} - C:\PROGRAM FILES\LOGOWINDOW\MOVE TRANS.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\PROGRA~1\PLUS!\Viruscan\VSECOMR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [DeluxeCD] C:\PROGRAM FILES\PLUS!\DELUXECD\DELUXECD.EXE -tray
O4 - HKLM\..\Run: [websx] C:\PROGRAM FILES\WEBSX\INT139749.EXE -auto
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [ING32W] C:\WINDOWS\SYSTEM\ING32W.exe
O4 - HKLM\..\Run: [CampTick] C:\PROGRA~1\RULEAM~1\Drv View.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRA~1\PLUS!\Viruscan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe "
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\SYSTEM\dbaccess.exe -N
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRA~1\PLUS!\Viruscan\VSHWIN32.EXE /NoSplash
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Lotus SmartCenter 97.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: F0IZQULL.lnk = C:\WINDOWS\f0izqull.exe
O4 - Startup: L1RB22I1.lnk = C:\WINDOWS\l1rb22i1.exe
O4 - Startup: F8ZGHOWT.lnk = C:\WINDOWS\f8zghowt.exe
O4 - Startup: QFO96L5U.lnk = C:\WINDOWS\qfo96l5u.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: DJK4DV1J.lnk = C:\WINDOWS\djk4dv1j.exe
O4 - Startup: 526KYA7H.lnk = C:\WINDOWS\526kya7h.exe
O4 - Startup: TV30RLL4.lnk = C:\WINDOWS\tv30rll4.exe
O4 - Startup: 5E01EJNN.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Startup: 5671KC06.lnk = C:\WINDOWS\5671kc06.exe
O4 - Startup: UVBOA9J9.lnk = C:\WINDOWS\uvboa9j9.exe
O4 - Startup: 6T0NR159.lnk = C:\WINDOWS\6t0nr159.exe
O4 - Startup: IX5Q797F.lnk = C:\WINDOWS\ix5q797f.exe
O4 - Startup: C9VNQ0GZ.lnk = C:\WINDOWS\c9vnq0gz.exe
O4 - Startup: YN54L44M.lnk = C:\WINDOWS\yn54l44m.exe
O4 - Startup: GXXNWT6V.lnk = C:\WINDOWS\gxxnwt6v.exe
O4 - Startup: 79UXDCDN.lnk = C:\WINDOWS\79uxdcdn.exe
O4 - Startup: G75ULM3Y.lnk = C:\WINDOWS\g75ulm3y.exe
O4 - Startup: KDJ3U38X.lnk = C:\WINDOWS\kdj3u38x.exe
O4 - Startup: 6HD99CXL.lnk = C:\WINDOWS\6hd99cxl.exe
O4 - Startup: TI0PTDHL.lnk = C:\WINDOWS\ti0ptdhl.exe
O4 - Startup: XTHOR649.lnk = C:\WINDOWS\xthor649.exe
O4 - Startup: W4AE9W07.lnk = C:\WINDOWS\w4ae9w07.exe
O4 - Startup: 03R15XWH.lnk = C:\WINDOWS\03r15xwh.exe
O4 - Startup: C03FGJ53.lnk = C:\WINDOWS\c03fgj53.exe
O4 - Startup: Z2D5J0PR.lnk = C:\WINDOWS\z2d5j0pr.exe
O4 - Startup: X50C6IMP.lnk = C:\WINDOWS\x50c6imp.exe
O4 - Startup: ITVBV83U.lnk = C:\WINDOWS\itvbv83u.exe
O4 - Startup: VY62N6U7.lnk = C:\WINDOWS\vy62n6u7.exe
O4 - Startup: 27U7J8WC.lnk = C:\WINDOWS\27u7j8wc.exe
O4 - Startup: 05N2VD50.lnk = C:\WINDOWS\05n2vd50.exe
O4 - Startup: G24RP5BQ.lnk = C:\WINDOWS\g24rp5bq.exe
O4 - Startup: QLNV4079.lnk = C:\WINDOWS\qlnv4079.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: JGA2YBV5.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: UVN2I9QC.lnk = C:\WINDOWS\uvn2i9qc.exe
O4 - Global Startup: 0G3WXHJ0.lnk = C:\WINDOWS\oxclp6mf.exe
O4 - Global Startup: ZFFCTVZT.lnk = C:\WINDOWS\oxclp6mf.exe
O4 - Global Startup: 07I00BCZ.lnk = C:\WINDOWS\71y8170v.exe
O4 - Global Startup: WAHM1MXR.lnk = C:\WINDOWS\71y8170v.exe
O4 - Global Startup: 1J7QN1BL.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: K7FUH85K.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: 71Y8170V.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: B0Q2G0HB.lnk = C:\WINDOWS\b0q2g0hb.exe
O4 - Global Startup: 79UXDCDN.lnk = C:\WINDOWS\79uxdcdn.exe
O4 - Global Startup: AP5BPTE0.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: B6GTMGDG.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: U2BHX0XK.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: TI0PTDHL.lnk = C:\WINDOWS\ti0ptdhl.exe
O4 - Global Startup: XTHOR649.lnk = C:\WINDOWS\xthor649.exe
O4 - Global Startup: W4AE9W07.lnk = C:\WINDOWS\w4ae9w07.exe
O4 - Global Startup: 03R15XWH.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: OXCLP6MF.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: Z2D5J0PR.lnk = C:\WINDOWS\z2d5j0pr.exe
O4 - Global Startup: FDJJ760I.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: N4R51R79.lnk = C:\WINDOWS\n4r51r79.exe
O4 - Global Startup: VY62N6U7.lnk = C:\WINDOWS\vy62n6u7.exe
O4 - Global Startup: NMKWE8PH.lnk = C:\WINDOWS\nmkwe8ph.exe
O4 - Global Startup: 27U7J8WC.lnk = C:\WINDOWS\27u7j8wc.exe
O4 - Global Startup: 05N2VD50.lnk = C:\WINDOWS\05n2vd50.exe
O4 - Global Startup: G24RP5BQ.lnk = C:\WINDOWS\g24rp5bq.exe
O4 - Global Startup: X80G5H15.lnk = C:\WINDOWS\x80g5h15.exe
O4 - Global Startup: D7PJQTDE.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Global Startup: 36V0H8JK.lnk = C:\WINDOWS\36v0h8jk.exe
O4 - Global Startup: QLNV4079.lnk = C:\WINDOWS\qlnv4079.exe
O4 - Global Startup: HWGMLGJ3.lnk = C:\WINDOWS\hwgmlgj3.exe
O4 - Global Startup: ONP0W51W.lnk = C:\WINDOWS\onp0w51w.exe
O4 - Global Startup: N7I1KYAZ.lnk = C:\WINDOWS\n7i1kyaz.exe
O4 - Global Startup: N0057J9W.lnk = C:\WINDOWS\n0057j9w.exe
O4 - Global Startup: 0D72GTTC.lnk = C:\WINDOWS\0d72gttc.exe
O4 - Global Startup: H46HK55U.lnk = C:\WINDOWS\h46hk55u.exe
O4 - Global Startup: L1RB22I1.lnk = C:\WINDOWS\l1rb22i1.exe
O4 - Global Startup: F0IZQULL.lnk = C:\WINDOWS\f0izqull.exe
O4 - Global Startup: F8ZGHOWT.lnk = C:\WINDOWS\f8zghowt.exe
O4 - Global Startup: QFO96L5U.lnk = C:\WINDOWS\qfo96l5u.exe
O4 - Global Startup: DJK4DV1J.lnk = C:\WINDOWS\djk4dv1j.exe
O4 - Global Startup: 526KYA7H.lnk = C:\WINDOWS\526kya7h.exe
O4 - Global Startup: TV30RLL4.lnk = C:\WINDOWS\tv30rll4.exe
O4 - Global Startup: 5E01EJNN.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Global Startup: 5671KC06.lnk = C:\WINDOWS\5671kc06.exe
O4 - Global Startup: UVBOA9J9.lnk = C:\WINDOWS\uvboa9j9.exe
O4 - Global Startup: 6T0NR159.lnk = C:\WINDOWS\6t0nr159.exe
O4 - Global Startup: IX5Q797F.lnk = C:\WINDOWS\ix5q797f.exe
O4 - Global Startup: C9VNQ0GZ.lnk = C:\WINDOWS\c9vnq0gz.exe
O4 - Global Startup: YN54L44M.lnk = C:\WINDOWS\yn54l44m.exe
O4 - Global Startup: GXXNWT6V.lnk = C:\WINDOWS\gxxnwt6v.exe
O4 - Global Startup: G75ULM3Y.lnk = C:\WINDOWS\g75ulm3y.exe
O4 - Global Startup: KDJ3U38X.lnk = C:\WINDOWS\kdj3u38x.exe
O4 - Global Startup: 6HD99CXL.lnk = C:\WINDOWS\6hd99cxl.exe
O4 - Global Startup: C03FGJ53.lnk = C:\WINDOWS\c03fgj53.exe
O4 - Global Startup: X50C6IMP.lnk = C:\WINDOWS\x50c6imp.exe
O4 - Global Startup: ITVBV83U.lnk = C:\WINDOWS\itvbv83u.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com/download/cabs/FIX19105/flash.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FIX19105/payload2.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4340/mcfscan.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://run.gibnetmaster.com/download/dialer/eu_cax.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://gaming.gamesplayground.com/output/060325/uk/fullgames/fullgames.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,16/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,76/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

 

I am preparing a file for you to use, it may take some time.

 

There is an attachment here. When you download it, it may Save As Attachment.Php. Rename it to Getrid.Zip, and unzip Getrid.Bat into the windows folder, you'll be using later.

Rescan with HJT, and remove these with all internet browsers and all Windows Explorer windows closed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://netsearchsoft.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://netsearchsoft.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\BI.DLL (file missing)
O2 - BHO: BUILD 01 DEFY - {4B432F3F-E89B-D3F8-511A-A541E213F0F9} - C:\PROGRAM FILES\LOGOWINDOW\MOVE TRANS.DLL
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\CLEARS~1\CSIE.DLL (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL (file missing)
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [websx] C:\PROGRAM FILES\WEBSX\INT139749.EXE -auto
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [ING32W] C:\WINDOWS\SYSTEM\ING32W.exe
O4 - HKLM\..\Run: [CampTick] C:\PROGRA~1\RULEAM~1\Drv View.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\SYSTEM\dbaccess.exe -N
O4 - Startup: F0IZQULL.lnk = C:\WINDOWS\f0izqull.exe
O4 - Startup: L1RB22I1.lnk = C:\WINDOWS\l1rb22i1.exe
O4 - Startup: F8ZGHOWT.lnk = C:\WINDOWS\f8zghowt.exe
O4 - Startup: QFO96L5U.lnk = C:\WINDOWS\qfo96l5u.exe
O4 - Startup: DJK4DV1J.lnk = C:\WINDOWS\djk4dv1j.exe
O4 - Startup: 526KYA7H.lnk = C:\WINDOWS\526kya7h.exe
O4 - Startup: TV30RLL4.lnk = C:\WINDOWS\tv30rll4.exe
O4 - Startup: 5E01EJNN.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Startup: 5671KC06.lnk = C:\WINDOWS\5671kc06.exe
O4 - Startup: UVBOA9J9.lnk = C:\WINDOWS\uvboa9j9.exe
O4 - Startup: 6T0NR159.lnk = C:\WINDOWS\6t0nr159.exe
O4 - Startup: IX5Q797F.lnk = C:\WINDOWS\ix5q797f.exe
O4 - Startup: C9VNQ0GZ.lnk = C:\WINDOWS\c9vnq0gz.exe
O4 - Startup: YN54L44M.lnk = C:\WINDOWS\yn54l44m.exe
O4 - Startup: GXXNWT6V.lnk = C:\WINDOWS\gxxnwt6v.exe
O4 - Startup: 79UXDCDN.lnk = C:\WINDOWS\79uxdcdn.exe
O4 - Startup: G75ULM3Y.lnk = C:\WINDOWS\g75ulm3y.exe
O4 - Startup: KDJ3U38X.lnk = C:\WINDOWS\kdj3u38x.exe
O4 - Startup: 6HD99CXL.lnk = C:\WINDOWS\6hd99cxl.exe
O4 - Startup: TI0PTDHL.lnk = C:\WINDOWS\ti0ptdhl.exe
O4 - Startup: XTHOR649.lnk = C:\WINDOWS\xthor649.exe
O4 - Startup: W4AE9W07.lnk = C:\WINDOWS\w4ae9w07.exe
O4 - Startup: 03R15XWH.lnk = C:\WINDOWS\03r15xwh.exe
O4 - Startup: C03FGJ53.lnk = C:\WINDOWS\c03fgj53.exe
O4 - Startup: Z2D5J0PR.lnk = C:\WINDOWS\z2d5j0pr.exe
O4 - Startup: X50C6IMP.lnk = C:\WINDOWS\x50c6imp.exe
O4 - Startup: ITVBV83U.lnk = C:\WINDOWS\itvbv83u.exe
O4 - Startup: VY62N6U7.lnk = C:\WINDOWS\vy62n6u7.exe
O4 - Startup: 27U7J8WC.lnk = C:\WINDOWS\27u7j8wc.exe
O4 - Startup: 05N2VD50.lnk = C:\WINDOWS\05n2vd50.exe
O4 - Startup: G24RP5BQ.lnk = C:\WINDOWS\g24rp5bq.exe
O4 - Startup: QLNV4079.lnk = C:\WINDOWS\qlnv4079.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: JGA2YBV5.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: UVN2I9QC.lnk = C:\WINDOWS\uvn2i9qc.exe
O4 - Global Startup: 0G3WXHJ0.lnk = C:\WINDOWS\oxclp6mf.exe
O4 - Global Startup: ZFFCTVZT.lnk = C:\WINDOWS\oxclp6mf.exe
O4 - Global Startup: 07I00BCZ.lnk = C:\WINDOWS\71y8170v.exe
O4 - Global Startup: WAHM1MXR.lnk = C:\WINDOWS\71y8170v.exe
O4 - Global Startup: 1J7QN1BL.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: K7FUH85K.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: 71Y8170V.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: B0Q2G0HB.lnk = C:\WINDOWS\b0q2g0hb.exe
O4 - Global Startup: 79UXDCDN.lnk = C:\WINDOWS\79uxdcdn.exe
O4 - Global Startup: AP5BPTE0.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: B6GTMGDG.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: U2BHX0XK.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: TI0PTDHL.lnk = C:\WINDOWS\ti0ptdhl.exe
O4 - Global Startup: XTHOR649.lnk = C:\WINDOWS\xthor649.exe
O4 - Global Startup: W4AE9W07.lnk = C:\WINDOWS\w4ae9w07.exe
O4 - Global Startup: 03R15XWH.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: OXCLP6MF.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: Z2D5J0PR.lnk = C:\WINDOWS\z2d5j0pr.exe
O4 - Global Startup: FDJJ760I.lnk = C:\WINDOWS\fdjj760i.exe
O4 - Global Startup: N4R51R79.lnk = C:\WINDOWS\n4r51r79.exe
O4 - Global Startup: VY62N6U7.lnk = C:\WINDOWS\vy62n6u7.exe
O4 - Global Startup: NMKWE8PH.lnk = C:\WINDOWS\nmkwe8ph.exe
O4 - Global Startup: 27U7J8WC.lnk = C:\WINDOWS\27u7j8wc.exe
O4 - Global Startup: 05N2VD50.lnk = C:\WINDOWS\05n2vd50.exe
O4 - Global Startup: G24RP5BQ.lnk = C:\WINDOWS\g24rp5bq.exe
O4 - Global Startup: X80G5H15.lnk = C:\WINDOWS\x80g5h15.exe
O4 - Global Startup: D7PJQTDE.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Global Startup: 36V0H8JK.lnk = C:\WINDOWS\36v0h8jk.exe
O4 - Global Startup: QLNV4079.lnk = C:\WINDOWS\qlnv4079.exe
O4 - Global Startup: HWGMLGJ3.lnk = C:\WINDOWS\hwgmlgj3.exe
O4 - Global Startup: ONP0W51W.lnk = C:\WINDOWS\onp0w51w.exe
O4 - Global Startup: N7I1KYAZ.lnk = C:\WINDOWS\n7i1kyaz.exe
O4 - Global Startup: N0057J9W.lnk = C:\WINDOWS\n0057j9w.exe
O4 - Global Startup: 0D72GTTC.lnk = C:\WINDOWS\0d72gttc.exe
O4 - Global Startup: H46HK55U.lnk = C:\WINDOWS\h46hk55u.exe
O4 - Global Startup: L1RB22I1.lnk = C:\WINDOWS\l1rb22i1.exe
O4 - Global Startup: F0IZQULL.lnk = C:\WINDOWS\f0izqull.exe
O4 - Global Startup: F8ZGHOWT.lnk = C:\WINDOWS\f8zghowt.exe
O4 - Global Startup: QFO96L5U.lnk = C:\WINDOWS\qfo96l5u.exe
O4 - Global Startup: DJK4DV1J.lnk = C:\WINDOWS\djk4dv1j.exe
O4 - Global Startup: 526KYA7H.lnk = C:\WINDOWS\526kya7h.exe
O4 - Global Startup: TV30RLL4.lnk = C:\WINDOWS\tv30rll4.exe
O4 - Global Startup: 5E01EJNN.lnk = C:\WINDOWS\5e01ejnn.exe
O4 - Global Startup: 5671KC06.lnk = C:\WINDOWS\5671kc06.exe
O4 - Global Startup: UVBOA9J9.lnk = C:\WINDOWS\uvboa9j9.exe
O4 - Global Startup: 6T0NR159.lnk = C:\WINDOWS\6t0nr159.exe
O4 - Global Startup: IX5Q797F.lnk = C:\WINDOWS\ix5q797f.exe
O4 - Global Startup: C9VNQ0GZ.lnk = C:\WINDOWS\c9vnq0gz.exe
O4 - Global Startup: YN54L44M.lnk = C:\WINDOWS\yn54l44m.exe
O4 - Global Startup: GXXNWT6V.lnk = C:\WINDOWS\gxxnwt6v.exe
O4 - Global Startup: G75ULM3Y.lnk = C:\WINDOWS\g75ulm3y.exe
O4 - Global Startup: KDJ3U38X.lnk = C:\WINDOWS\kdj3u38x.exe
O4 - Global Startup: 6HD99CXL.lnk = C:\WINDOWS\6hd99cxl.exe
O4 - Global Startup: C03FGJ53.lnk = C:\WINDOWS\c03fgj53.exe
O4 - Global Startup: X50C6IMP.lnk = C:\WINDOWS\x50c6imp.exe
O4 - Global Startup: ITVBV83U.lnk = C:\WINDOWS\itvbv83u.exe
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.co...19105/flash.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...05/payload2.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://run.gibnetmaster.com/download/dialer/eu_cax.cab

The items in green are optional, they aren't needed. The orange item I am unfamiliar with, have it disabled for now. Do you know what it is? If you don't know what it is, delete the folder into the Recycle Bin.
When done with all that, Shut Down, except choose Restart in Dos Mode. Then type in this command at the prompt and press Enter.
getrid
What will be happening is that those bad folders and files are deleted.

Reboot and allow windows to boot up normally.

One of your original windows files was infected, my BAT file has simply renamed it for now. From Hwinfo.Exe to Hwinfld. You will need a good one to replace this file, or never change, install or have a problem with current hardware in the future. Here is how.
Go to Start\Run and type in SFC and press Enter. In the System File Checker window, click on 'Extract one file from installation disk, and copy/paste this in the line there.
c:\windows\hwinfo.exe
Then click on start in that little window, and you will be prompted for your 98 CD, or the location of your windows setup files, maybe C:\Windows\Options\Cabs?
If successful, you can now delete the file hwinfo.old that is located in the windows folder.

You have a CoolWebSearch infection, and would not hurt to run the tool for it.
http://www.intermute.com/products/cwshredder.html
Be sure to update it.

Maybe RAV Online Scan for another opinion.

Then post a new HJT, and the RAV log if any.

 

thanks, i got rid of most the stuff including derbiz. thankyou!