All righty - Crossing my fingers...
I followed all of the steps & this is what I've got...
Started Scanning
Internet Cookies
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\wsme'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1\CLSID'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1\CLSID'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found 'Win Server Updt' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'Wbho.Band.1'
Found '' in 'CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'IMIToolbar.PopupBrowser.1'
Found '' in 'CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'IMIToolbar.LeftFrame.1'
Found '' in 'IMIToolbar.BottomFrame.1'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'IMIToolbar.PopupWindow.1'
Found '' in 'CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found 'Win Server Updt' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WBCM'
Found 'masterupdatetime' in 'Software\Microsoft\Internet Explorer\Main'
Found 'payloadupdatetime' in 'Software\Microsoft\Internet Explorer\Main'
Internet URL Shortcuts
Files and Directories
Found 'backup-20050624-203017-996.inf' in 'C:\backups'
Found 'DDA242D7BD440254E09745D6E03D96F2' in 'C:\Documents and Settings\Owner\Application Data\Aim\azehhsym\bartcache\1'
Found 'Belt.inf' in 'C:\WINDOWS\inf'
Found 'biini.inf' in 'C:\WINDOWS\inf'
Found 'sepsd.bin' in 'C:\WINDOWS'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Unable to delete registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win Server Updt'. Error=2.
Checking for 'C:\backups\backup-20050624-203017-996.inf' in shortcut areas.
Checking for 'C:\backups\backup-20050624-203017-996.inf' in startup areas.
Cleaning 'C:\backups\backup-20050624-203017-996.inf'
Checking for 'C:\Documents and Settings\Owner\Application Data\Aim\azehhsym\bartcache\1\DDA242D7BD440254E09745D6E03D96F2' in shortcut areas.
Checking for 'C:\Documents and Settings\Owner\Application Data\Aim\azehhsym\bartcache\1\DDA242D7BD440254E09745D6E03D96F2' in startup areas.
Cleaning 'C:\Documents and Settings\Owner\Application Data\Aim\azehhsym\bartcache\1\DDA242D7BD440254E09745D6E03D96F2'
Checking for 'C:\WINDOWS\inf\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\Belt.inf'
Checking for 'C:\WINDOWS\inf\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\inf\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\inf\biini.inf'
Checking for 'C:\WINDOWS\sepsd.bin' in shortcut areas.
Checking for 'C:\WINDOWS\sepsd.bin' in startup areas.
Cleaning 'C:\WINDOWS\sepsd.bin'
Finished Cleaning
And this...
Logfile of HijackThis v1.99.1
Scan saved at 9:50:08 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
What do you think?