Aurora Nail.exe virus- PLS Help

I'd appreciate anything you can do to help get rid of the Aurora Virus. I ran both Spybot and AdAware, niether of which permanently deleted the virus. Following is my HiJackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 5:59:37 PM, on 05/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\Marimba\CASTAN~1\RemoteUser.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINNT\System32\GSMedia3.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINNT\System32\atrclass.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\naldaemn.EXE
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\amartino\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.metlife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://my.metlife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mww.metlife.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {28CF9A7C-0A91-7E48-986F-5CA7113DC4C3} - C:\WINNT\System32\qyj.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINNT\Bolger.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\System32\nsxB3.dll (file missing)
O2 - BHO: (no name) - {B8691E07-D490-F31D-E068-F97AE0B30DC4} - C:\WINNT\System32\ianghzn.dll (file missing)
O2 - BHO: (no name) - {C0CC642F-F098-881B-980D-AFC816F92A90} - C:\WINNT\System32\evla.dll (file missing)
O2 - BHO: (no name) - {C5CC6029-F0EE-8A69-980D-DAC81B8F2A95} - C:\WINNT\System32\evla.dll (file missing)
O2 - BHO: (no name) - {E916F02E-38CE-131C-CED6-378192B059C2} - C:\WINNT\System32\ehqgpo.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [vbbUyIMHA.exe] C:\documents and settings\amartino\local settings\temp\vbbUyIMHA.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSoft1] C:\WINNT\System32\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe "
O4 - HKLM\..\Run: [G3] C:\WINNT\System32\GSMedia3.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKLM\..\Run: [3s6P3Fl] atrclass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Sxuj] C:\WINNT\System32\??rss.exe
O4 - HKCU\..\Run: [Odea] C:\Documents and Settings\amartino\Application Data\bbsr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ForbesInvesting] C:\Program Files\ForbesInvesting\ForbesInvestingAlerts.exe
O4 - HKCU\..\Run: [Cpqasawg] C:\WINNT\System32\wuaclt.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IBpFRPJ9U] amskey.exe
O4 - HKCU\..\Run: [Wtpm] C:\Documents and Settings\amartino\Application Data\oose.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: JavaConnect - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BroadCast Client ST30IF2 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime Directory Applet ST30SP1 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime Meeting Room Client ST30SP1 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STJNILoader.cab
O16 - DPF: {5B59DA81-5B9E-4F3D-AF5B-A0C644037165} (AIM PicDownloader Control) - http://pictures02.aim.com/ygp/aol/plugin/download/YGPPicDownload.en-US-AIM.9.5.1.5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101168491347
O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\InstallSTConnAgent.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = metlife.com
O17 - HKLM\Software\..\Telephony: DomainName = metlife.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{35316F07-35A7-4982-8389-9ADA16B9D4CB}: Domain = metlife.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{35316F07-35A7-4982-8389-9ADA16B9D4CB}: NameServer = 10.10.61.91,10.9.167.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A2CEC9-3209-46A5-8EAF-725563326B62}: Domain = metlife.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9FBD308-DBF1-4226-B0A0-A4B5EF9BF7CE}: Domain = metlife.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9FBD308-DBF1-4226-B0A0-A4B5EF9BF7CE}: NameServer = 10.5.20.166,10.1.56.63,209.154.36.74,209.154.35.37
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = metlife.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = metlife.com,metlife.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = metlife.com,metlife.com
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Remote User Service (RemoteUser) - Unknown owner - C:\PROGRA~1\Marimba\CASTAN~1\RemoteUser.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe

 

You should print this out and/or save it to text where you can access it in safe mode.

Download the stand-alone CWShredder 2.14 from here. Save it to the desktop. Double click to install.

Download AboutBuster from the following location.

http://www.downloads.subratam.org/AboutBuster.zip

First unzip all files from the zip folder to a folder on your desktop. Open and double click AboutBuster.exe, click ok, then update. A new screen should popup. On that screen click Check for Updates. If it says it found an update click Download Updates. If it doesn't, it will automatically tell you and exit. Close for now.

Check for updates to Ad-aware.

Please create a new folder, such as C:\HJT and move HijackThis.exe to it.


Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Extract the file to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINNT\svcproc.exe

Check the box to delete on reboot and click the red X to the right. Click Yes, then NO to the reboot now prompt. Close the Killbox.


Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and click OK. Click yes to restart. This will restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\dctza.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {28CF9A7C-0A91-7E48-986F-5CA7113DC4C3} - C:\WINNT\System32\qyj.dll (file missing)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINNT\Bolger.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT\System32\nsxB3.dll (file missing)
O2 - BHO: (no name) - {B8691E07-D490-F31D-E068-F97AE0B30DC4} - C:\WINNT\System32\ianghzn.dll (file missing)
O2 - BHO: (no name) - {C0CC642F-F098-881B-980D-AFC816F92A90} - C:\WINNT\System32\evla.dll (file missing)
O2 - BHO: (no name) - {C5CC6029-F0EE-8A69-980D-DAC81B8F2A95} - C:\WINNT\System32\evla.dll (file missing)
O2 - BHO: (no name) - {E916F02E-38CE-131C-CED6-378192B059C2} - C:\WINNT\System32\ehqgpo.dll (file missing)
O4 - HKLM\..\Run: [vbbUyIMHA.exe] C:\documents and settings\amartino\local settings\temp\vbbUyIMHA.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSoft1] C:\WINNT\System32\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINNT\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [G3] C:\WINNT\System32\GSMedia3.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKLM\..\Run: [3s6P3Fl] atrclass.exe
O4 - HKCU\..\Run: [Sxuj] C:\WINNT\System32\??rss.exe
O4 - HKCU\..\Run: [Odea] C:\Documents and Settings\amartino\Application Data\bbsr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IBpFRPJ9U] amskey.exe
O4 - HKCU\..\Run: [Wtpm] C:\Documents and Settings\amartino\Application Data\oose.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\maxspeed.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 <<< fix if you didn't add it yourself
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: JavaConnect - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BroadCast Client ST30IF2 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime Directory Applet ST30SP1 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime Meeting Room Client ST30SP1 - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\STJNILoader.cab
O16 - DPF: {A25BE7A9-3102-46B4-BAAE-462471B60ACB} (STConnectivityAgent Control) - file://C:\Documents and Settings\tkaminski\Local Settings\Temp\SISD\InstallSTConnAgent.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe


Now click config, then misc tools. Click the Delete an NT Service button, type in SvcProc and click OK.
Close HijackThis.

Do a file search for the following and delete if found.

D0CE0C16B1
amskey.exe

Open C:\WINNT and delete the file cfgmgr51.dll.

Open C:\WINNT\temp, select all and delete.
Open C:\WINNT\Prefetch, select all and delete.

Open C:\WINNT\System32 and delete the following files if present.

psoft1.exe
GSMedia3.exe
atrclass.exe
??rss.exe

Open C:\Program Files and delete the folders AutoUpdate, CxtPls and Ebates_MoeMoneyMaker if present.
Open C:\Documents and Settings\amartino\Application Data and delete the files bbsr.exe and oose.exe.
Open C:\Documents and Settings\amartino\Local Settings\temp, select all and delete. Do this for all username folders.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.

Open AboutBuster, click start then OK. Exit when finished.

Open CWShredder from the new shortcut on the desktop, close ALL other windows and click fix.

Open Ad-aware and run in full scan mode. Delete all it finds.

Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.

If you used msconfig, uncheck the /safeboot box and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

Run Housecall. Make sure the box to autoclean is checked.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

This entry has me a bit concerned. The executable is the same name as the real Windows Update client, but the process name doesn't appear right.
O4 - HKCU\..\Run: [Cpqasawg] C:\WINNT\System32\wuaclt.exe
Please scan that file with this online malware scanner.