Aurora Pop-ups, how to remove? [CLOSED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Aurora Pop-ups, how to remove? [CLOSED]

Options

bulaklak_01 View Member Profile	Jul 23 2005, 10:01 AM Post #1
Member Posts: 30 OS: XP	These pop ups have been popping up on my computer for some time now, and they drive me crazy! On the window when the Aurora pop up appears it says: Aurora - Part of the IBM network, they advertise all kinds of things, including party poker which is sooo annoying. The pop up keeps on asking me if I want to download things, which I don't. I hope they can be sorted before they get out of hand. Thanks, Here is my HijackThis logfile ... Logfile of HijackThis v1.99.1 Scan saved at 15:49:32, on 23/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\atlul32.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe c:\windows\system32\odolcun.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\WINDOWS\sysuu.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe C:\WINDOWS\system32\exp.exe C:\WINDOWS\System32\wintask.exe C:\PROGRA~1\VBouncer\VirtualBouncer.exe C:\WINDOWS\system32\arqanr.exe C:\Program Files\Save\Save.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\WINDOWS\system32\recwizc.exe C:\WINDOWS\system32\exp.exe C:\Program Files\BullsEye Network\bin\bargains.exe C:\Program Files\NaviSearch\bin\nls.exe C:\WINDOWS\system\sjkbj.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\cdfoops.exe C:\Program Files\Cas\Client\casclient.exe C:\PROGRA~1\COMMON~1\ofzr\ofzrm.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\CleanUp!\cleanup.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AOLMed~1.exe C:\DOCUME~1\-Swede-\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hcjfj.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn....&CM=MsgrInstall R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {5B7AB13C-069E-0A96-369B-83180E283DCD} - C:\WINDOWS\atllf.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [274.tmp] C:\DOCUME~1\#swede#\LOCALS~1\Temp\274.tmp.exe 1 28129 O4 - HKLM\..\Run: [276.tmp] C:\DOCUME~1\#swede#\LOCALS~1\Temp\276.tmp.exe 0 28129 O4 - HKLM\..\Run: [276.tmp.exe] C:\DOCUME~1\#swede#\LOCALS~1\Temp\276.tmp.exe 0 28129 O4 - HKLM\..\Run: [sysuu.exe] C:\WINDOWS\sysuu.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe" O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekpz32.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\arqanr.exe reg_run O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [07rU35Q] recwizc.exe O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [qsqtxv] c:\windows\system32\odolcun.exe r O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Hw08RRc9l] cdfoops.exe O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe" O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe" O4 - HKCU\..\Run: [ofzr] C:\PROGRA~1\COMMON~1\ofzr\ofzrm.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk O15 - Trusted Zone: .awmdabest.com (HKLM) O15 - Trusted Zone: .frame.crazywinnings.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc7-gb/gbc7/games4.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\Resources\IntraLaunch.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.myemo.com/my_picture/Flash2Image.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F3B9B-9E93-43AA-A22E-A092CEDEA644}: NameServer = 205.188.146.145 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O23 - Service: Remote Procedure Call (RPC) Helper ( 11F咪#泛闹`I) - Unknown owner - C:\WINDOWS\system32\atlul32.exe" /s (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Posts in this topic

bulaklak_01 Aurora Pop-ups, how to remove? [CLOSED] Jul 23 2005, 10:01 AM

Trevuren Hi bulaklak and welcome to the Geeks to Go Forums.... Jul 23 2005, 10:31 AM

bulaklak_01 I have done what you have told me with the HJT pro... Jul 26 2005, 10:37 AM

Trevuren Your computer is in a very, very, bad state. In a... Jul 26 2005, 11:30 AM

bulaklak_01 Currently I dont know how to unzip files or how to... Jul 26 2005, 11:41 AM

bulaklak_01 Where is windows clip board Jul 26 2005, 11:42 AM

Trevuren 1. Please print out or copy this page to Notepad... Jul 26 2005, 12:07 PM

bulaklak_01 I downloaded Winzip And I think the programmes ar... Jul 28 2005, 08:15 AM

Trevuren 1. Open the file. 2. Here is another way to go i... Jul 28 2005, 08:50 AM

Trevuren Some of these fixes can become quite complicated. ... Jul 28 2005, 08:53 AM

bulaklak_01 I have windows XP Bulaklak Jul 28 2005, 08:56 AM

Trevuren Sorry about that my friend, my eyes must have stra... Jul 28 2005, 09:52 AM

bulaklak_01 Thanks Did you read about the Killbox message Jul 28 2005, 10:32 AM

Trevuren Yes and I answered in the same reply in which I ga... Jul 28 2005, 11:14 AM

bulaklak_01 Thanks again, Bulaklak Jul 28 2005, 02:08 PM

bulaklak_01 CWShredder - When opened is fine. I have download... Jul 29 2005, 04:45 AM

Trevuren Try the following: Go into Internet Explorer>... Jul 29 2005, 11:38 AM

bulaklak_01 Ill do that, Thanks again Bulaklak Jul 29 2005, 01:29 PM

bulaklak_01 I done what you said, and they were on medium alr... Jul 29 2005, 01:35 PM

Trevuren Hi, I am going to see if I can get one of our For... Jul 29 2005, 02:22 PM

Keith Is the warning from Winzip Jul 29 2005, 04:32 PM

darth_ash If .com files work, u can try the following steps:... Jul 30 2005, 02:58 AM

bulaklak_01 Yes, The warning is from Winzip Jul 30 2005, 05:12 AM

bulaklak_01 When I type 'Command' in Run, the followin... Jul 30 2005, 05:19 AM

Keith Go ahead if it is from Winzip, install killbox and... Jul 30 2005, 05:24 AM

Keith This is for the autoexec http://www.visualtour.co... Jul 30 2005, 05:26 AM

Trevuren It looks as if you are making good progress. A so... Jul 30 2005, 11:43 AM

bulaklak_01 Im still confused in what I have to do. I haven... Jul 31 2005, 10:58 AM

Trevuren Ignore the messages and proceed, then post a HJT l... Jul 31 2005, 11:21 AM

bulaklak_01 I done all of what you said, except... - Some thi... Aug 5 2005, 11:28 AM

Trevuren Can you find About Buster? Do you know where it i... Aug 5 2005, 01:48 PM

bulaklak_01 I have downloaded About Buster again, and have sc... Aug 6 2005, 06:09 AM

Trevuren Please provide me with a fresh HJT log so I can pr... Aug 6 2005, 10:36 AM

bulaklak_01 Here is my HJT log file ... Logfile of HijackThis... Aug 9 2005, 04:46 AM

Trevuren 1. Download this tool: LQfix.zip Unzip it to your ... Aug 9 2005, 07:14 AM

bulaklak_01 Logfile of HijackThis v1.99.1 Scan saved at 20:00:... Aug 12 2005, 01:01 PM

Trevuren Please follow the instructions provided, you may w... Aug 12 2005, 04:17 PM

bulaklak_01 I did everything you said, however again I couldn... Aug 26 2005, 12:51 PM

Trevuren Please save these instructions to a text file in W... Aug 26 2005, 01:47 PM

bulaklak_01 Had read your entry and started on the instruction... Aug 27 2005, 08:21 AM

Trevuren Carry on with the instructions and we will keep ou... Aug 27 2005, 10:33 AM

bulaklak_01 Logfile of HijackThis v1.99.1 Scan saved at 17:53:... Aug 29 2005, 11:53 AM

Trevuren We will work on getting rid of your Nail infection... Aug 29 2005, 12:19 PM

bulaklak_01 As always, and as I have reported before, the Ewid... Sep 9 2005, 02:13 PM

Trevuren We need to do a big cleanup again. Some items wil... Sep 9 2005, 02:29 PM

bulaklak_01 Logfile of HijackThis v1.99.1 Scan saved at 18:22:... Sep 17 2005, 11:22 AM

Trevuren This is a total waste of time. You have to be wil... Sep 17 2005, 12:12 PM

bulaklak_01 how can i use windows explorer to uninstall things... Sep 22 2005, 08:03 AM

bulaklak_01 sorry ill rephrase: how can i delete the folders ... Sep 22 2005, 08:05 AM

Trevuren HOW TO USE WINDOWS EXPLORER General:Right Cli... Sep 22 2005, 09:48 AM

Trevuren Due to lack of feedback, this topic has been close... Oct 2 2005, 07:52 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal aurora pop ups helpppppppp... HJT LOG [CLOSED]	4 / 1,167	18th August 2005 - 06:54 AM tiggre007 started - last by therock247uk
Virus, Spyware and Trojan Removal Stupid Red Balloon - How to remove? [CLOSED]	2 / 28,047	5th September 2005 - 06:56 AM talon0775 started - last by Buckeye_Sam
Virus, Spyware and Trojan Removal SmithFraud Please Help on How to Remove [CLOSED]	2 / 2,514	28th June 2007 - 11:41 PM litodreamerboi4u started - last by RiP
Virus, Spyware and Trojan Removal pop ups unable to remove [Solved]	30 / 1,944	22nd June 2009 - 04:56 PM alicat1969 started - last by kahdah