-Deleting the files
-Editing Registries
-Safe Mode Deletions
-All sorts of Spyware removers
then what I did might help you...
I recently downloaded the File Monitor Program from www.sysinternals.com (its shareware)... It checks all running processes and gives a general idea of what they're doing.
While it runs... Open up a browser window and go to any site that will bring up a popup (game/store/etc. website). Check the name of the exe in Task man related to the Aurora Window...
Copy the name then search for it in File Monitor...
I found one Svchost.exe with a PID of 1016 to be opening and recopying the Aurora Program, although it may be something else in your case... If it is a Svchost, be sure to look at the name in File Monitor. It'll be named Svchost.exe:XXXX, where the X's represent the PID number.
Afterwards open up the Taskmanager, and close the program(if your closing svchost, be sure to get the one with the right PID).
This also got rid of the Green Advertisement Links on IE since the two are related aparently...