aurora pop-up

First timer!

I had problems with Aurora pop-ups, found majorgeeks and happily fixed that after mypctuneup uninstall. I also now have the AVG stuff, so good work fellas.

As far as the blasted nail.exe is concerned, this I seem to have rid myself of by disabling XP's System Restore, deleting nail.exe it and then enabling System Restore again.

Could anyone let me know if this will/won't have worked....even though it appears to have done so?

Many thanks

 

From now on please create a new thread with your problem(s) to avoid confusion. I have created a new thread for you so post in here from now on.

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here's my HJT log - hope I've got this right but I was careful to follow instructions.

Many thanks

 

The first thing I notice is that your running 2 antivirus programs, this is NOT recommend as they will cause conflicts on your computer. You need to pick ONE and uninstall the other.

Fisrt, download ABIremover and save it to a location like C:\ABIremove

NOW:
Reboot into Safe Mode, be sure you have ALL browsers closed while running this removal tool.

Next, start the ABIRemover.exe, press install, wait (explorer window will disapear)

Reboot directly and boot into Normal Mode and procede with the next step.


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://signup.e2binternet.com/cdsignup
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
(If you need this, keep it)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you have completed ALL of the above REBOOT, Scan with HijackThis and attach the new log.

 

Hello bjgarrick, and thanks for guiding me through this so quickly!

HJT log attached, all steps followed to the letter

Many thanks

 

Reboot your computer, then scan with HJT and have it fix the below entry. It shouldnt be there but if it is have HJT fix it.

O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Alex\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"

Afterwards you log looks clean!

Are you having any further problems?

 

This is superb. Just a few posts and great advice and I'm sorted.

Thanks and thanks again

 

Your Welcome!

You should see this article on How to Protect yourself from malware!