So I've done everything I can think of..

I've completed all the steps in the tutorial threads and I am still getting aurora and other popups everytime I open a browser. AVG found a trojan downloader small and got rid of it and Spybot S&D got rid of a bunch of spyware but that didn't fix the problem (none of the other programs found anything). Attached is my HT log. Hopefully someone can help me.. Thanks.

 

Download the following file, after download is complete run the uninstaller. When uninstall is complete reboot and procede with the next set of steps.

Download Uninstaller


Please look in Add/Remove Programs for the following and uninstall if found:

WeatherBug

Security iGuard

CxtPls

AutoUpdate

After you complete the above instructions reboot and run the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you complete the above scans and the other parts, reboot and post a fresh HJT log as an attachment to your post.

 

I ran the unistaller and it got rid of the aurora pop ups, thank god. I was not able to find any of those programs in the add/remove list and I wasn't able to run any of those online scans for some reason (it said i didn't have the right componets when i actually do). So here is my new HT log..

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, double click the file sysclean.com

When the system cleaner loads, click SCAN to start the scanner.

After you have scanned with the above program, reboot and attach a fresh HJT log.

 

When I try to open sysclean file it gives me a message that says "pattern file LPT$VPN is missing. Please download a copy."

 

You must download both files before you run the sysclean.

Download both files and be sure both are in the same folder and then run it again.

Be sure you extract the downloaded zip file into the same directory.

 

The zip file that I downloaded is empty, it said there are no files to extract..

 

Download the following file from MG's. This is the pattern, extract this file to the same directory as they sysclean.com file.

Trend Micro Pattern File for Windows 2.679.00

 

I ran the scan and here is my new highjack this log..

 

Click Start > Run > type in APPWIZ.CPL

Look for the following entries and uninstall when found:

WeatherBug

Security iGuard

WinTools by WebSearch

WebSearch Toolbar

After you do the above, reboot and post a fresh HJT log.

 

The only one of those programs that showed up was Weatherbug. I actually use that one, is it really creating problems on my computer?

 

It’s not all that dirty but it does deliver Adware somewhat, so I recommend it be uninstalled. If you still want a program similar to this, I recommend Weather Watcher.

You can download it here!


Are you sure you dont see Security iGuard and AutoUpdate, I have never seen these installed without being the Add/Remove?

 

I don't see either of those programs in the add/remove..

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: (no name) - {F50D01B8-C773-EDD9-7833-E9ECD8E11AC7} - C:\WINDOWS\System32\nzp.dll

O4 - HKLM\..\Run: [077O34U] i81tmib1.exe
O4 - HKCU\..\Run: [HwoERQY2j] gludxm.exe
O4 - HKCU\..\Run: [Pirtx] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe

O9 - Extra button: Microsoft AntiSpyware helper - {52C8433B-7D4D-4BE6-930F-7456B8FF3602} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C8433B-7D4D-4BE6-930F-7456B8FF3602} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Click Start > Run > type services.msc and Click OK

Locate WinTools for IE service (WinToolsSvc) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\nrpn ←–– Delete this whole folder if it exist!

C:\Program Files\AWS ←–– Delete this whole folder if it exist!

C:\Program Files\Security iGuard ←–– Delete this whole folder if it exist!

C:\Program Files\Aprps ←–– Delete this whole folder if it exist!

C:\WINDOWS\System32\gludxm.exe

C:\WINDOWS\System32\j?vaw.exe
(There are 2 of these, delete the one that doesnt look legit)

C:\WINDOWS\System32\i81tmib1.exe

C:\WINDOWS\System32\nzp.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

I followed your steps and here is my new HT log..

 

Scan with HJT and have it fix the below entries:

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

Make sure you close ALL browsers before clicking FIX. After you fix the above, navigate to and delete the below folders.

C:\Program Files\AWS

C:\Program Files\Security iGuard

(If you get an error saying file in use, reboot into Safe Mode and delete theses folders)

After doing the above, your HJT log will be clean!

Are you having any further problems?

 

I fixed those two things in the HT log but I couldn't find those other folders in the programs files. I don't have any other problems and thank you for all your help.

 

Your Welcome!

To stay Malware free, I would recommend following all of the steps in the below thread.

How to Protect yourself from malware!