Further "Aurora" woes, HJT file review, please.

By Escafanatic421
Jun 27, 2005
Topic Status:
Not open for further replies.
  1. Was looking at someone else who was affected by the Aurora program. To the best of my knowledge I've completed everything that was suggested in both RBS' "How to remove..." topic thread and what was brought up in the "Struggling..." topic thread.

    What I've done:
    -Used both AVG and Spybot S&D
    -Deleted both Temp and Internet Temp files.
    -Fixed file types from the "How to remove" topic thread.
    -Fixed file from "Struggling topic thread"
    -Have the most updated Windows SP.
    -Use Fire Fox (this 'program' Aurora popped up last evening and has been my only problem with Fire Fox).

    I've posted an HJT scan file up for review and any suggestions that can be offered will be greatly appreciated. Thank you for your time.
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    ViewMgr.exe
    uslaxwl.exe
    ?xplorer.exe
    omniscient.exe
    sept.exe

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\WindowsSA\omniscient.exe
    C:\Program Files\Avant Browser\ (is only IE with a pretty dress, get rid of it)
    C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\uslaxwl.exe
    C:\WINDOWS\system32\?xplorer.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [dhqtplh] c:\windows\system32\uslaxwl.exe r
    O4 - HKCU\..\Run: [Taum] C:\Documents and Settings\Ben Reed\Application Data\sept.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.

    Get deletefxpfiles here http://www.deletefxpfiles.com/index2.html to get rid of ?xplorer.exe if you can't delete it normally.

    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Boot normal. When all OK, switch System Restore back on.
  3. Escafanatic421

    Escafanatic421 Newcomer, in training Topic Starter

    Thank you for the review, RBS. Also, is there any way to check the validity of http://www.mypctuneup.com ? I was able to find Aurora in my Add/Remove programs in Windows (although it was under a different name) and it supposedly has the unistall software at the aforementioned website. The fact, though that the program that's giving me problems is what reffered me there is making me only somewhat suspicous :suspiciou

    So if you or another mod could, please check mypctuneup.com that'd be great. With things like fake HJTs appearing and what seems an all too easy "fix" presented before me I'm reluctant to bite.
  4. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Mypctuneup is the same crappy outfit that created Aurora in the first place!
    Need I say more?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.