Aurora popup removal

[Andrewr]

I am getting an aurora popup and its starting to really bug me. It is happening in explorer and firefox.
I know that the problem is related to the nail.exe file. I have tried to remove it as others have, but some of the things they say to remove in hijackThis they removed don't appear on my log. No matter what I've tried nail.exe has always re-installed itself so there must be one (or more) things that I need to remove. I don't want to go and start freestyling as I have no idea what half the things do.
I have attached a hijackthis log file, if anyone could have a look at it and point me in the right direction it would be much appriciated.

thanks
andrew

 

[RealBlackStuff]

I don't have time at the moment, but go here:
http://www.geekstogo.com/forum/index.php?showtopic=34660&st=0&p=171623&#entry171623
follow from 'thatman's Post #4 (at the right) onwards.

Your own 'baddies' are:
c:\windows\system32\fohqba.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
OO4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [mmrsdw] c:\windows\system32\fohqba.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

That should help you.

 

[Andrewr]

Thanks that was exactly what i was after - the list of baddies!

it keeps morphing, thought i got rid of it but its back.. anyway i'll have another go tomorrow, its too late for my brain to work

thanks

andrew

 

[Andrewr]

I think i may have got rid of it.. believe it or not the company who made it provide an uninstaller that uninstalls all adware they have made. My log now looks clean and so far the popup hasn't returned.

 

[RealBlackStuff]

I hope you did not run mypctuneup!
Find out about the rotten ways of this outfit in Google.

 

[Andrewr]

i did actually.
contry to what people are saying they didn't ask for my email address or anything. It did the job.
What is supposidly so bad about it? I know it is made by the same company as aurora and if you google it you get a 50/50 split of people who think its ok and people who don't.
To be honest after i'd tried about 10 - 15 different removal methods that were on the net and none worked i was willing to try anything.