I can't seem to get rid of these pop ups!

[chassc]

Hijack log is attached. I have been working on this for four days...ANY help is appreciated.

What I've tried (in no certain order):
abi remover
nailfix
cc cleaner
ewido
microsoft antispyware
popup stopper antispyware
hoster
lspfix
panda
spybot
unhook

It <<appears>> aurora is gone however I'm not certain.

I have norton antivirus 2005 and it was running.

I have two children and a wife who have access - I think it was infected through them. After this fix any ideas on how to limit other users accesses or permissions would be appreciated.

 

[Spike]

I don't mean to be difficult, but it appears that the HJT log you've posted isn't complete. Could you please check and post a new log if required?

In terms of preventing re-infection, You might like to try the post on preventing infection in XP at the top of this forum.

Anyways, if you could repost that HJT log, it migh be helpful.

 

[chassc]

Repost

Thanks for taking a look. Here is the additional log you requested.

 

[RealBlackStuff]

Put HijackThis in e.g C:\HJT and NOT on your Desktop or in Temp!.
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.
On Windows 95/98/ME, press CTRL+ALT+DELETE.
On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there), click End Process for:
ViewMgr.exe
dinst.exe
321102.exe
trycrt.exe

Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SysEntry] 321102.exe
O4 - HKLM\..\Run: [lpt] trycrt.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.gsu.edu/activex/AMC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.

Also, STOP using Internet Explorer. Go to www.getfirefox.com and Install Firefox and USE it. (IE is only for Windows-updates from now on!)
Upon installation, it will get all the favorites from IE.
Tell the wife and kids to NOT use IE anymore under any circumstance (otherwise deathpenalty, go to bed without dinner, etc. etc.)

 

[chassc]

Thanks!

Your suggestions appear to have worked!

I have passed on the info (and consequences) to the family to use Firefox!!!

THANKS FOR THE HELP!!!