Outstanding. That put a "Dent" in it.
Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in
RED
HKEY_CURRENT_USER\Software\aurora
Close regedit
Download
Process Explorer from
http://www.sysinternals.com/Utilitie...sExplorer.html
Run Process Explorer and find this Process in the list of Processes.
c:\windows\system32\ftcnuj.exe
Select the process and click Process > Suspend.
**Note** DO NOT kill it...otherwise it will spawn another.
Then in HijackThis click Config > Misc Tools > Delete a file on reboot...
In the explorer Window select the file c:\windows\system32\
ftcnuj.exe
When prompted if you want to reboot click YES
IMPORTANT!! Leave Process explorer running with the process suspended.
After the reboot check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
O4 - HKLM\..\Run: [roxkdn] c:\windows\system32\ftcnuj.exe r
Reboot the PC and post another hijackthis log.