I'm still having a ton of pop ups, including Aurora ones.
This is my new scanlog, but as you can see, now I have 21 host files.
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 8:51:12 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:67 %
Total physical memory:1047784 kb
Available physical memory:700064 kb
Total page file size:2521688 kb
Available on page file:2298736 kb
Total virtual memory:2097024 kb
Available virtual memory:2046548 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-27-2005 8:51:12 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 1148
ThreadCreationTime : 4-27-2005 5:56:25 AM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : n/a
ProcessID : 1312
ThreadCreationTime : 4-27-2005 5:56:35 AM
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 1356
ThreadCreationTime : 4-27-2005 5:56:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 1368
ThreadCreationTime : 4-27-2005 5:56:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1572
ThreadCreationTime : 4-27-2005 5:56:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1800
ThreadCreationTime : 4-27-2005 5:56:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 568
ThreadCreationTime : 4-27-2005 5:56:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1444
ThreadCreationTime : 4-27-2005 5:56:45 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:9 [basfipm.exe]
ModuleName : C:\WINDOWS\System32\basfipm.exe
Command Line : n/a
ProcessID : 1780
ThreadCreationTime : 4-27-2005 5:56:46 AM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE
#:10 [cvpnd.exe]
ModuleName : C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
Command Line : n/a
ProcessID : 1844
ThreadCreationTime : 4-27-2005 5:56:46 AM
BasePriority : Normal
FileVersion : 4.0.2 (D)
ProductVersion : 4.0.2 (D)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE
#:11 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : n/a
ProcessID : 1872
ThreadCreationTime : 4-27-2005 5:56:46 AM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe
#:12 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 1920
ThreadCreationTime : 4-27-2005 5:56:47 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:13 [rtvscan.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Command Line : n/a
ProcessID : 1952
ThreadCreationTime : 4-27-2005 5:56:47 AM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003
#:14 [desktop.exe]
ModuleName : C:\WINDOWS\isrvs\desktop.exe
Command Line : "C:\WINDOWS\isrvs\desktop.exe"
ProcessID : 228
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
FileVersion : 1.1.0.20
ProductVersion : 1.0.0.0
FileDescription : Desktop Search
#:15 [nsvsvc.exe]
ModuleName : C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\System32\nsvsvc\nsvsvc.exe"
ProcessID : 1408
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0
#:16 [picsvr.exe]
ModuleName : C:\WINDOWS\System32\picsvr\picsvr.exe
Command Line : "C:\WINDOWS\System32\picsvr\picsvr.exe"
ProcessID : 276
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
#:17 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 284
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:18 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 296
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:19 [aim.exe]
ModuleName : C:\Program Files\AIM95\aim.exe
Command Line : "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
ProcessID : 304
ThreadCreationTime : 4-27-2005 5:56:48 AM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:20 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 4-27-2005 5:56:50 AM
BasePriority : Normal
FileVersion : 6.14.10.4586
ProductVersion : 6.14.10.4586
ProductName : NVIDIA Driver Helper Service, Version 45.86
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.86
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:21 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 732
ThreadCreationTime : 4-27-2005 5:56:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\guard.tmp",DllGetVersion
ProcessID : 3176
ThreadCreationTime : 4-27-2005 5:57:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:23 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"
ProcessID : 3464
ThreadCreationTime : 4-27-2005 5:58:01 AM
BasePriority : Normal
#:24 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2100
ThreadCreationTime : 4-27-2005 12:51:03 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
21 entries scanned.
New critical objects:0
Objects found so far: 0
8:57:14 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:02.191
Objects scanned:109584
Objects identified:0
Objects ignored:0
New critical objects:0