Last night my computer started behaving very oddly. Little symantech windows started opening in my desktop every 1-2 minutes. The title of the window reads "Symantec Email Proxy" and the message translates (my computer is configured in Spanish) to something like this: " Unable to send email message, server did not accept. Delivery Error #..." an email address shows up and a short message such as "Hey" or "Hi", and an "Accept" button. Like I said, this thing happens every 1-2 minutes in which 20 or more of those windows open up. I´ve updated and run Norton antivirus (2003) a few times, House Call online virus scan, Ad-Aware, and Spybot, and none of them solved the problem (although they did get rid of a lot of Spyware. I decided to run "Hijack this" and send you guys the log, see what you think (thanx in advance):
Logfile of HijackThis v1.97.7
Scan saved at 21:13:32, on 16/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Archivos de programa\AIM95\aim.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Documents and Settings\Javi\Configuración local\Archivos temporales de Internet\Content.IE5\IDQL1Z9A\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.51/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://autosearch.cc/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\ARCHIV~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {59D4AB50-E3BD-1BEA-A8D0-5B6245E59D5B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {23273A1C-C870-43C4-A3E3-67DC98630AC6} (IntSOFTEC Class) - http://213.229.160.209/dialers/it.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-flash.com/ruboskizo2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37615.2302893519
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27E3A20A-7474-439C-B7F2-53EE889B7440}: NameServer = 80.58.0.33,80.58.32.97
Logfile of HijackThis v1.97.7
Scan saved at 21:13:32, on 16/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Archivos de programa\AIM95\aim.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Documents and Settings\Javi\Configuración local\Archivos temporales de Internet\Content.IE5\IDQL1Z9A\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.51/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://autosearch.cc/search.php?qq=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\ARCHIV~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {59D4AB50-E3BD-1BEA-A8D0-5B6245E59D5B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Archivos de programa\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: PopupPopper Control Panel (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {23273A1C-C870-43C4-A3E3-67DC98630AC6} (IntSOFTEC Class) - http://213.229.160.209/dialers/it.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-flash.com/ruboskizo2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37615.2302893519
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27E3A20A-7474-439C-B7F2-53EE889B7440}: NameServer = 80.58.0.33,80.58.32.97