1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Symantec email proxy virus

Discussion in 'Virus & Other Malware Removal' started by sharihollenshead, Apr 19, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. sharihollenshead

    sharihollenshead Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    4
    I have seen this problem on here but was not sure if this virus is different on each computer and to be handled differently. I have run my Symantec virus software and it comes back clean but I continue to have popups concerning the symantec email proxy that will not stop. Please help. I was at a blue screen and my computer was not running at all but have since got past that using the re-installation cd for windows XP. My computer is running extremely slow and these pop-ups will not stop. I would appreciate your helpful expertise!

    Here is the log information after scanning using the Hijack this that was suggested:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:38:50 PM, on 4/19/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec

    Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection

    Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft SQL

    Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\WkUFind.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
    C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\ArcSoft\Connection

    Service\Bin\ACDaemon.exe
    C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\asam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare

    software\bin\EasyShare.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\Program Files\Microsoft SQL

    Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

    Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

    Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,SearchAssistant =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection

    Wizard,ShellNext = http://@www.compaq.com/athome
    R1 -

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: AIM Toolbar Search Class -

    {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program

    Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for

    Internet Explorer -

    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and

    Settings\All Users\Application

    Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserreco

    rdplugin.dll
    O2 - BHO: CitiUS Shared Browser Helper Object -

    {387EDF53-1CF2-4523-BC2F-13462651BE8C} -

    C:\WINDOWS\system32\BhoCitUS.dll
    O2 - BHO: WCNetMon Class -

    {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program

    Files\blcorp\WCCSC\WCPStop\wcpstop.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AIM Toolbar Loader -

    {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program

    Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: AIM Toolbar -

    {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program

    Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Works Update Detection]

    C:\Program Files\Common Files\Microsoft Shared\Works

    Shared\WkUFind.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center]

    c:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck]

    c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol]

    c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual

    Account Numbers\CitiVAN.exe /dontopenmycards
    O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program

    Files\Xerox\NWWia\XrxFTPLt.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program

    Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray]

    C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program

    Files\Common Files\ArcSoft\Connection

    Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dttolytu] C:\Documents and

    Settings\shase\Local Settings\Application

    Data\sdugkdsyj\qcakiletssd.exe
    O4 - HKLM\..\Run: [asam] C:\WINDOWS\asam.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [dttolytu] C:\Documents and

    Settings\shase\Local Settings\Application

    Data\sdugkdsyj\qcakiletssd.exe
    O4 - HKCU\..\Run: [asam] C:\WINDOWS\asam.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program

    Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Billminder.lnk = C:\Program

    Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Kodak EasyShare software.lnk =

    C:\Program Files\Kodak\Kodak EasyShare

    software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program

    Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Startup.lnk = C:\Program

    Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program

    Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet

    Explorer\Control Panel present
    O8 - Extra context menu item: &AIM Toolbar Search -

    C:\Documents and Settings\All Users\Application Data\AIM

    Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: AIM Toolbar -

    {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program

    Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Citi -

    {4C730913-3961-439b-83D5-F4E445520422} - C:\Program

    Files\Citi Virtual Account Numbers\CitiVAN.exe
    O9 - Extra button: (no name) -

    {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: AIM -

    {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

    Files\AIM\aim.exe
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://ashford.blackboard.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

    (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet

    Control) -

    http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com

    _downloader.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}

    (Aurigma Image Uploader 3.5 Control) -

    https://www.dotphoto.com/DPImageUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

    (Shockwave Flash Object) -

    https://fpdownload.macromedia.com/get/shockwave/cabs/flas

    h/swflash.cab
    O20 - Winlogon Notify: GoToAssist - C:\Program

    Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) -

    ArcSoft Inc. - C:\Program Files\Common

    Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Adobe Systems -

    C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. -

    C:\Program Files\Common Files\Apple\Mobile Device

    Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher

    (DefWatch) - Symantec Corporation - C:\Program

    Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GoToAssist - Citrix Online, a division of

    Citrix Systems, Inc. - C:\Program

    Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service

    (gupdate1cac146902e37e0) (gupdate1cac146902e37e0) -

    Google Inc. - C:\Program

    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) -

    NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program

    Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc)

    - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program

    Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation

    - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint

    Corporation - C:\Program

    Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 11428 bytes
     
  2. sharihollenshead

    sharihollenshead Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    4
  3. sharihollenshead

    sharihollenshead Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    4
    Now it appears the pop ups have ended but now my email outlook express is not operating. I ran the Microsoft Windows Malicious software removal tool after researching online about the email issue and it found and removed quite a few things. The one thing it was unable to remove was:
    Backdoor:Win32/Nuwar.A
    How can I get rid of this? It looks scary! I have deleted any P2P software I think was on my computer (kids had some things on here). Please help soon, I am afraid I am going to lose everything.
     
  4. sharihollenshead

    sharihollenshead Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    4
    I think I got this thing whipped...took some googling, but got it all worked out...I THINK!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Symantec email proxy
  1. Harry32
    Replies:
    18
    Views:
    1,598
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917950

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice