Symantec email proxy virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sharihollenshead

Thread Starter
Joined
Apr 19, 2010
Messages
4
I have seen this problem on here but was not sure if this virus is different on each computer and to be handled differently. I have run my Symantec virus software and it comes back clean but I continue to have popups concerning the symantec email proxy that will not stop. Please help. I was at a blue screen and my computer was not running at all but have since got past that using the re-installation cd for windows XP. My computer is running extremely slow and these pop-ups will not stop. I would appreciate your helpful expertise!

Here is the log information after scanning using the Hijack this that was suggested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:50 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL

Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACDaemon.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\asam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL

Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext = http://@www.compaq.com/athome
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AIM Toolbar Search Class -

{03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program

Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for

Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and

Settings\All Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserreco

rdplugin.dll
O2 - BHO: CitiUS Shared Browser Helper Object -

{387EDF53-1CF2-4523-BC2F-13462651BE8C} -

C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: WCNetMon Class -

{3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program

Files\blcorp\WCCSC\WCPStop\wcpstop.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader -

{b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program

Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar -

{61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program

Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection]

C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkUFind.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]

c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck]

c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol]

c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual

Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program

Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program

Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray]

C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program

Files\Common Files\ArcSoft\Connection

Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dttolytu] C:\Documents and

Settings\shase\Local Settings\Application

Data\sdugkdsyj\qcakiletssd.exe
O4 - HKLM\..\Run: [asam] C:\WINDOWS\asam.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dttolytu] C:\Documents and

Settings\shase\Local Settings\Application

Data\sdugkdsyj\qcakiletssd.exe
O4 - HKCU\..\Run: [asam] C:\WINDOWS\asam.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program

Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program

Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Kodak EasyShare software.lnk =

C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program

Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program

Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search -

C:\Documents and Settings\All Users\Application Data\AIM

Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar -

{0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program

Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Citi -

{4C730913-3961-439b-83D5-F4E445520422} - C:\Program

Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: (no name) -

{9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ashford.blackboard.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet

Control) -

http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com

_downloader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}

(Aurigma Image Uploader 3.5 Control) -

https://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

https://fpdownload.macromedia.com/get/shockwave/cabs/flas

h/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program

Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) -

ArcSoft Inc. - C:\Program Files\Common

Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher

(DefWatch) - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist - Citrix Online, a division of

Citrix Systems, Inc. - C:\Program

Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service

(gupdate1cac146902e37e0) (gupdate1cac146902e37e0) -

Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program

Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc)

- Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program

Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation

- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint

Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11428 bytes
 

sharihollenshead

Thread Starter
Joined
Apr 19, 2010
Messages
4
Now it appears the pop ups have ended but now my email outlook express is not operating. I ran the Microsoft Windows Malicious software removal tool after researching online about the email issue and it found and removed quite a few things. The one thing it was unable to remove was:
Backdoor:Win32/Nuwar.A
How can I get rid of this? It looks scary! I have deleted any P2P software I think was on my computer (kids had some things on here). Please help soon, I am afraid I am going to lose everything.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top