Multiple Suspicious Message warnings. Not my Emails!

When I’m online I will begin to receive rapid fire “Too many identical emails” warnings. Senders and receivers are not me. I can only logoff to stop messages. I have a possible virus, win32 taskmin.exe. Running XP, Mozilla. Avast 4.6 Thanks, Paul

It certainly looks like you have some form of spam trojan or virus trying to infect others in your addressbook, etc.

Hijackthis is a good general analysis tool for what is running on your system.

Program & Tutorial - Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial
For an on-line analysis - HiJackThis Log file - On-line Analysis - Or post contents of log file here.
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Thanks David,
Here’s my logfile.
Logfile of HijackThis v1.97.7
Scan saved at 1:41:02 PM, on 7/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\cpqs\bwtools\sccenter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svhosts.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\userint32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ntsubsys.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svhosts.exe
C:\Program Files\Softcom DialBroadband\PropelAC.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\userint32.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\userint32.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Softcom DialBroadband\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM..\Run: [Lsass] C:\aight.exe
O4 - HKLM..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKLM..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Program
O4 - HKLM..\Run: [eTunnel] C:\head891238.exe
O4 - HKLM..\Run: [Anti-Virus Update Scheduler V1.39.13R] C:\head891238.exe
O4 - HKLM..\Run: [Windows Logon Manager] logon.exe
O4 - HKLM..\Run: [Messenger] C:\WINDOWS\System32\ntsubsys.exe
O4 - HKLM..\Run: [DiskCheck] “C:\WINDOWS\msdarkend.exe”
O4 - HKLM..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM..\Run: [Propel Accelerator] “C:\Program Files\Softcom DialBroadband\trayctl.exe” /STARTUPLAUNCH
O4 - HKLM..\Run: [THGuard] “C:\Program Files\TrojanHunter 4.2\THGuard.exe”
O4 - HKLM..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM..\RunServices: [Windows Services Hosts] svhosts.exe
O4 - HKLM..\RunServices: [Windows Logon Manager] logon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [Windows Services Hosts] svhosts.exe
O4 - HKCU..\RunServices: [Windows Services Hosts] svhosts.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Softcom DialBroadband\pac-addwl.html
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Softcom DialBroadband\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Softcom DialBroadband\pac-image.html
O9 - Extra ‘Tools’ menuitem: &AltaVista Home (HKLM)
O9 - Extra ‘Tools’ menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra ‘Tools’ menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra ‘Tools’ menuitem: AV &Translate (HKLM)
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\softcom dialbroadband\prplsf.dll
O10 - Unknown file in Winsock LSP: c:\program files\softcom dialbroadband\prplsf.dll
O10 - Unknown file in Winsock LSP: c:\program files\softcom dialbroadband\prplsf.dll
O10 - Unknown file in Winsock LSP: c:\program files\softcom dialbroadband\prplsf.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120592068339
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip..{A8F1FAEE-72D6-4F16-A122-F5332DA76CBB}: NameServer = 209.142.8.13 207.13.104.2

  1. your HijackThis (latest version 1.99.1) is almost as out of date as your OS and your browser. Then post the contents again,

So I would advise downloading the latest HJT version, from the link I gave.

  1. You don’t appear to have a firewall installed? - this is a matter of urgency otherwise you will be gaining malware faster than you can remove it.

  2. you should visit windows update urgently win XP SP2 providers many security features as doe IE6 SP2 (only available with/for XP SP2).

  3. AdwareAlert is a rogue program - see this link and use this before installing supposed anti-adware/spyware http://www.spywarewarrior.com/rogue_anti-spyware.htm also http://www.bleepingcomputer.com/startups/AdwareAlert.Exe-10412.html

To me a quick inspection of the log file, your system is in a mess, you need to get the latest version of HJT and post the contents into the on-line analysis so you can make a start with the items flagged as Nasty, Unknown, etc. You will need to check google for the things you aren’t sure of then fix in HJT.

If there are things you are unsure of in the on-line analysis, post again here, hopefully someone else can help also as I’m about to go off-line for the night.

:slight_smile: Quite a while back I saw a “security alert” concerning your
current version of Java 2 Runtime Environment Program ;
after you get OFF your machine whatever is there, I
recommend you go to www.java.com & get their latest,
then uninstall your current version . Would recommend you
try the FREE “Ewido” program, available at :
www.ewido.net/en to see if it will detect & remove what’s
there !? It “specializes” in trojans, worms, etc .