Webuser Forums: Hotmail sending emails to everyone in Address Book

ComboFix 08-03-17.1 - Mike Curran 2008-03-19 5:30:48.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.415 [GMT 0:00]
Running from: C:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 21:15 . 2008-03-18 21:15 <DIR> d-------- C:\Documents and Settings\Mike Curran\Application Data\AVG7
2008-03-18 21:13 . 2008-03-18 21:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-18 21:13 . 2008-03-18 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-03-18 21:13 . 2008-03-18 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-03-18 20:53 . 2008-03-18 20:53 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-18 20:53 . 2008-03-18 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2008-03-18 20:38 . 2008-03-18 20:38 31,768,752 --a------ C:\avg75free_519a1276.exe
2008-03-16 15:37 . 2008-03-16 15:37 <DIR> d-------- C:\Program Files\Hasbro Interactive
2008-03-08 14:32 . 2008-03-08 14:32 <DIR> d--hs---- C:\FOUND.022
2008-03-05 10:06 . 2008-03-05 10:06 <DIR> d--hs---- C:\FOUND.021
2008-03-03 07:10 . 2008-03-03 07:10 <DIR> d--hs---- C:\FOUND.020

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 13:27 --------- d-----w C:\Program Files\Common Files\Java
2008-10-26 20:22 --------- d-----w C:\Documents and Settings\Mike Curran\Application Data\ScanSoft
2008-03-19 05:27 1,580,267 ----a-w C:\ComboFix.exe
2008-01-27 08:49 --------- d-----w C:\Documents and Settings\Guest\Application Data\Intuit
2008-01-23 22:07 --------- d-----w C:\Documents and Settings\Mike Curran\Application Data\Download Manager
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 18:44 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-10 05:20 257,024 ----a-w C:\WINDOWS\system32\dllcache\infocomm.dll
2007-12-24 08:09 296,942,547 ----a-w C:\5-28db4.zip
2007-12-24 07:52 133,004,836 ----a-w C:\4-a77cf.zip
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-11-20 00:28 5,632 --sha-w C:\Program Files\Thumbs.db
2007-11-19 08:12 61,480 ----a-w C:\Documents and Settings\Mike Curran\GoToAssistDownloadHelper.exe
2007-09-02 13:48 49,290,424 ----a-w C:\Program Files\TMIS_2007_153_Compact.exe
2007-08-06 07:42 224,048 ----a-w C:\Program Files\utorrent.exe
2007-02-25 09:40 1,675,302 ----a-w C:\Program Files\fdminst.exe
2007-01-22 18:50 38,119 ----a-w C:\Program Files\db_pcc.dat
2007-01-10 11:33 3,817,984 ----a-w C:\Program Files\tmpcc64.msi
2007-01-10 11:30 353,808 ----a-w C:\Program Files\setup.exe
2007-01-10 11:30 3,927,024 ----a-w C:\Program Files\pcc.exe
2007-01-10 11:30 3,342,848 ----a-w C:\Program Files\tmpcc.msi
2006-12-29 07:52 64 ----a-w C:\Program Files\Tmsrl.dat
2006-12-29 07:52 3,584 ----a-w C:\Program Files\1033.mst
2006-12-29 07:52 274 ----a-w C:\Program Files\setup.ini
2006-12-29 07:52 163,049 ----a-w C:\Program Files\license.rtf
2006-10-16 14:30 1,856,876 ----a-w C:\Program Files\Capture.mpg
2006-03-28 08:21 5,469,168 ----a-w C:\Program Files\GUIDesignStudio_R047_Setup.exe
2006-02-28 16:32 46,667,792 ----a-w C:\Program Files\pcc26usrs1400_1341.exe
2006-02-28 15:45 67,933,256 ----a-w C:\Program Files\pcc26usf1410_1023.exe
2006-02-27 15:35 5,883,488 ----a-w C:\Program Files\bptsetup.exe
2005-12-21 20:13 5,009,408 ----a-w C:\Program Files\bet365poker.exe
2005-09-04 09:01 381,480 ----a-w C:\Program Files\msgr7us.exe
2005-08-31 07:08 2,762,704 ----a-w C:\Program Files\vcssetup.exe
2005-08-27 08:00 1,013,014 ----a-w C:\Program Files\etax2005_2_ftbdll.exe
2005-08-27 07:59 3,762,300 ----a-w C:\Program Files\etax2005_1.exe
2005-08-23 06:28 22,040,920 ----a-w C:\Program Files\iTunesSetup.exe
2005-08-21 22:24 122,478,784 ----a-w C:\Program Files\j2eesdk-1_4_02_2005Q2-windows.exe
2005-08-19 06:48 11,853,384 ----a-w C:\Program Files\snagit.exe
2005-08-09 15:33 721,694 ----a-w C:\WINDOWS\Fonts\abckids.zip
2007-01-30 22:55 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-01-30 22:55 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"VoipCheapCom"="C:\program files\voipcheapcom\voipcheapcom.exe" [2007-02-20 14:23 7202360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 15:51 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-10-27 00:11 36864]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 00:24 2068527]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 16:59 374688]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 13:14 663552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 20:38 185632]
"SoftDisc"="C:\Program Files\SoftDisc\softdisc.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [ ]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [ ]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-09-29 15:24 188416]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-18 21:16 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-18 21:13 219136]

C:\Documents and Settings\Mike Curran\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-04 21:16:31 344064]
VoipBusterMate.lnk - C:\Program Files\VoipBusterMate\VoipBusterMate.exe [2006-07-24 10:36:40 98304]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2006-07-25 20:52:35 57344]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-07-26 08:19:42 106496]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-07-26 08:19:44 151552]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-10-27 00:11:40 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Asus\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\utorrent.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\WINDOWS\\System32\\rundll32.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:*:Disabled:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:*:Disabled:Altova License Metering Port (TCP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-02-27 03:01]
R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2004-04-19 12:09]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys [2006-10-06 19:56]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 17:56]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe" []
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2004-04-30 15:50]
R3 Cap7134;LifeView WDM Video Capture;C:\WINDOWS\system32\DRIVERS\lvcap214.sys [2004-05-14 18:13]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-13 11:39]
R3 PhTVTune;Philips WDM TVTuner;C:\WINDOWS\system32\DRIVERS\Silicon.sys [2004-05-14 18:13]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-09-28 23:17]
S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-09-28 23:17]
S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-09-28 23:17]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfd7dfd0-69ff-11da-90f7-000e3541a5a2}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1bcae60-fcf3-11d9-9086-000e3541a5a2}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4df3690-6f74-11dc-b324-000e3541a5a2}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1d2670-09c3-11dc-b2c8-00112f4b1214}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PortableApps\RK_Launcher_04_Beta\RKLauncher.exe

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 05:34:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 5:35:12
ComboFix-quarantined-files.txt 2008-03-19 05:35:12
.
2008-03-14 03:11:28 --- E O F ---

Post Extras