Expert: Ramon Zammit - 10/21/2009

Question
My friend replied to an e-mail that i had apparently managed to send to her and my entire contact list whilst i wasn't even on the computer!  It had an attachment and was telling them about some "great product" that i haven't ever tried!

What is it all about?  And can i do anything to prevent it happening again?

and i tried with one of your similarproblem's solution then i got hijackthis  notepad as



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:51 PM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesTypingMasterquickphrasequickphrase.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesVeoh NetworksVeohWebPlayereohwebplayer.exe
C:Program FilesuTorrentuTorrent.exe
C:WINDOWSsystem32chrome.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Documents and SettingsAdministratorDesktopCyberoam Client for 24OnlineCyberoamClient.exe
C:Program FilesMozilla Firefoxirefox.exe
C:Program FilesGoogleGoogle Talkgoogletalk.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://in.search.yahoo.co...
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://h1.ripway.com/poojasharma/index.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://h1.ripway.com/poojasharma/index.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://h1.ripway.com/poojasharma/index.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://h1.ripway.com/poojasharma/index.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://h1.ripway.com/poojasharma/index.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://in.search.yahoo.co...
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{e6570cd8-9978-4621-b1f9-6a62436f0466} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe chrome.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayer
pbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier.2.4204.1700swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:Program FilesSoftonic_VLC_EN   bSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: Softonic VLC EN Toolbar - {e6570cd8-9978-4621-b1f9-6a62436f0466} - C:Program FilesSoftonic_VLC_EN   bSoft.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe"  -osboot
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1ptray.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [Messenger (Yahoo!)] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
O4 - HKCU..Run: [googletalk] "C:Program FilesGoogleGoogle Talkgoogletalk.exe" /autostart
O4 - HKCU..Run: [QuickPhrase] "C:Program FilesTypingMasterquickphrasequickphrase.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [VeohPlugin] "C:Program FilesVeoh NetworksVeohWebPlayereohwebplayer.exe"
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKCU..Run: [Yahoo Messengger] C:WINDOWSsystem32chrome.exe
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O17 - HKLMSystemCCSServicesTcpip..{FE35D113-D81F-4082-AD81-E316B830DA2A}: NameServer = 172.173.174.1,202.56.250.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll (file missing)
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~4GOEC62~1.DLL
O23 - Service: DefWatch - Unknown owner - C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 7092 bytes  

Answer
hello

the fact that she received it from you, doesn't necessarily mean that it was sent from your computer. the spamming could be using your e-mail name (not address) to relay the messages to your contacts.

lets start from here:
if you go to SENT ITEMS can you find the email in question?
also what email client are you using?