Redirector and mail gremlin in residence

[lgbpop]

See you in the morning, time for some rest here!

[crunchie]

Can you run Gmer please pop.

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.

[lgbpop]

Sorry it took so long. The past 3 hours the computer's been glacially slow, not the little speedster it usually is. WUAUCLT.EXE was consistently taking up 50% of CPU usage in Task Manager. I ended the process along with the parent svchost.exe and usage dropped to 2%. The file's in the correct folder, so I suspect either a corrupted file or something trying to jam its normal function. Anyhow, here's the GMER.LOG file you wanted bud.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 12:15:44
Windows 5.1.2600 Service Pack 3
Running: grandma82lb.exe; Driver: C:\DOCUME~1\Frank\LOCALS~1\Temp\pxrdipod.sys

---- System - GMER 1.0.15 ----
SSDT 9D5C15EE ZwCreateKey
SSDT 9D5C15E4 ZwCreateThread
SSDT 9D5C15F3 ZwDeleteKey
SSDT 9D5C15FD ZwDeleteValueKey
SSDT 9D5C1602 ZwLoadKey
SSDT 9D5C15D0 ZwOpenProcess
SSDT 9D5C15D5 ZwOpenThread
SSDT 9D5C160C ZwReplaceKey
SSDT 9D5C1607 ZwRestoreKey
SSDT 9D5C15F8 ZwSetValueKey
SSDT 9D5C15DF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 2 Bytes [D0, 15]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DD0 8050466C 2 Bytes [D5, 15] {AAD 0x15}
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67F6360, 0x24BB1D, 0xE8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt62.sys entry point in "init" section [0xA3F3C2E0]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
.text C:\Program Files\Opera\opera.exe[2128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\Program Files\Opera\opera.exe[2128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\Program Files\Opera\opera.exe[2128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 003E000C
---- Threads - GMER 1.0.15 ----
Thread System [4:2684] 9A3B81F0
Thread System [4:2692] 9A3B81F0
---- EOF - GMER 1.0.15 ----

[crunchie]

Looks ok to me.
What other symptoms does the pc have?

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
• Archives
• Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[lgbpop]

Been trying to do the Kaspersky scan all day. At 1:38:xx into the scan, it stops at a M$ security update KB backup file and the computer freezes. Have to reboot and start all over, then it happens again. I'll have to check in on it this time, keep it from falling asleep.

[lgbpop]

Sorry to keep you hanging on this. Computer never responded to anything, could never finish Kaspersky scan. I even installed a parallel OS on another drive, then ran A/Vs on the XP drive while it was not the boot drive and it still drew to a BSoD.

I'm leaning toward the conclusion there's a bad sector or sectors on the drive itself. Rather than mess with it any further I've replaced the drive and installed an image from January. Didn't take too long to update. One of these days I'll test that drive out thoroughly and see what the problem was. Thatnks for your time, bud!

[crunchie]

No worries mate