Thanks for the quick reply. Sorry for attaching the log, I thought that was the protocol. Here's the output from GMER in safe mode with the specifications you requested.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-04-25 15:00:46
Windows 5.1.2600 Service Pack 3
Running: c1xl9snt.exe; Driver: C:\DOCUME~1\JEFFFR~1.000\LOCALS~1\Temp\pxtoapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KiDispatchInterrupt + 2C0 804DCB22 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntoskrnl.exe!KiDispatchInterrupt + 2D8 804DCB3A 1 Byte [00]
.text ntoskrnl.exe!KiDeliverApc + C9C 804DDA9D 1 Byte [06]
.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 804E5511 1 Byte [90]
---- User code sections - GMER 1.0.15 ----
UPX1 C:\Documents and Settings\JEFF FRY.D59KLFC1.000\Desktop\c1xl9snt.exe[964] C:\Documents and Settings\JEFF FRY.D59KLFC1.000\Desktop\c1xl9snt.exe entry point in "UPX1" section [0x004B3F40]
---- Processes - GMER 1.0.15 ----
Process System Idle 0
Process System 4
Process C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 184
Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 232
Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 256
Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 300
Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 312
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 464
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 508
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 580
Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 852
Process C:\Documents and Settings\JEFF FRY.D59KLFC1.000\Desktop\c1xl9snt.exe 964
---- EOF - GMER 1.0.15 ----
I'm still trying to decide if this is truly malware or a hardware problem. The machine gets the BSOD booting from the install CD or Recovery console. I've also flashed the BIOS.
*** A little background****
This machine (without my knowledge) was run off of a portable generator last summer when the plant was without power and it really hosed it. It took out the power supply, hard drive and a stick of RAM. I was able to salvage the system from the old HD (the company has know idea what a backup is) and get the system up and going. It still took quite a bit of tinkering to get the system patched back together, but it has been working for the last year.
Last edited by Golfer on 25th April 2010, 8:17 pm; edited 1 time in total