Hi askey127,
First, thanks for your response. I followed your instructions and captured the tool output on the afflicted machine. I also removed some other non-essential applications.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as bcranky on 04/12/2010 at 21:39:36.
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\bcranky\Desktop\rkill.exe
Rkill completed on 04/12/2010 at 21:39:42.
*****
info.txt logfile of random's system information tool 1.06 2010-04-12 21:33:48
======Uninstall list======
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Charter High-Speed Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Charter Security Suite-->"C:\Program Files\Charter High-Speed Security Suite\FSGUI\PostInstall.exe" /tUnInstall
GlidePoint Touchpad-->MsiExec.exe /I{1380CA9A-C3EC-4387-9E28-9A5AD4C48E4C}
HijackThis 2.0.2-->"C:\Documents and Settings\bcranky\Desktop\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Matrox Graphics Software (remove only)-->C:\WINDOWS\system32\PDesk\PDUninst.exe
Matrox PowerDesk-SE-->MsiExec.exe /X{769ADBAC-47FC-482A-8D93-98D19838EE85}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1
http://www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
http://www.008k.com127.0.0.1 008k.com
127.0.0.1
http://www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
http://www.032439.com127.0.0.1 032439.com
======Security center information======
AV: Charter Security Suite 8.02
FW: Charter Security Suite 8.02
======System event log======
Computer Name: BCRANKY-1087B57
Event Code: 3019
Message: The redirector failed to determine the connection type.
Record Number: 1857
Source Name: MRxSmb
Time Written: 20080824211207.000000-240
Event Type: warning
User:
Computer Name: BCRANKY-1087B57
Event Code: 3019
Message: The redirector failed to determine the connection type.
Record Number: 1856
Source Name: MRxSmb
Time Written: 20080824211203.000000-240
Event Type: warning
User:
Computer Name: BCRANKY-1087B57
Event Code: 3019
Message: The redirector failed to determine the connection type.
Record Number: 1855
Source Name: MRxSmb
Time Written: 20080824211154.000000-240
Event Type: warning
User:
Computer Name: BCRANKY-1087B57
Event Code: 3019
Message: The redirector failed to determine the connection type.
Record Number: 1854
Source Name: MRxSmb
Time Written: 20080824211150.000000-240
Event Type: warning
User:
Computer Name: BCRANKY-1087B57
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 1707
Source Name: W32Time
Time Written: 20080803141211.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: BCRANKY-1087B57
Event Code: 103
Message: 1 2008-04-02 22:26:16-04:00 bcranky-1087b57 BCRANKY-1087B57\bcranky F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSPMAPI.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 173
Source Name: F-Secure Anti-Virus
Time Written: 20080402222619.000000-300
Event Type: error
User:
Computer Name: BCRANKY-1087B57
Event Code: 103
Message: 1 2008-04-01 23:53:22-04:00 bcranky-1087b57 BCRANKY-1087B57\bcranky F-Secure Anti-Virus
An error occurred while scanning \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\MSADCO.DLL.
Record Number: 170
Source Name: F-Secure Anti-Virus
Time Written: 20080401235323.000000-300
Event Type: error
User:
Computer Name: BCRANKY-1087B57
Event Code: 103
Message: 1 2008-04-01 23:28:54-04:00 bcranky-1087b57 BCRANKY-1087B57\bcranky F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 167
Source Name: F-Secure Anti-Virus
Time Written: 20080401232856.000000-300
Event Type: error
User:
Computer Name: BCRANKY-1087B57
Event Code: 103
Message: 1 2008-03-30 02:54:51-04:00 bcranky-1087b57 BCRANKY-1087B57\bcranky F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSPMAPI.DLL was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 143
Source Name: F-Secure Anti-Virus
Time Written: 20080330025453.000000-300
Event Type: error
User:
Computer Name: BCRANKY-1087B57
Event Code: 103
Message: 1 2008-03-23 01:53:16-04:00 bcranky-1087b57 BCRANKY-1087B57\bcranky F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\BCRANKY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8X536SLD.DEFAULT\PREFS-1.JS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 126
Source Name: F-Secure Anti-Virus
Time Written: 20080323015318.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by bcranky at 2010-04-12 21:50:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (18%) free of 29 GB
Total RAM: 512 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:29 PM, on 4/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bcranky\Desktop\RSIT.exe
C:\Documents and Settings\bcranky\Desktop\bcranky.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CirqueGesture] C:\Program Files\Touchpad\Gesture.exe
O4 - HKLM\..\Run: [Glide] glidew32.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
--
End of file - 4243 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE [2009-02-19 182936]
"F-Secure TNB"=C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe [2009-02-19 957024]
"CirqueGesture"=C:\Program Files\Touchpad\Gesture.exe [2005-10-03 123904]
"Glide"=C:\WINDOWS\system32\glidew32.exe [2005-10-03 81920]
"Matrox PowerDesk SE"=c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [2007-04-04 1771016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-12 21:33:30 ----D---- C:\rsit
2010-04-07 22:46:20 ----A---- C:\WINDOWS\system32\ws2_32.dll
2010-03-28 21:23:00 ----D---- C:\WINDOWS\pss
2010-03-28 20:53:23 ----D---- C:\Program Files\CCleaner
2010-03-13 18:59:54 ----D---- C:\HijackThis
======List of files/folders modified in the last 1 months======
2010-04-12 21:39:05 ----RD---- C:\Program Files
2010-04-12 21:36:38 ----D---- C:\Program Files\Mozilla Firefox
2010-04-12 21:33:33 ----D---- C:\WINDOWS\Temp
2010-04-12 21:28:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-12 21:26:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-12 21:26:07 ----D---- C:\WINDOWS\system32
2010-04-12 21:21:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-12 21:20:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 21:15:04 ----D---- C:\WINDOWS
2010-04-12 20:14:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-10 01:23:37 ----D---- C:\Program Files\Charter High-Speed Security Suite
2010-03-28 20:53:47 ----D---- C:\WINDOWS\Debug
2010-03-13 18:59:58 ----SHD---- C:\WINDOWS\Installer
2010-03-13 18:56:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-13 18:56:11 ----D---- C:\WINDOWS\system32\drivers
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\drivers\fshs.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys []
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2007-04-13 350464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-04 63744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 747392]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 glidesvc;GlidePoint Mouseclass Service; C:\WINDOWS\system32\DRIVERS\glidesvc.sys [2005-10-03 38183]
S3 gpmouser;GlidePoint Serial Touchpad Service; C:\WINDOWS\system32\DRIVERS\gpmouser.sys [2005-10-03 27519]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 UtilNT;UtilNT; \??\C:\WINDOWS\system32\drivers\UtilNT.sys []
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe [2010-02-11 215648]
R2 FSMA;FSMA; C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE [2009-02-19 117400]
R2 Matrox Centering Service;Matrox Centering Service; c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2007-04-04 480776]
R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2007-04-04 87560]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe [2009-02-19 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe [2009-02-19 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe [2009-02-19 55904]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
A couple of new developments: After booting up the machine today and clearing out some initial warning messages about the Patched, they didn't reappear. Typically my AV warns me as soon as I boot up, and several times during the session, but this time the message didn't appear, even after rebooting several times. I didn't try, but I assume that Patched would reappear if I tried to access the network.
However, in the AV log I noticed a single appearance of two new (or old) offenders on 4/7/10: Trojan-Dropper.Win32.Agent and Packed:W32/Tibs.gen!A.
If after your analysis you strongly recommend that I re-image, I will. Thank you.