Infected with Windows Police Pro, uac, and gafsky

Please help. This is our key home computer and it's been down for two days now.

We have been infected with Windows Police Pro and Antivus Pro. We know we have gasfky and UACd.sys on our computer. We ran MalwareBytes Anti-Malware a few times, which found these and "fixed" them. Anti-Malware tried to reboot the system, causing ChkDisk to run on the reboot; ChkDisk always crashed on Level 2. So we booted up in safe mode and restored the last known working configuration, which, of course, still has the virus.

We thought about running Avast VRDB, but we didn't know if that would help or make things worse at this point. Would this be worth doing?

We ran the DDS Tool and its log follows; we have attached the attach.txt file created by DDS, as well as the report created by RootRepeal.

Please note that when running RootRepeal, we got the "Try adjusting Disc Access Level in Options dialog" message; when we clicked several times to close the message box, the program ran. So maybe the results are suspect? We don't know.

I surely hope someone here can help us, as we are at our wit's end.

Thanks for any help you can give.

--elizabeth

****************************************

DDS (Ver_09-07-30.01) - NTFSx86
Run by J at 10:32:16.29 on Wed 09/23/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2524 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090921-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\J\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
mDefault_Page_URL = hxxp://www.defaulthomepage.info
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [<NO NAME>]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [PUStarter] c:\program files\common files\hewlett-packard\hp printer utility dcs\appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "c:\program files\hewlett-packard\hp printer utility\hppu.exe" --regkeypath=software\hewlett-packard\hp printer utility\HPPURun --valuename=InstallTTM
mRun: [KnexStarter] c:\program files\common files\hewlett-packard\hp device communication services\appinterfaces\HPDeviceService.exe
mRun: [RunTasktray] "c:\program files\hewlett-packard\hp easy printer care\hpprun.exe" --regkeypath=software\hewlett-packard\hp easy printer care\HPPRun --valuename=InstallTTM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: hp.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} - hxxp://192.168.1.117/hp/device/webAccess/multipleFileUpload.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\common files\hewlett-packard\hp printer utility dcs\app\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\ramdisk.sys [2000-4-19 6995]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-14 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-14 352920]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2007-11-7 44344]
S4 Spooadmhd;Spooadmhd; [x]

=============== Created Last 30 ================

2009-09-23 07:58 54,016 a------- c:\windows\system32\drivers\rslxx.sys
2009-09-22 13:08 <DIR> --ds---- C:\ComboFix
2009-09-22 13:08 389,120 a------- c:\windows\system32\CF29339.exe
2009-09-22 07:52 54,016 a------- c:\windows\system32\drivers\udox.sys
2009-09-21 22:35 54,016 a------- c:\windows\system32\drivers\jsks.sys
2009-09-21 22:06 54,016 a------- c:\windows\system32\drivers\xmlykya.sys
2009-09-21 18:12 <DIR> --d----- c:\docume~1\j\applic~1\Malwarebytes
2009-09-21 18:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-21 14:31 54,784 a------- c:\windows\system32\drivers\UACxlejvmrvta.sys
2009-09-21 14:31 <DIR> --d----- C:\spoolerlogs
2009-09-09 13:49 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-08-30 22:05 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-08-29 16:16 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-25 12:40 <DIR> --d----- c:\program files\Hp
2009-08-25 12:39 <DIR> --d----- c:\docume~1\j\applic~1\HpUpdate
2009-08-25 12:39 <DIR> --d----- c:\windows\Hewlett-Packard
2009-08-24 16:29 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-18 09:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 09:50 666,624 -------- c:\windows\system32\dllcache\wininet.dll
2009-06-26 09:50 620,032 -------- c:\windows\system32\dllcache\urlmon.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-01-25 11:56 61,320 a------- c:\docume~1\j\applic~1\GDIPFONTCACHEV1.DAT
2008-06-27 10:27 61,224 a------- c:\documents and settings\j\GoToAssistDownloadHelper.exe
2007-12-26 18:30 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-10-13 12:00 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLbz.DAT

============= FINISH: 10:33:27.23 ===============