Help Request - Windows Police Pro, rootkit tdss, gasfky

History:


On 9/19 I was browsing the web -- I did not download anything but noticed the "Windows Police Pro" pop-up and within minutes of my not being able to identify the program or shut is down I pulled my internet plug.  I was running Norton, IE7 and on XP.  I checked the virus definitions they were current as of 9/18.

 

I couldn't get Norton to run, the only thing running was "windows police pro".  I kept using taskmanager to kill the program long enough to use msconfig to turn on safemode.  I tran norton scans - they finished in 3 minutes saying everything was fine -- clearly not true.

 

I then proceeded to download on another computer and copy via a usb drive software to clean this -- I would up using malwarebytes, spybot search and destroy to get rid of some of the problem files safemode.  I tried scanning again with norton and it still found nothing so I uninstalled it and installed another (free) antivirus It said there was the rootkit.tdss and quarantined those files.  the machine rebooted, re-scanned, re-deleted, rebooted, rescanned and the computer is still offline and out of use.

 

Shouldn't Norton have caught this since it was running at the time?  I'd like to reinstall norton but am now concerned.  Does it need to be run with another program to provide effective coverage?

 

What is this gasfky program and how do I get rid of this remenant?

 

Would all 3 of these have come from a single infection?



Here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2831
Windows 5.1.2600 Service Pack 3

9/21/2009 8:52:32 PM
mbam-log-2009-09-21 (20-52-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 240651
Time elapsed: 34 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Here is the GMER log:

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-23 00:09:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\k\LOCALS~1\Temp\uwldapob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw@imagepath \systemroot\system32\drivers\gasfkyktfoqdtk.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main\injector@* gasfkywsp8y.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyktfoqdtk.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfkycmd.dll \systemroot\system32\gasfkybgdkopjo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfkylog.dat \systemroot\system32\gasfkyyicofjwf.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfkywsp.dll \systemroot\system32\gasfkycpoyvxdq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfky.dat \systemroot\system32\gasfkyjktjolda.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkyeydxlkaw\modules@gasfkywsp8y.dll \systemroot\system32\gasfkyetodsrmt.dll