I was browsing the web when my Google Chrome crashed (buffer overrun?) and my Avast! Anti virus began movie 40-50 files to my chest. All of witch were in the Drivers folder. It identified all of them as Win32: Qandr Rootkit.
It, at first, looked like it got it however I am stiff unable to start Google Chrome and inside of Firefox (what I am using now) I receive random advertisement tabs.
I did a full scan in safe mode with Avast, nothing came up. I also installed a plethora of other "Rootkit removers" all of witch can find no threat.
I ran DDS. Here is the output:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Alec Larsen at 12:54:07.97 on Wed 06/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.987.260 [GMT -5:00]
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\andLinux\colinux-daemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\andLinux\colinux-slirp-net-daemon.exe
C:\Program Files\andLinux\colinux-net-daemon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Users\Alec Larsen\AppData\Local\Temp\rwjbcd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\Spywareterminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Alec Larsen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [liveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\alecla~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\alecla~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pidgin.lnk - c:\program files\pidgin\pidgin.exe
uPolicies-system: TextValue = a7b9d9cffb24998fd4c097f505b2027a
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://win7pro.vlabcenter.com/ActiveX/VMRCActiveXClient1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-24 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-24 50256]
R2 CoLinuxDriver;CoLinuxDriver;c:\program files\andlinux\linux.sys [2010-6-24 84992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
=============== Created Last 30 ================
2010-06-30 17:52:19 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-29 23:33:24 0 d-----w- c:\users\alecla~1\appdata\roaming\Malwarebytes
2010-06-29 23:33:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 23:33:09 0 d-----w- c:\programdata\Malwarebytes
2010-06-29 23:33:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 23:33:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 19:02:28 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 18:46:48 0 d-----w- c:\windows\system32\wbem\repository
2010-06-29 18:41:52 65536 --sha-w- c:\users\alec larsen\ntuser.dat{a0d37932-83ab-11df-9e92-005056c00008}.TM.blf
2010-06-29 18:41:52 524288 --sha-w- c:\users\alec larsen\ntuser.dat{a0d37932-83ab-11df-9e92-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2010-06-29 18:41:52 524288 --sha-w- c:\users\alec larsen\ntuser.dat{a0d37932-83ab-11df-9e92-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2010-06-29 17:37:59 161106861 ----a-w- c:\windows\MEMORY.DMP
2010-06-28 00:47:19 0 d-----w- c:\program files\IObit
2010-06-28 00:19:22 0 d-----w- c:\program files\MediaMall
2010-06-28 00:19:22 0 d-----w- c:\program files\common files\TV-Websites
2010-06-28 00:19:08 0 d-----w- c:\programdata\MediaMall
2010-06-27 22:24:17 0 d-----w- c:\program files\sterm
2010-06-27 21:05:42 0 d-----w- c:\program files\MSXML 4.0
2010-06-27 20:53:36 0 d-----w- c:\program files\Windows Installer Clean Up
2010-06-27 19:56:57 0 d-----w- c:\users\alecla~1\appdata\roaming\SoftGrid Client
2010-06-27 04:41:05 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-06-27 04:41:05 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-06-27 04:41:05 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-06-27 04:41:05 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-27 04:41:05 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-06-27 04:28:43 0 d-----w- c:\programdata\LogMeIn
2010-06-27 04:28:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-27 04:28:27 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-06-27 04:28:27 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-27 04:28:24 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-27 04:27:59 0 d-----w- c:\program files\LogMeIn
2010-06-26 21:32:58 0 d-----w- c:\users\alecla~1\appdata\roaming\TP
2010-06-26 17:28:58 0 d-----w- c:\program files\MGTEK
2010-06-26 17:28:58 0 d-----w- c:\program files\common files\MGTEK
2010-06-26 17:28:23 0 d-----w- c:\programdata\MGTEK
2010-06-26 17:08:24 0 d-----w- c:\program files\NaturalSoft
2010-06-26 16:58:37 0 d-----w- c:\program files\Text2mp3
2010-06-26 03:21:28 24576 ----a-w- c:\windows\system32\anotherRunAs.exe
2010-06-26 03:07:17 172032 ----a-w- c:\windows\system32\runasloc.ocx
2010-06-26 03:07:17 0 d-----w- c:\program files\Steel RunAs
2010-06-25 04:02:39 25856 ----a-w- c:\windows\system32\drivers\tap0801co.sys
2010-06-25 04:00:04 0 d-----w- c:\program files\andLinux
2010-06-23 20:13:28 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:13:28 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 20:13:28 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 20:13:28 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 20:13:28 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 04:26:04 0 d-----w- C:\My Drivers
2010-06-23 04:26:04 0 d-----w- C:\Innovative Solutions
2010-06-23 02:39:42 285696 ------w- c:\windows\system32\Cncs232.dll
2010-06-23 02:39:38 0 d-----w- c:\windows\COREL
2010-06-23 02:39:38 0 d-----w- C:\MMFusion
2010-06-23 02:12:16 0 d-----w- c:\program files\NSIS
2010-06-23 02:03:18 0 d-----w- c:\program files\Install Creator
2010-06-23 01:44:17 0 d-----w- c:\users\alecla~1\appdata\roaming\Easeware
2010-06-23 01:44:03 0 d-----w- c:\program files\Easeware
2010-06-23 00:53:30 0 d-----w- c:\programdata\Innovative Solutions
2010-06-23 00:53:14 0 d-----w- c:\program files\Innovative Solutions
2010-06-23 00:48:54 0 d-----w- c:\program files\SystemRequirementsLab
2010-06-23 00:44:17 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 00:44:15 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 00:44:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 00:44:12 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-06-20 02:52:52 2270208 ----a-w- c:\windows\system32\copyurl.exe
2010-06-18 23:38:18 0 d-----w- C:\mounted_images
2010-06-17 02:59:29 0 d-----w- c:\program files\Super Fast Shutdown
2010-06-17 01:12:32 0 d-----w- c:\program files\Cain
2010-06-17 00:47:32 52 ----a-w- c:\windows\system32\winpeshl.ini
2010-06-16 03:21:43 0 d-----w- c:\program files\Windows Imaging
2010-06-16 02:56:05 524288 --sha-w- c:\users\alec larsen\ntuser.dat{a08aa64f-78f2-11df-b1e4-005056c00008}.TMContainer00000000000000000002.regtrans-ms
2010-06-16 02:56:05 524288 --sha-w- c:\users\alec larsen\ntuser.dat{a08aa64f-78f2-11df-b1e4-005056c00008}.TMContainer00000000000000000001.regtrans-ms
2010-06-16 02:56:04 65536 --sha-w- c:\users\alec larsen\ntuser.dat{a08aa64f-78f2-11df-b1e4-005056c00008}.TM.blf
2010-06-16 02:37:35 0 d-----w- c:\users\alecla~1\appdata\roaming\Spyware Terminator
2010-06-16 02:37:32 0 d-----w- c:\programdata\Spyware Terminator
2010-06-16 02:37:30 0 d-----w- c:\program files\Spyware Terminator
2010-06-16 01:51:06 0 d-----w- c:\program files\Windows AIK
2010-06-16 01:44:28 0 d-----w- c:\program files\Sophos
2010-06-16 00:05:56 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-15 23:25:26 0 d-----w- c:\program files\MSECache
2010-06-15 18:51:26 0 d-----w- c:\program files\UltraISO
2010-06-15 18:09:19 0 d-----w- c:\program files\EASEUS
2010-06-13 05:00:36 0 d-----w- c:\program files\Advantig
2010-06-11 17:02:35 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 17:02:34 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 17:02:23 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 17:02:14 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 17:02:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:26:25 0 d-----w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}
2010-06-11 04:26:16 0 d-----w- c:\program files\LiveZilla
2010-06-07 04:11:02 0 d--h--w- c:\users\alec larsen\.zenmap
2010-06-07 03:50:43 0 d-----w- c:\program files\Nmap
2010-06-07 03:46:43 0 d-----w- c:\program files\Metasploit
2010-06-05 18:02:33 0 d-----w- c:\program files\TweetDeck
2010-06-04 22:32:45 0 d-----w- c:\programdata\Recovery
2010-06-04 19:49:14 12866560 ----a-w- C:\shell32.dll
2010-06-04 00:04:10 48836 ----a-w- c:\users\alec larsen\AlecBeta.contact
2010-06-03 21:43:23 0 d-----w- c:\users\alecla~1\appdata\roaming\lyx16
2010-06-03 04:03:31 0 d-----w- c:\users\alecla~1\appdata\roaming\MiKTeX
2010-06-03 03:28:47 0 d-----w- c:\programdata\MiKTeX
2010-06-03 03:24:30 0 d-----w- c:\program files\MiKTeX 2.8
2010-06-03 03:18:17 0 d-----w- c:\programdata\Aspell
2010-06-03 03:17:26 0 d-----w- c:\program files\LyX16
2010-06-03 03:13:08 0 d-----w- c:\program files\LEd
==================== Find3M ====================
2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-01 02:53:03 380928 ----a-w- C:\lame_enc.dll
2010-05-21 19:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-21 02:26:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-14 23:06:37 41380 ----a-w- c:\windows\fonts\Bauhaus.ttf
2010-05-11 01:54:39 215628 ----a-w- c:\windows\fonts\Fluox__.ttf
2010-05-09 08:01:42 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-05 16:47:44 51556 ----a-w- c:\windows\fonts\Fineliner Script.otf
2010-04-04 03:18:32 133344 ----a-w- c:\windows\fonts\BROKEN_GHOST.ttf
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-29 23:18:56 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-29 23:18:56 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-29 23:18:56 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-29 23:18:56 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 12:59:27.88 ===============
What can I do to fix this?