My computer started acting funny. I ran Malwarebytes Anti-Malware and it quarantined a bunch of stuff. Then if found more and then AVG started quaranting stuff. Here are the logs in order Malwarebyte and AVG. Thanks for your help!
Malwarebytes' Anti-Malware 1.36
Database version: 2178
Windows 5.1.2600 Service Pack 3
2/11/2010 11:59:04 AM
mbam-log-2010-02-11 (11-59-04).txt
Scan type: Quick Scan
Objects scanned: 94510
Time elapsed: 6 minute(s), 19 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dspngodp.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\dspngodp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
=============================================================
Malwarebytes' Anti-Malware 1.36
Database version: 2178
Windows 5.1.2600 Service Pack 3
2/11/2010 3:27:48 PM
mbam-log-2010-02-11 (15-27-48).txt
Scan type: Full Scan (C:\|Q:\|)
Objects scanned: 238174
Time elapsed: 1 hour(s), 22 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
===========================================================
From AVG=
Scan "Scan whole computer" was finished.
Infections;"4";"4";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Thursday, February 11, 2010, 10:11:59 PM"
Scan finished:;"Friday, February 12, 2010, 1:59:54 AM (3 hour(s) 47 minute(s) 55 second(s))"
Total object scanned:;"653641"
User who launched the scan:;"Administrator"
Infections
File;"Infection";"Result"
C:\System Volume Information\_restore{E0526332-88E5-4929-B7F1-A7481BFE1761}\RP430\A0056332.dll;"Trojan horse BackDoor.Generic12.AFPW";"Moved to Virus Vault"
C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip:\sdra64.exe;"Trojan horse SpamTool.CWX";"Moved to Virus Vault"
C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip;"Trojan horse SpamTool.CWX";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Local Settings\temp\JxVJ.exe;"Trojan horse Agent2.AIHU";"Moved to Virus Vault"
=======================================================
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
2/16/2010 10:35:11 PM
mbam-log-2010-02-16 (22-35-11).txt
Scan type: Full Scan (C:\|Q:\|)
Objects scanned: 270866
Time elapsed: 2 hour(s), 0 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2a7dbd07-22ee-48ac-b62e-c8ad3bfcb534}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35c21b25-3d04-4b5a-89c3-af59b356e833}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7acca237-9864-490f-b208-ddf599a656dc}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7acca237-9864-490f-b208-ddf599a656dc}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b8227268-e59c-42b8-ae47-8eed88259cc0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b8227268-e59c-42b8-ae47-8eed88259cc0}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.254 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f2dc89db-5bea-4b8f-8e53-36a33255c6ef}\NameServer (Trojan.DNSChanger) -> Data: 213.174.139.72,192.168.1.254 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\Program Files\websrvx\websrvx.exe.vir (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sysloc\sysloc.dll.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
=======================================================
From AVG =
Scan "Command line scan" was finished.
Information;"11"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Tuesday, February 16, 2010, 7:55:48 AM"
Scan finished:;"Tuesday, February 16, 2010, 7:55:48 AM"
Total object scanned:;"0"
User who launched the scan:;"Administrator"
Information
File;"Information";"Result"
C:\pagefile.sys;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\NetworkService\ntuser.dat.LOG;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\NetworkService\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\All Users\Application Data\avg9\Log\d2272f73-40fe-4517-9d47-c44a73b8dc0e;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\All Users\Application Data\avg9\Log\2db1cfa3-0cd2-41eb-a95c-abf9cdca584a;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\Administrator\ntuser.dat.LOG;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\Administrator\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG;"Locked file. Not tested.";"Locked file. Not tested."
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat;"Locked file. Not tested.";"Locked file. Not tested."
================================================================
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
2/17/2010 7:26:22 AM
mbam-log-2010-02-17 (07-26-22).txt
Scan type: Full Scan (C:\|Q:\|)
Objects scanned: 271376
Time elapsed: 1 hour(s), 51 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
=======================================================
AVG was clean after that as well.
Then AVG strated popping up saying I was infected by:
Trojan horse Hiloti.V - C:\WINDOWS\ahizadut.dll
All AVG and Malwarebytes scans say I am clean but I don't believe it. My Memory is still being used up at 100% when I have no programs running.
Sometimes when I search Google and click on the search results link I expect to go to a website it sends me to some random advertisment.