Is my machine infected?

[DavidC]

Hello, I use both Avira AntiVir and MBAM to keep my PC secure. In the last few days I have repeatedly been getting AntiVir detections of malware whenever I browse the internet, including:

HEUR/HTML.Malware(heuristic)

HTML/Spoofing.Gen(virus)

HTML/Infected.Webpage.Gen(virus)

In each case I have selected the "Move to Quarantine" option but I am still getting the alerts. I have performed full scans with MBAM and found nothing.

Are these false positives or is my machine infected with someting? Also the other day my computer shut itself down for no obvious reason while I was surfing the web, which increased my nervousness. I was hoping someone here would be kind enough to take a look at my logs and let me know if you spot anything untoward?

Hijack ThisLog:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:35:22, on 05/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Acer\LANScope Agent\awServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Empowering Technology\eLock\LockServ.exe

C:\Acer\LANScope Agent\LockKM.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\O2\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\SysMonitor.exe

C:\Acer\LANScope Agent\awtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\O2\bin\sprtcmd.exe

C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.broadband.o2.co.uk

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Acer ODDSpeedControl - TODO: <????> - C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--

End of file - 12360 bytes

MBAM Log:

Malwarebytes' Anti-Malware 1.40

Database version: 2563

Windows 5.1.2600 Service Pack 3

05/08/2009 12:12:14

mbam-log-2009-08-05 (12-12-14).txt

Scan type: Quick Scan

Objects scanned: 101462

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[AdvancedSetup]

Please let me know if you still need help with this.

[DavidC]

Hi,

To be honest I'm not sure whether I have a problem or not. My computer has been running fine but when I was surfing the web today I got two detection warnings for HEUR/HTML. Malware. I have read online that Avira AntiVir sometimes has trouble with certain types of web scripts and erroneously identifies them as viruses so maybe that's what's going on here. I was just hoping that maybe one of the experts on this forum could take a look at my logs to make sure there's nothing nasty lurking on my machine.

[AdvancedSetup]

Nothing obvious there that I see.

Please temporarily disable your current AV and run this Online AV scanner and post back the log.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  
• Click Start
  
• Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  
• Click Scan
  
• Wait for the scan to finish
  
• Re-enable your Anvirisus software.
  
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  

[DavidC]

Okay, here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.5889

# api_version=3.0.2

# EOSSerial=4dc000f6a1b6624d9249efe867c47660

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-08-11 01:41:12

# local_time=2009-08-11 02:41:12 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1027 62 0 7 135362280312500

# compatibility_mode=1797 21 100 100 546786718750

# compatibility_mode=6401 61 100 100 208628949687500

# scanned=77324

# found=0

# cleaned=0

# scan_time=966

[AdvancedSetup]

That found nothing either. You appear to be clean at this time.

[DavidC]

Okay, that's a relief.

Thank you for your help.

[AdvancedSetup]

No problem, you're quite welcome. Take care.