i think im infected

[computeruler]

my firewall keeps asking me to allow or block something called HDVideoCodec_ver1.50065006.0.exe its tryign to access tons of apps like ati ccc and opendns and cmd and all sorts of things ive never installed anything like that at all is it maleware?

[CBMatt]

It could possibly be an infection.  It doesn't look like one, but I can't find anything about the file.  Go ahead and follow these steps:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[computeruler]

hmm o well superantivirus found 3 trojens and seems to have goten rid of them

[CBMatt]

What about a HJT log?

[computeruler]

oo you want one ok

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:19 PM, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kevin\Application Data\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\GameTap\bin\Release\gametap.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
X:\program files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Kevin\Application Data\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6629 bytes

[evilfantasy]

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

Code: [Select]

C:\Program Files\AIM6\aolsoftware.exe2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
[color="Red"]Important:[/color] Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.

[computeruler]

VirSCAN.org Scanned Report :
Scanned time   : 2008/09/27 01:06:14 (EDT)
Scanner results: All Scanners reported not find malware!
File Name      : aolsoftware.exe
File Size      : 41824 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : c32c2fe355cc3a94183db50179664a04
SHA1           : 7a5df0a5a3f56bc97f260fa8475ef3533840c2a 0
Online report  : http://virscan.org/report/85ca74352fa10d8e1fee97bbc56feabf.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.0.0.14        2008.09.25        2008-09-25  1.43   -
AhnLab V3      2008.09.27.00   2008.09.27        2008-09-27  0.91   -
AntiVir        7.8.1.34        7.0.6.218         2008-09-26  5.89   -
Arcavir        1.0.5           200809261825      2008-09-26  3.00   -
Authentium     5.1.1           200809241708      2008-09-24  1.05   -
AVAST!         3.0.1           080926-0          2008-09-26  0.01   -
AVG            7.5.52.442      270.7.3/1694      2008-09-26  3.48   -
BitDefender    7.60825.1818374 7.21055           2008-09-27  5.48   -
CA (VET)       9.0.0.143       31.6.6111         2008-09-26  2.25   -
ClamAV         0.94            8345              2008-09-27  0.10   -
Comodo         2.11            2.0.0.658         2008-09-26  0.66   -
CP Secure      1.1.0.715       2008.09.27        2008-09-27  12.94  -
Dr.Web         4.44.0.9170     2008.09.27        2008-09-27  4.17   -
ewido          4.0.0.2         2008.09.26        2008-09-26  2.96   -
F-Prot         4.4.4.56        20080926          2008-09-26  6.32   -
F-Secure       5.51.6100       2008.09.26.10     2008-09-26  0.14   -
Fortinet       2.81-3.113      9.592             2008-09-26  0.38   -
ViRobot        20080926        2008.09.26        2008-09-26  1.22   -
Ikarus         T3.1.01.34      2008.09.26.71536  2008-09-26  8.39   -
JiangMin       11.0.706        2008.09.26        2008-09-26  1.42   -
Kaspersky      5.5.10          2008.09.26        2008-09-26  0.23   -
KingSoft       2008.1.14.15    2008.9.26.17      2008-09-26  0.79   -
McAfee         5.3.00          5393              2008-09-26  3.48   -
Microsoft      1.3903          2008.09.27        2008-09-27  3.97   -
mks_vir        2.01            2008.09.26        2008-09-26  4.97   -
Norman         5.93.01         5.93.00           2008-09-18  8.28   -
Panda          9.05.01         2008.09.26        2008-09-26  3.57   -
Trend Micro    8.700-1004      5.568.20          2008-09-26  0.03   -
Quick Heal     9.50            2008.09.27        2008-09-27  1.98   -
Rising         20.0            20.63.50.00       2008-09-27  0.81   -
Sophos         2.79.0          4.34              2008-09-27  3.39   -
Sunbelt        3.1.1675.1      2261              2008-09-26  0.44   -
Symantec       1.3.0.24        20080926.003      2008-09-26  0.05   -
nProtect       2008-09-26.00   2173927           2008-09-26  4.20   -
The Hacker     6.3.0.9         v00094            2008-09-25  0.46   -
VBA32          3.12.8.6        20080926.1203     2008-09-26  2.46   -
VirusBuster    4.5.11.10       10.88.8/635865    2008-09-26  1.96   -



nothing its just aim

[evilfantasy]

There is also a worm with the same file name and spelled like that so I wanted to check to be sure.

Worm aolsoftware.exe

Legit AOLSoftware.exe

Looks like your is just spelled like that...

The log is clean.

[computeruler]

good!! thanks people!