Jump to content

moneyuk1.exe

Fabien

By Fabien
in Resolved Malware Removal Logs

 Share

Recommended Posts

Fabien

Fabien

Posted
Posted

Hi, I keep getting AVG telling me there's this "moneyuk1.exe" virus on ym PC and I've tried so many scans to remove it, obviously, none have any luck.

I am on Windows 7, which GMER doesn't work for, it either crashes or BSOD's me. So I can't provide a GMER log, I do have the DDS report and Attach.txt though....

I seem to be getting a lot of random windows popping up in my browser. The moneyuk1.exe seems to happen every 5 minutes too...

Please lend me a hand.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Fabien at 16:04:35.35 on 12/01/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1224 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\PSPad editor\PSPad.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\DllHost.exe

C:\Users\Fabien\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2494658&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - YouTube

FF - prefs.js: browser.startup.homepage - hxxp://www.Google.co.uk

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\FFExternalAlert.dll

FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\RadioWMPCore.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\users\fabien\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-10 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-10 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-10 28424]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-10 360584]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/10 12:40:30];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]

R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-10 906520]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-10 285392]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-12 16:00:59 32 ----a-w- c:\users\fabien\defogger_reenable

2010-01-11 20:07:48 0 d-----w- c:\users\fabien\appdata\roaming\Malwarebytes

2010-01-11 20:07:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-11 20:07:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-11 20:07:42 0 d-----w- c:\programdata\Malwarebytes

2010-01-11 20:07:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-11 17:27:45 0 d-----w- c:\users\fabien\appdata\roaming\FreeFixer

2010-01-11 15:08:20 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-01-11 15:08:20 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-01-11 12:24:30 0 d-sh--w- c:\users\fabien\appdata\roaming\lowsec

2010-01-11 11:07:04 0 d-----w- c:\programdata\Lavasoft

2010-01-10 20:45:28 12 ----a-w- c:\windows\system32\DROPPEDFILEOKppi2.tmp

2010-01-10 17:21:19 0 d--h--w- C:\$AVG

2010-01-10 17:21:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-10 17:21:14 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-01-10 17:21:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-10 17:21:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-10 17:21:05 0 d-----w- c:\windows\system32\drivers\Avg

2010-01-10 17:20:54 0 d-----w- c:\programdata\avg9

2010-01-10 17:14:23 8 ----a-w- c:\windows\system32\SystemDirectory.tmp

2010-01-08 09:02:35 0 d-----w- c:\program files\Fraps

2010-01-08 04:18:48 0 d-----w- c:\program files\Core Services

2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-12-22 14:05:15 0 d-----w- C:\Xbox 360 movies

2009-12-20 12:34:58 0 d-----w- c:\users\fabien\appdata\roaming\OpenOffice.org

2009-12-20 12:33:34 0 d-----w- c:\program files\JRE

2009-12-20 12:33:21 0 d-----w- c:\program files\OpenOffice.org 3

2009-12-19 09:17:17 0 d-----w- c:\program files\PSPad editor

2009-12-18 08:47:52 0 d-sh--w- c:\windows\ftpcache

2009-12-18 08:37:10 0 d-----w- c:\users\fabien\appdata\roaming\Blumentals

2009-12-18 07:59:34 737280 ----a-w- c:\windows\iun6002.exe

2009-12-15 08:02:29 0 d-----w- c:\program files\AVG

2009-12-15 05:16:06 15687 ----a-w- C:\BdUninstallTool2009.12.15-05.16.06.reg

2009-12-15 05:11:13 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-12-17 11:06:38 20048 ----a-w- c:\windows\fonts\FBSBLTC.TTF

2009-11-21 09:30:06 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-10 12:42:17 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-11-09 18:59:31 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-22 04:44:42 760368 ----a-w- c:\windows\system32\vnetlib.dll

2009-10-22 04:44:24 395824 ----a-w- c:\windows\system32\vmnat.exe

2009-10-22 04:44:08 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe

2009-10-22 03:22:38 252464 ----a-w- c:\windows\system32\vmnc.dll

2009-10-22 00:13:32 59952 ----a-w- c:\windows\system32\vnetinst.dll

2009-10-22 00:13:32 51248 ----a-r- c:\windows\system32\vmnetbridge.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:05:35.19 ===============

Attach.zip

Link to post
Share on other sites
DT1

DT1

Posted
Posted

Please can anyone help with some intstructions on how to eliminate this nuisance that causes AVG to keep throwing up a "Threat" window warning of 193.104.153.30/download/moneyuk1.exe

The "Combo Fix" results are meaningless to me I am afraid.

This nuisance has been inhabiting my friend's computer for about 5 days now!

Thank you, Victor.

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.