Fabien

moneyuk1.exe

3 posts in this topic

Hi, I keep getting AVG telling me there's this "moneyuk1.exe" virus on ym PC and I've tried so many scans to remove it, obviously, none have any luck.

I am on Windows 7, which GMER doesn't work for, it either crashes or BSOD's me. So I can't provide a GMER log, I do have the DDS report and Attach.txt though....

I seem to be getting a lot of random windows popping up in my browser. The moneyuk1.exe seems to happen every 5 minutes too...

Please lend me a hand.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Fabien at 16:04:35.35 on 12/01/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1224 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\vmnat.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\PSPad editor\PSPad.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\DllHost.exe

C:\Users\Fabien\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2494658&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - YouTube

FF - prefs.js: browser.startup.homepage - hxxp://www.Google.co.uk

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\FFExternalAlert.dll

FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\RadioWMPCore.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\users\fabien\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-10 161800]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-10 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-10 28424]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-10 360584]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/10 12:40:30];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]

R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-10 906520]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-10 285392]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-12 16:00:59 32 ----a-w- c:\users\fabien\defogger_reenable

2010-01-11 20:07:48 0 d-----w- c:\users\fabien\appdata\roaming\Malwarebytes

2010-01-11 20:07:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-11 20:07:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-11 20:07:42 0 d-----w- c:\programdata\Malwarebytes

2010-01-11 20:07:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-11 17:27:45 0 d-----w- c:\users\fabien\appdata\roaming\FreeFixer

2010-01-11 15:08:20 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-01-11 15:08:20 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-01-11 12:24:30 0 d-sh--w- c:\users\fabien\appdata\roaming\lowsec

2010-01-11 11:07:04 0 d-----w- c:\programdata\Lavasoft

2010-01-10 20:45:28 12 ----a-w- c:\windows\system32\DROPPEDFILEOKppi2.tmp

2010-01-10 17:21:19 0 d--h--w- C:\$AVG

2010-01-10 17:21:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-10 17:21:14 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-01-10 17:21:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-10 17:21:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-10 17:21:05 0 d-----w- c:\windows\system32\drivers\Avg

2010-01-10 17:20:54 0 d-----w- c:\programdata\avg9

2010-01-10 17:14:23 8 ----a-w- c:\windows\system32\SystemDirectory.tmp

2010-01-08 09:02:35 0 d-----w- c:\program files\Fraps

2010-01-08 04:18:48 0 d-----w- c:\program files\Core Services

2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-12-22 14:05:15 0 d-----w- C:\Xbox 360 movies

2009-12-20 12:34:58 0 d-----w- c:\users\fabien\appdata\roaming\OpenOffice.org

2009-12-20 12:33:34 0 d-----w- c:\program files\JRE

2009-12-20 12:33:21 0 d-----w- c:\program files\OpenOffice.org 3

2009-12-19 09:17:17 0 d-----w- c:\program files\PSPad editor

2009-12-18 08:47:52 0 d-sh--w- c:\windows\ftpcache

2009-12-18 08:37:10 0 d-----w- c:\users\fabien\appdata\roaming\Blumentals

2009-12-18 07:59:34 737280 ----a-w- c:\windows\iun6002.exe

2009-12-15 08:02:29 0 d-----w- c:\program files\AVG

2009-12-15 05:16:06 15687 ----a-w- C:\BdUninstallTool2009.12.15-05.16.06.reg

2009-12-15 05:11:13 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-12-17 11:06:38 20048 ----a-w- c:\windows\fonts\FBSBLTC.TTF

2009-11-21 09:30:06 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-10 12:42:17 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-11-09 18:59:31 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-22 04:44:42 760368 ----a-w- c:\windows\system32\vnetlib.dll

2009-10-22 04:44:24 395824 ----a-w- c:\windows\system32\vmnat.exe

2009-10-22 04:44:08 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe

2009-10-22 03:22:38 252464 ----a-w- c:\windows\system32\vmnc.dll

2009-10-22 00:13:32 59952 ----a-w- c:\windows\system32\vnetinst.dll

2009-10-22 00:13:32 51248 ----a-r- c:\windows\system32\vmnetbridge.dll

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:05:35.19 ===============

Attach.zip

Share this post


Link to post
Share on other sites

Please can anyone help with some intstructions on how to eliminate this nuisance that causes AVG to keep throwing up a "Threat" window warning of 193.104.153.30/download/moneyuk1.exe

The "Combo Fix" results are meaningless to me I am afraid.

This nuisance has been inhabiting my friend's computer for about 5 days now!

Thank you, Victor.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.