Free Malware Removal Forum

[FabienO]

Hi, I keep getting AVG telling me there's this "moneyuk1.exe" virus on my PC and I've tried so many scans to remove it, obviously, none have any luck.

I am on Windows 7, which GMER doesn't work for, it either crashes or BSOD's me. So I can't provide a GMER log, I do have a DDS report and Attach.txt though....

I seem to be getting a lot of random windows popping up in my browser. The moneyuk1.exe seems to happen every 5 minutes too...

Please lend me a hand.

[FabienO]

Here's the Hijack this log because I got "Sorry, the board attachment quota has been reached."

http://www.fabieno.com/hijackthis.txt

And DDS report...

DDS (Ver_09-12-01.01) - NTFSx86
Run by Fabien at 16:04:35.35 on 12/01/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1224 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fabien\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.Google.co.uk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\FFExternalAlert.dll
FF - component: c:\users\fabien\appdata\roaming\mozilla\firefox\profiles\79n8mkov.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\fabien\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-10 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-10 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-10 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-10 360584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/10 12:40:30];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-10 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-10 285392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-12 16:00:59 32 ----a-w- c:\users\fabien\defogger_reenable
2010-01-11 20:07:48 0 d-----w- c:\users\fabien\appdata\roaming\Malwarebytes
2010-01-11 20:07:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 20:07:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 20:07:42 0 d-----w- c:\programdata\Malwarebytes
2010-01-11 20:07:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 17:27:45 0 d-----w- c:\users\fabien\appdata\roaming\FreeFixer
2010-01-11 15:08:20 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-11 15:08:20 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 12:24:30 0 d-sh--w- c:\users\fabien\appdata\roaming\lowsec
2010-01-11 11:07:04 0 d-----w- c:\programdata\Lavasoft
2010-01-10 20:45:28 12 ----a-w- c:\windows\system32\DROPPEDFILEOKppi2.tmp
2010-01-10 17:21:19 0 d--h--w- C:\$AVG
2010-01-10 17:21:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-10 17:21:14 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-10 17:21:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-10 17:21:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-10 17:21:05 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-10 17:20:54 0 d-----w- c:\programdata\avg9
2010-01-10 17:14:23 8 ----a-w- c:\windows\system32\SystemDirectory.tmp
2010-01-08 09:02:35 0 d-----w- c:\program files\Fraps
2010-01-08 04:18:48 0 d-----w- c:\program files\Core Services
2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-22 14:05:15 0 d-----w- C:\Xbox 360 movies
2009-12-20 12:34:58 0 d-----w- c:\users\fabien\appdata\roaming\OpenOffice.org
2009-12-20 12:33:34 0 d-----w- c:\program files\JRE
2009-12-20 12:33:21 0 d-----w- c:\program files\OpenOffice.org 3
2009-12-19 09:17:17 0 d-----w- c:\program files\PSPad editor
2009-12-18 08:47:52 0 d-sh--w- c:\windows\ftpcache
2009-12-18 08:37:10 0 d-----w- c:\users\fabien\appdata\roaming\Blumentals
2009-12-18 07:59:34 737280 ----a-w- c:\windows\iun6002.exe
2009-12-15 08:02:29 0 d-----w- c:\program files\AVG
2009-12-15 05:16:06 15687 ----a-w- C:\BdUninstallTool2009.12.15-05.16.06.reg
2009-12-15 05:11:13 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-12-17 11:06:38 20048 ----a-w- c:\windows\fonts\FBSBLTC.TTF
2009-11-21 09:30:06 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-11-10 12:42:17 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-09 18:59:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-22 04:44:42 760368 ----a-w- c:\windows\system32\vnetlib.dll
2009-10-22 04:44:24 395824 ----a-w- c:\windows\system32\vmnat.exe
2009-10-22 04:44:08 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2009-10-22 03:22:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2009-10-22 00:13:32 59952 ----a-w- c:\windows\system32\vnetinst.dll
2009-10-22 00:13:32 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:05:35.19 ===============

[NonSuch]

While we appreciate that you very likely posted at multiple forums in order to ensure a response, that only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems. Although there are many forums that handle HijackThis logs, there are not so many helpers; most of us help out at several forums. In addition, the results may not work out so well when you're following different instructions from different helpers. They may suggest different approaches for the same problem, all of which may be good; however, system conflicts may arise if different fixes for the same problem are applied simultaneously.

In the future, for your sake as well as ours, please refrain from requesting help from multiple forums. Choose one, and stick with that one until they've resolved your problem.

This topic is now closed.

You can help support this site from this link :
Donations For Malware Removal