Member Panel

Hi I read and did all you guys said on
http://www.pchelpforum.com/hijackthi...a-prework.html
When AVG finished the update it didn´t say "Update succesfull message" but i tried to update again and it update the avgas.exe file and then i tried to update again and it said "no update was avaiable".
I think i am infected with "winupsvc".
I use Windows XP SP2.
Please if you guys see I am infected with more things than "winupsvc", help me solve the problem.
Thank you in advance,
Pedro Luiz
Sorry about the english, still learning.
On AVG Scan "Not-A-Virus.Monitor.Win32.007SpySoft.308" it´s not a virus it´s part of a program i installed to monitor people using my pc.

Logs are attached.

Hello Pedro

Welcome to PC Help Forums

Please do not apologise regarding your ability to speak English, it is very good.
A Hijack This specialist will assist you with this problem as soon as they come online.
Please be patient. Thank you.

Hi I see that you guys still dont have time to help me.
So i decided to download Spy Sweeper too, to try to make things easier.

When you guys say:
From the left pane, click Options.
Select the Sweep Options tab & ensure the following are ticked:
Windows Registry
Memory objects
Cookies
Compressed files
Do Not select System Restore Folder
Sweep All Users accounts
Enable Direct Disk Sweeping
Sweep For Rootkits

It´s that i have to tick:
Windows Registry
Memory objects
Cookies
Compressed files

And do not tick:
Do Not select System Restore Folder
Sweep All Users accounts
Enable Direct Disk Sweeping
Sweep For Rootkits

Or i have only TO NOT tick:
Virus Sweep(it´s disabled), Rootkits and System Restore Folder

Anyway i will make a "Full Sweep Scan" and attach here. But if i have to change settings, tell me then i change and post another log.

Thanks again,
Pedro Luiz

Hello......

Please download the Killbox.
Run Killbox, left click and drag you mouse over the highlighted files below (including filepath) then right click and choose Copy (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. Next click on > "Delete on Reboot" and click on "All Files". Please do this even if this option is already checked. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot


C:\WINDOWS\system32\winsecurityxp\mswinup.exe


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [MSWindowsUpdate] C:\WINDOWS\system32\winsecurityxp\mswinup.exe

Reboot and post a new HJT log....

Hi Spy Sweeper found:
System Monitor found: ufp 007 spy
System Monitor found: spyanytime pcspy
But
System Monitor found: ufp 007 spy
I think its from the program 007 spy software i installed so no problem with it.
But is aw the log and i think it´s not a part of 007 spy.
But
System Monitor found: spyanytime pcspy
I don´t know if it´s from 007 spy software.(If it´s part of 007 spy if i delete it the program may not work anymore).
So i don´t know if it´s secure or not.
Spy Sweeper didn´t found the rootkit AVG found because i coudln´t tick Rootkit on Spy Sweeper.(And i do not know the reason)

I set Spy Sweeper to fix all.
The log is attached.

Weird i THink Spy Sweeper cleaned all, cause i coudln´t delete the file because it disappeared and it´s not showing anymore on hijacksthis.

Here is the log.

One more to fix then all done


Run Killbox, left click and drag you mouse over the highlighted files below (including filepath) then right click and choose Copy (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. Next click on > "Delete on Reboot" and click on "All Files". Please do this even if this option is already checked. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot


C:\WINDOWS\system32\mswinup.exe


Reboot and post a new HJT log...