Zinedane

Doing it now. thanks

Hello and thank you for the quick response, May I be assured that the Spyware.PasswordStealer is not really Windows Update? or an important part of windows update? Thank you

Did a scan earlier due to my twitter account being compromised but I don't know if it was just coincidence since this pc belongs to my dad and hasn't been scanned in ages. Here's a copy of the scan results. I'm quite worried as although it's labeled as Spyware.PasswordStealer, It is a value in the registry and as can be seen I am sure that it is the WinUpdate/Windows Update key. I see some other PUP's there too but I'm only most hesitant on the Spyware.PasswordStealer and Trojan.Malpack.VB which is a svchost.exe Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/17/2016Scan Time: 1:26 PMLogfile: scanned.txtAdministrator: Yes Version: 2.2.0.1024Malware Database: v2016.01.16.05Rootkit Database: v2016.01.09.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7CPU: x64File System: NTFSUser: Torres Scan Type: Threat ScanResult: CompletedObjects Scanned: 802981Time Elapsed: 4 hr, 53 min, 45 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\avaxvyyvyf, , [5df82119881163d36a05b17449bb9868], PUP.Optional.SProtector, HKLM\SOFTWARE\WOW6432NODE\SProtector, , [11440535b6e3fa3cd7b9e9bd7a89ff01], PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASAPI32, , [1b3a89b1dbbe0b2bacbf9c89887cef11], PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASMANCS, , [2431ae8c0d8c53e395d663c2c63e58a8], PUP.Optional.YahooVNM, HKU\S-1-5-21-819453736-4280033654-1804472810-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, , [68ede852f7a2082ec23bc91e62a109f7], Registry Values: 2Spyware.PasswordStealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinUpdate, Wscript.exe //e:VBScript "C:\Windows\:Microsoft Office Update for Windows XP.sys", , [f46116241a7f360094a62febf50f50b0]PUP.Optional.YahooVNM, HKU\S-1-5-21-819453736-4280033654-1804472810-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://ph.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151005__yaie&p={searchTerms},, [68ede852f7a2082ec23bc91e62a109f7] Registry Data: 0(No malicious items detected) Folders: 5PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy, , [8bca87b3d1c886b0c7c799fa0ef4718f], PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy\878AA39A63914AD4A83B434E3BAEDE5B, , [8bca87b3d1c886b0c7c799fa0ef4718f], PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, , [84d121193a5fd85e37e87e4cd131b24e], PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, , [84d121193a5fd85e37e87e4cd131b24e], PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, , [84d121193a5fd85e37e87e4cd131b24e], Files: 38Trojan.MalPack.VB, C:\Users\Torres\AppData\Local\svchost.exe, , [8ec73307465380b6298ba3a318e92ed2], Backdoor.Agent.E, C:\ProgramData\Microsoft\Microsoft.lnk, , [71e48eac27722e08d2391ac582803dc3], Worm.Agent, C:\ProgramData\autorun.inf, , [65f0d9611d7ce452c63d1470c53e9d63], PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [89ccae8ceaafff37db81978e21e322de], PUP.Optional.OpenCandy, C:\Users\Torres\AppData\Roaming\OpenCandy\878AA39A63914AD4A83B434E3BAEDE5B\PCTU2015-EN-1day-AID1006075.exe, , [8bca87b3d1c886b0c7c799fa0ef4718f], PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [84d121193a5fd85e37e87e4cd131b24e], PUP.Optional.Babylon, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0), ,[68edd268079291a582ef48915ba953ad]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "ir_14_15_ch"), ,[8cc93307d6c3c86e8e9c93472cd86d93]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (es to this file while the application is running, * the changes will b manual change), ,[4b0a6fcbe7b2fc3aab7f7c5e49bbb44c]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (plication is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.last), ,[75e047f3554454e2c2680fcbc1436a96]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ground-update-timer", 1436073236);user_pref("app), ,[b69f1129b8e1b77ff23886547d87f10f]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is runn), ,[83d2ef4b5a3f9c9adb4f25b53fc55da3]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (hanges to this file while the application is runn), ,[f362e159bbdeca6c7fab12c84aba2bd5]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ke changes to this file while the application is run), ,[96bfd961cacfba7cdb4fddfd45bffd03]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is runn), ,[84d1d664217825119f8bcc0e27dd669a]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (e changes to this file while the application is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1436072996);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1436072636);user_pref("app.update.lastUpdateTime.experiments-update-timer", 1436073116);user_pref("app.update.lastUpd), ,[73e2d268b4e5c2749595b6246a9a5da3]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (timer", 1436073116);user_pref("app.update.lastUpdat), ,[460f1d1d0e8bcb6b2a006e6c51b3af51]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is running, * the changes will b man), ,[0a4bd7632772f83e73b7fae0c1432cd4]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (he application is running, * the changes will b), ,[cb8a9d9d9ffa72c4ae7c964463a1b54b]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ake changes to this file while the application is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.lastUpdateTime.blocklist-background-updat), ,[d28378c21e7bb87e33f73e9c3bc9f808]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (update.lastUpdateTime.blocklist-background-update-timer", 14), ,[7fd658e2b3e62e08999192489f6521df]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (to this file while the application is running, * the c), ,[2c295bdf1188b87e0a201fbb31d3738d]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running, * the), ,[57feee4c6138f93deb3f34a6aa5ab14f]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (s to this file while the application is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer"), ,[0352ee4c78211b1bcb5fbd1dd331e21e]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (p.update.lastUpdateTime.blocklist-background-update-timer", 1436072), ,[eb6a6ccef6a378bed35759814fb5ba46]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: ( file while the application is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1436072996)), ,[c590a298b1e872c40c1e15c59272f20e]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (date.lastUpdateTime.blocklist-background-update-timer", 1436072996);user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1436072636);user_pref("app.update.lastUpdateTime.), ,[e4711d1d6039072f181258827292f30d]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (t:config */ user_pref("DataMngr.Updater.Enabdfind.flashBa), ,[223387b39efb44f2ca600cce838137c9]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: ( to this file while the application is running, * the change), ,[81d4ff3b2079c17563c73c9ee71de818]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (o this file while the application is running, *), ,[3e1751e9d6c3d75f5ecc1dbd7b8951af]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (ake changes to this file while the application is running, * t), ,[fc59e6542f6ab383e347eceeaf55f10f]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (this file while the application is running, * the c), ,[84d18dad544589ad64c68654e1233fc1]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (changes to this file while the application is running, * the changes will b manual change to preferences, you can visit the URL about:config */ user_pref("DataMngr.Updater.Enabdfind.flashBar", 0);useref("aol_toolbar.default.search.check", false);user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436073236);user_pref("app6072876);user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1), ,[99bccc6e53460630e1495189d4306a96]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (lastUpdateTime.blocklist-background-update-timer", 143), ,[a8ad42f8bbde44f284a623b73bc9728e]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (anges to this file while the application is running, *), ,[91c41d1df9a0b086b575cf0beb196997]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running, ), ,[1441dc5e9009bf77f5354b8f26de9c64]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (hanges to this file while the application is running, ), ,[96bf84b6f9a079bdc7637268be46ef11]PUP.Optional.MySearchDial, C:\Users\Torres\AppData\Roaming\Mozilla\Firefox\Profiles\zw4v3fc7.default\prefs.js, Good: (), Bad: (nges to this file while the application is running, * the change), ,[d184ba8075243105c66486545ca8fd03] Physical Sectors: 0(No malicious items detected) (end) Any input?