Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01.11.2014
Scan Time: 19:03:17
Logfile: 
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.01.06
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: GeirĂ?ystein

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411057
Time Elapsed: 11 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-954902109-1599452538-1242023545-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [504a58deea92c2741f7f8d1ead55fc04], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [6436a195c8b47cba12582553b153718f], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-954902109-1599452538-1242023545-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [7822cb6bc2baaa8ce485294f59abd828], 

Registry Values: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1605757212047275316, Quarantined, [6436a195c8b47cba12582553b153718f]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-954902109-1599452538-1242023545-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1605757212047275316, Quarantined, [7822cb6bc2baaa8ce485294f59abd828]

Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-954902109-1599452538-1242023545-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3325111&octid=EB_ORIGINAL_CTID&ISID=0B684641-68A9-4244-AC76-73371AA738E8&SearchSource=55&CUI=&UM=6&UP=SP7D77C529-8107-4B50-9776-22E318B3D35C&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3325111&octid=EB_ORIGINAL_CTID&ISID=0B684641-68A9-4244-AC76-73371AA738E8&SearchSource=55&CUI=&UM=6&UP=SP7D77C529-8107-4B50-9776-22E318B3D35C&SSPV=),Replaced,[eab0a09608748fa7b95937f5ea1b4bb5]

Folders: 2
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [9dfd3ef888f4d75f9b3df2f66c96cd33], 
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor, Quarantined, [dcbe68cea9d3f83e5aaa948916ed8a76], 

Files: 9
PUP.Optional.ClientConnect, C:\Users\GeirĂ?ystein\AppData\Local\Temp\nsvA767.tmp\FDMClient.dll, Quarantined, [188216205f1de551d1d2c6f09f62dd23], 
PUP.Optional.ClientConnect, C:\Users\GeirĂ?ystein\AppData\Local\Temp\nsvA767.tmp\webapphost.dll, Quarantined, [a4f65bdbd0ac93a3bae9ffb703febd43], 
PUP.Optional.OnlySearch.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.only-search.com_0.localstorage, Quarantined, [891145f1d8a48fa73362cd66b3504bb5], 
PUP.Optional.OnlySearch.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.only-search.com_0.localstorage-journal, Quarantined, [cfcb4aecdd9fee486134a68da2612ed2], 
PUP.Optional.WebSearchs.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Quarantined, [0e8c270fe597fc3a606a80b927dc1ae6], 
PUP.Optional.WebSearchs.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Quarantined, [cecc2e08f488979fad1d6dcc31d2d729], 
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor\DealsFactor.exe, Quarantined, [dcbe68cea9d3f83e5aaa948916ed8a76], 
PUP.Optional.Astromenda.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.trovi.com/?gd=&ctid=CT3325111&octid=EB_ORIGINAL_CTID&ISID=BC159005-1C46-46F3-A6E7-E4DC26983E6A&SearchSource=55&CUI=&UM=6&UP=SP84F5E365-4494-4884-9FF0-95D641E4D340&SSPV=", "http://www.search.ask.com/?o=APN10640A&gct=hp&d=473-105&v=n9602-152&t=4", "http://no.search.yahoo.com/?type=198484&fr=spigot-yhp-ch", "http://mysearch.sweetpacks.com/?barid=92828551513060610&src=10&crg=&ppd=na&st=23&i=48&did=10977", "http://istart.webssearches.com/?type=hppp&ts=1401008874&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCC32440", "http://istart.webssearches.com/?type=hppp&ts=1401035552&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCC32440", "http://istart.webssearches.com/?type=hppp&ts=1401050234&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCC32440", "http://astromenda.com/?f=7&a=ast_cmi_14_37_ch&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyDyE0E0BtByBtB0F0EtN0D0Tzu0SzyzzyBtN1L2XzutAtFtBtFyDtFtCtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyEtDtAzyyDtBzyyDtGtBzz0CyBtGtCyByCyDtGzzzzyEzytGyDyBzytD0A0CzztA0AyD0C0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0ByC0E0A0EyDtGzy0ByDyDtGyE0CtB0EtG0BtDtAtCtGyC0A0E0DyD0AtDyCtD0EyDyE2Q&cr=677600486&ir=", "http://www.only-search.com/?babsrc=HP_ss&mntrId=F8701216D80F5F0F&affID=129300&tt=020914_onst&tsp=5372", "http://www.sweet-page.com/?type=hp&ts=1413788756&from=cor&uid=INTELXSSDSC2CT180A3XXXXXXXXXXXXXXXXXXX_CVMP222504HZ180CGN" ],), Replaced,[4c4efe3888f4fc3ad348a5c6c63f936d]
PUP.Optional.ASK.A, C:\Users\GeirĂ?ystein\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (                  "homepage": "http://www.search.ask.com/?gct=hp",), Replaced,[9bff999d91ebc67024a36efea95cd828]

Physical Sectors: 0
(No malicious items detected)


(end)