As I tried to update my Adobe Reader, a virus Safesear.ch highjacker appeared and now my computer is infected. Please advise.
Thank you! Valerie
# AdwCleaner v3.311 - Report created 08/10/2014 at 20:41:05
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : DelawareGlassTinting - OFFICE
# Running from : C:\Users\DelawareGlassTinting\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17278
*************************
AdwCleaner[R0].txt - [1669 octets] - [08/10/2014 20:35:01]
AdwCleaner[R1].txt - [1683 octets] - [08/10/2014 20:37:02]
AdwCleaner[R2].txt - [1743 octets] - [08/10/2014 20:40:16]
AdwCleaner[S0].txt - [1680 octets] - [08/10/2014 20:41:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1740 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/8/2014
Scan Time: 8:54:08 PM
Logfile: Malware1.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.08.11
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DelawareGlassTinting
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314310
Time Elapsed: 18 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Koyote.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free HD Converter, Quarantined, [0b4056bc0b713ef8e267124189785ca4],
Registry Values: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CouponXplorer AppIntegrator 32-bit, C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe, Quarantined, [d17aa86a3d3fce689865e927be45e31d]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CouponXplorer AppIntegrator 64-bit, C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe, Quarantined, [9caf030f43393ff7ea1313fdc73c7a86]
Registry Data: 9
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm),Replaced,[2b209b77394363d313f5ba5f65a0ea16]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm),Replaced,[3e0d9c76f08ce3537c8d43d6d233c739]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm),Replaced,[3813ba58bcc0fb3b62a6b960e520857b]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm),Replaced,[7ad117fbaecec96d45c4ec2db84d837d]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[66e54fc30379270f13ed120723e2d12f]
PUP.Optional.SafeSear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[af9ce032fe7e221442add6375ca9df21]
PUP.Optional.SafeSear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[98b3d939c2ba90a67876a5689372b24e]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[113aec26f983082e36cbc158f51024dc]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20141008-155-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20141008-155-sshome-ie-df&q={searchTerms}),Replaced,[62e91ef4d8a4d264ce395bbefe0704fc]
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Koyote.A, C:\Program Files (x86)\Free HD Converter\Uninstall.exe, Quarantined, [0b4056bc0b713ef8e267124189785ca4],
Physical Sectors: 0
(No malicious items detected)
(end)
Thank you! Valerie
# AdwCleaner v3.311 - Report created 08/10/2014 at 20:41:05
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : DelawareGlassTinting - OFFICE
# Running from : C:\Users\DelawareGlassTinting\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17278
*************************
AdwCleaner[R0].txt - [1669 octets] - [08/10/2014 20:35:01]
AdwCleaner[R1].txt - [1683 octets] - [08/10/2014 20:37:02]
AdwCleaner[R2].txt - [1743 octets] - [08/10/2014 20:40:16]
AdwCleaner[S0].txt - [1680 octets] - [08/10/2014 20:41:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1740 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/8/2014
Scan Time: 8:54:08 PM
Logfile: Malware1.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.08.11
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DelawareGlassTinting
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314310
Time Elapsed: 18 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Koyote.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free HD Converter, Quarantined, [0b4056bc0b713ef8e267124189785ca4],
Registry Values: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CouponXplorer AppIntegrator 32-bit, C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator.exe, Quarantined, [d17aa86a3d3fce689865e927be45e31d]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CouponXplorer AppIntegrator 64-bit, C:\PROGRA~2\COUPON~2\bar\1.bin\AppIntegrator64.exe, Quarantined, [9caf030f43393ff7ea1313fdc73c7a86]
Registry Data: 9
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm),Replaced,[2b209b77394363d313f5ba5f65a0ea16]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm),Replaced,[3e0d9c76f08ce3537c8d43d6d233c739]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20141008-155-ff-sm),Replaced,[3813ba58bcc0fb3b62a6b960e520857b]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141008-155-ie-sm),Replaced,[7ad117fbaecec96d45c4ec2db84d837d]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[66e54fc30379270f13ed120723e2d12f]
PUP.Optional.SafeSear.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[af9ce032fe7e221442add6375ca9df21]
PUP.Optional.SafeSear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[98b3d939c2ba90a67876a5689372b24e]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20141008-155-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20141008-155-ie),Replaced,[113aec26f983082e36cbc158f51024dc]
PUP.Optional.Safesear.A, HKU\S-1-5-21-1056042642-1845268101-2440002891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20141008-155-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20141008-155-sshome-ie-df&q={searchTerms}),Replaced,[62e91ef4d8a4d264ce395bbefe0704fc]
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Koyote.A, C:\Program Files (x86)\Free HD Converter\Uninstall.exe, Quarantined, [0b4056bc0b713ef8e267124189785ca4],
Physical Sectors: 0
(No malicious items detected)
(end)