Sponsored By

natebiv

Members
  • Content Count

    7
  • Joined

  • Last visited

About natebiv

  • Rank
    Member
  1. natebiv

    malware infected my daughters laptop. help?

    Thank you so much. She will be so happy. You are the best.
  2. natebiv

    malware infected my daughters laptop. help?

    # DelFix v1.011 - Logfile created 27/12/2015 at 15:39:11 # Updated 18/08/2015 by Xplode # Username : biven - DESKTOP-8S8J809 # Operating System : Windows 10 Home (64 bits) ~ Removing disinfection tools ... Deleted : C:\_OTL Deleted : C:\AdwCleaner Deleted : C:\Users\biven\Desktop\JRT.exe Deleted : C:\Users\biven\Desktop\JRT.txt Deleted : C:\Users\biven\Downloads\adwcleaner_5.026.exe Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #2 [Windows Modules Installer | 12/25/2015 07:43:35] Deleted : RP #3 [Windows Modules Installer | 12/25/2015 07:44:02] Deleted : RP #4 [JRT Pre-Junkware Removal | 12/27/2015 21:44:01] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  3. natebiv

    malware infected my daughters laptop. help?

    this is exactly what I copied. if you see something wrong help me. :OTL PRC - File not found -- IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114} IE:64bit: - HKLM\..\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE IE - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114} IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114} CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot]
  4. natebiv

    malware infected my daughters laptop. help?

    here is the old timer logs. OTL.Txt Extras.Txt
  5. natebiv

    malware infected my daughters laptop. help?

    this is the first scan log. mal.txt
  6. natebiv

    malware infected my daughters laptop. help?

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 10 Home x64 Ran by biven (Administrator) on Sun 12/27/2015 at 13:43:59.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Failed to delete: C:\Program Files (x86)\google\chrome\application\chrome.bat (File) Failed to delete: C:\Program Files (x86)\internet explorer\iexplore.bat (File) Failed to delete: C:\Windows\system32\drivers\bsdriver.sys (File) Failed to delete: C:\Windows\system32\drivers\cherimoya.sys (File) Failed to delete: C:\Windows\system32\Drivers\swsedrvr_vw_1_10_0_25.sys (File) Successfully deleted: C:\Program Files (x86)\gmsd_us_005010185 (Folder) Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) Successfully deleted: C:\ProgramData\flashbeat (Folder) Successfully deleted: C:\ProgramData\Service1291 (Folder) Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut) Successfully deleted: C:\ProgramData\tvtime (Folder) Successfully deleted: C:\Users\biven\AppData\Local\gmsd_us_005010185 (Folder) Successfully deleted: C:\Users\biven\AppData\Local\tvtime (Folder) Successfully deleted: C:\Users\biven\Appdata\LocalLow\company (Folder) Successfully deleted: C:\Users\biven\AppData\Roaming\aspackage (Folder) Successfully deleted: C:\Users\biven\AppData\Roaming\tsearch (Folder) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-install-v0003 (File) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (File) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002 (File) Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-uninstall-v0002 (File) Successfully deleted: C:\Users\biven\AppData\Roaming\Bubble Dock.boostrap.log (File) Registry: 5 Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010185 (Registry Value) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\cherimoya (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\swsedrvr_vw_1_10_0_25 (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 12/27/2015 at 13:45:53.90 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. I need help removing a malware called tuto4pc. Very nasty malware has infected ever program on the system.