[malware infected my daughters laptop. help?]

Thank you so much. She will be so happy. You are the best.

[malware infected my daughters laptop. help?]

# DelFix v1.011 - Logfile created 27/12/2015 at 15:39:11
# Updated 18/08/2015 by Xplode
# Username : biven - DESKTOP-8S8J809
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\biven\Desktop\JRT.exe
Deleted : C:\Users\biven\Desktop\JRT.txt
Deleted : C:\Users\biven\Downloads\adwcleaner_5.026.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2 [Windows Modules Installer | 12/25/2015 07:43:35]
Deleted : RP #3 [Windows Modules Installer | 12/25/2015 07:44:02]
Deleted : RP #4 [JRT Pre-Junkware Removal | 12/27/2015 21:44:01]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

[malware infected my daughters laptop. help?]

this is exactly what I copied. if you see something wrong help me.

:OTL
PRC - File not found --
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE:64bit: - HKLM\..\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
IE - HKLM\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
IE - HKU\S-1-5-21-2875059968-196611492-1916212712-1001\..\SearchScopes,DefaultScope = {7E5207C2-1FA7-499C-88EE-FCE834450114}
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\biven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

[malware infected my daughters laptop. help?]

here is the old timer logs.

OTL.Txt

Extras.Txt

[malware infected my daughters laptop. help?]

this is the first scan log.

 

 

 

mal.txt

[malware infected my daughters laptop. help?]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by biven (Administrator) on Sun 12/27/2015 at 13:43:59.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 25

Failed to delete: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Failed to delete: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Failed to delete: C:\Windows\system32\drivers\bsdriver.sys (File)
Failed to delete: C:\Windows\system32\drivers\cherimoya.sys (File)
Failed to delete: C:\Windows\system32\Drivers\swsedrvr_vw_1_10_0_25.sys (File)
Successfully deleted: C:\Program Files (x86)\gmsd_us_005010185 (Folder)
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\flashbeat (Folder)
Successfully deleted: C:\ProgramData\Service1291 (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\ProgramData\tvtime (Folder)
Successfully deleted: C:\Users\biven\AppData\Local\gmsd_us_005010185 (Folder)
Successfully deleted: C:\Users\biven\AppData\Local\tvtime (Folder)
Successfully deleted: C:\Users\biven\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\biven\AppData\Roaming\aspackage (Folder)
Successfully deleted: C:\Users\biven\AppData\Roaming\tsearch (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-install-v0003 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-processes-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Local\Temp\vitruvian-installer-uninstall-v0002 (File)
Successfully deleted: C:\Users\biven\AppData\Roaming\Bubble Dock.boostrap.log (File)

 

Registry: 5

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010185 (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\cherimoya (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\swsedrvr_vw_1_10_0_25 (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{7E5207C2-1FA7-499C-88EE-FCE834450114} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/27/2015 at 13:45:53.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[malware infected my daughters laptop. help?]

I need help removing a malware called tuto4pc. Very nasty malware has infected ever program on the system.