Solved Toren.9 PuP

2020-04-09 04:55:57.464 Sophos Virus Removal Tool version 2.8.0
2020-04-09 04:55:57.464 Copyright (c) 2009-2019 Sophos Limited. All rights reserved.

2020-04-09 04:55:57.464 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2020-04-09 04:55:57.464 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2020-04-09 04:55:57.464 Checking for updates...
2020-04-09 04:55:57.482 Update progress: proxy server not available
2020-04-09 04:56:00.766 Downloading updates...
2020-04-09 04:56:00.768 Update progress: [I96736] sdds.svrt_v1.16: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2020-04-09 04:56:00.768 Update progress: [I95020] sdds.svrt_v1.16: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-04-09 04:56:00.768 Update progress: [I22529] sdds.svrt_v1.16: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-04-09 04:56:00.768 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2020-04-09 04:56:00.768 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2020-04-09 04:56:00.768 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2020-04-09 04:56:00.768 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2020-04-09 04:56:00.768 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2020-04-09 04:56:00.769 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 62 ms
2020-04-09 04:56:00.769 Update progress: [I49502] sdds.data0910.xml: found supplement IDE573 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2020-04-09 04:56:00.769 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE573 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE573 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I49502] sdds.data0910.xml: found supplement IDE574 LATEST path= baseVersion= [included from product IDE573 LATEST path=]
2020-04-09 04:56:00.769 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE574 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE574 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I49502] sdds.data0910.xml: found supplement IDE575 LATEST path= baseVersion= [included from product IDE574 LATEST path=]
2020-04-09 04:56:00.769 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE575 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE575 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I49502] sdds.data0910.xml: found supplement IDE576 LATEST path= baseVersion= [included from product IDE575 LATEST path=]
2020-04-09 04:56:00.769 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE576 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE576 LATEST path=
2020-04-09 04:56:00.769 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2020-04-09 04:56:00.799 Update progress: [I19463] Syncing product IDE573 LATEST path=
2020-04-09 04:56:00.826 Update progress: [I19463] Syncing product IDE574 LATEST path=
2020-04-09 04:56:00.859 Update progress: [I19463] Syncing product IDE575 LATEST path=
2020-04-09 04:56:00.864 Update progress: [I19463] Syncing product IDE576 LATEST path=
2020-04-09 04:56:00.889 Installing updates...
2020-04-09 04:56:05.938 Option all = no
2020-04-09 04:56:06.540 Option recurse = yes
2020-04-09 04:56:06.540 Option archive = no
2020-04-09 04:56:06.540 Option service = yes
2020-04-09 04:56:06.540 Option confirm = yes
2020-04-09 04:56:06.540 Option sxl = yes
2020-04-09 04:56:06.540 Option max-data-age = 35
2020-04-09 04:56:06.540 Option vdl-logging = yes
2020-04-09 04:56:06.540 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2020-04-09 04:56:06.540 Machine ID: f20b8f26a3984ecd9d9ffaaff1e16070
2020-04-09 04:56:06.540 Component SVRTcli.exe version 2.8.0
2020-04-09 04:56:06.540 Component control.dll version 2.8.0
2020-04-09 04:56:06.540 Component SVRTservice.exe version 2.8.0
2020-04-09 04:56:06.540 Component engine\osdp.dll version 1.44.1.2461
2020-04-09 04:56:06.540 Component engine\veex.dll version 3.77.1.2461
2020-04-09 04:56:06.540 Component engine\savi.dll version 9.0.15.2461
2020-04-09 04:56:06.541 Component rkdisk.dll version 1.5.33.1
2020-04-09 04:56:06.541 Version info: Product version 2.8.0
2020-04-09 04:56:06.541 Version info: Detection engine 3.77.1
2020-04-09 04:56:06.541 Version info: Detection data 5.72
2020-04-09 04:56:06.541 Version info: Build date 2/4/2020
2020-04-09 04:56:06.541 Version info: Data files added 360
2020-04-09 04:56:06.541 Version info: Last successful update 4/8/2020 9:23:58 PM
2020-04-09 04:56:06.541 Error level 1
2020-04-09 04:56:07.362 Update successful
2020-04-09 04:56:16.422 Option all = no
2020-04-09 04:56:16.422 Option recurse = yes
2020-04-09 04:56:16.422 Option archive = no
2020-04-09 04:56:16.422 Option service = yes
2020-04-09 04:56:16.422 Option confirm = yes
2020-04-09 04:56:16.422 Option sxl = yes
2020-04-09 04:56:16.424 Option max-data-age = 35
2020-04-09 04:56:16.424 Option vdl-logging = yes
2020-04-09 04:56:16.429 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2020-04-09 04:56:16.429 Machine ID: f20b8f26a3984ecd9d9ffaaff1e16070
2020-04-09 04:56:16.430 Component SVRTcli.exe version 2.8.0
2020-04-09 04:56:16.430 Component control.dll version 2.8.0
2020-04-09 04:56:16.430 Component SVRTservice.exe version 2.8.0
2020-04-09 04:56:16.431 Component engine\osdp.dll version 1.44.1.2461
2020-04-09 04:56:16.431 Component engine\veex.dll version 3.77.1.2461
2020-04-09 04:56:16.431 Component engine\savi.dll version 9.0.15.2461
2020-04-09 04:56:16.432 Component rkdisk.dll version 1.5.33.1
2020-04-09 04:56:16.432 Version info: Product version 2.8.0
2020-04-09 04:56:16.432 Version info: Detection engine 3.77.1
2020-04-09 04:56:16.432 Version info: Detection data 5.72
2020-04-09 04:56:16.432 Version info: Build date 2/4/2020
2020-04-09 04:56:16.432 Version info: Data files added 360
2020-04-09 04:56:16.432 Version info: Last successful update 4/8/2020 11:56:07 PM

2020-04-09 05:11:00.904 Could not open C:\pagefile.sys
2020-04-09 05:15:34.691 Could not open C:\swapfile.sys
2020-04-09 05:17:46.499 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe
2020-04-09 05:17:46.514 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2020-04-09 05:17:46.514 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2020-04-09 05:17:46.530 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2020-04-09 05:17:46.530 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe
2020-04-09 05:17:46.530 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2020-04-09 05:17:46.530 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\python.exe
2020-04-09 05:17:46.530 Could not open C:\Users\Ken's\AppData\Local\Microsoft\WindowsApps\python3.exe
2020-04-09 05:31:23.802 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2020-04-09 05:31:23.802 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2020-04-09 05:31:25.755 Could not open C:\Windows\System32\config\BBI
2020-04-09 05:41:30.660 Could not open LOGICAL:0003:00000000
2020-04-09 05:41:30.660 Could not open D:\
2020-04-09 05:43:07.780 Could not check E:\Games\IL-2 Strumovik 1946\HSFX V7 Tools & Read me's\HSFX 6.0 ReadMe.doc (corrupt)
2020-04-09 05:44:24.725 Could not check E:\Games\IL-2 Strumovik 1946 - Copy\HSFX V7 Tools & Read me's\HSFX 6.0 ReadMe.doc (corrupt)
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file E:\Steam\SteamApps\common\Theatre of War II Kursk 1943\MissionEditor\Editor.exe
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{206C004D-83E7-4977-81EC-9BCE5F167465}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{48E56C5B-4B40-425E-8ACF-CDE53E5C71C9}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9C217047-10F8-4D38-B7C2-6B1F078AB095}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7ABD4B06-0388-411B-A78E-7B95365A6EAD}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{206C004D-83E7-4977-81EC-9BCE5F167465}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{48E56C5B-4B40-425E-8ACF-CDE53E5C71C9}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{9C217047-10F8-4D38-B7C2-6B1F078AB095}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7ABD4B06-0388-411B-A78E-7B95365A6EAD}
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKU\S-1-5-21-1717588471-1589297708-2851942008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKU\S-1-5-21-1717588471-1589297708-2851942008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2020-04-09 06:05:20.400 >>> Virus 'Mal/Agent-RO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2020-04-09 06:08:34.683 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Athena\Binaries\UWP64\SoTGame.exe
2020-04-09 06:08:36.636 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\cpprest140_uwp_2_9.dll
2020-04-09 06:08:36.761 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\CoherentGTCore.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\CoherentGTJS.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\coherenticuin.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\coherenticuuc.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\CoherentUIGT.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\icudtcoherent53.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\RenoirCore.UWP.dll
2020-04-09 06:08:36.777 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\CoherentUIGT\UWP64\Release\WTF.dll
2020-04-09 06:08:36.855 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\UWP64\VS2015\PhysX3Common_x64.dll
2020-04-09 06:08:36.855 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\UWP64\VS2015\PhysX3Cooking_x64.dll
2020-04-09 06:08:36.855 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\UWP64\VS2015\PhysX3_x64.dll
2020-04-09 06:08:36.855 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\UWP64\VS2015\PxFoundation_x64.dll
2020-04-09 06:08:36.855 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX\UWP64\VS2015\PxPvdSDK_x64.dll
2020-04-09 06:08:36.964 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Engine\Source\ThirdParty\AMD\AGS_5_2_0\lib\amd_ags_uwp_x64.dll
2020-04-09 06:08:36.964 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\EraAdapter.dll
2020-04-09 06:08:36.964 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\GameChat2.dll
2020-04-09 06:08:37.074 Could not open E:\WindowsApps\Microsoft.SeaofThieves_2.91.4943.2_x64__8wekyb3d8bbwe\Microsoft.Xbox.Services.dll
2020-04-09 06:09:46.892 The following items will be cleaned up:
2020-04-09 06:09:46.892 Mal/Agent-RO
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
Seems great so far. The pop-up notifications seem to have stopped. Thank you for your help. I can't give you enough props!
 
Way to go!!
file.php

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back