2013-10-09 11:44:00 Sophos Virus Removal Tool version 2.4 2013-10-09 11:44:00 Copyright (c) 2009-2013 Sophos Limited. All rights reserved. 2013-10-09 11:44:00 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-10-09 11:44:00 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-10-09 11:44:00 Checking for updates... 2013-10-09 11:44:02 Update progress: proxy server not available 2013-10-09 11:44:02 Update error: failed to read remote metadata (error 4) Cannot locate server for http://dci.sophosupd.com/update/4/09/40970ac0c324fd8940e09e164ecc940c.xml 2013-10-09 11:44:14 Option all = no 2013-10-09 11:44:14 Option recurse = yes 2013-10-09 11:44:14 Option archive = no 2013-10-09 11:44:14 Option service = yes 2013-10-09 11:44:14 Option confirm = yes 2013-10-09 11:44:14 Option sxl = yes 2013-10-09 11:44:14 Option max-data-age = 35 2013-10-09 11:44:14 Option EnableSafeClean = yes 2013-10-09 11:44:16 Component SVRTcli.exe version 2.4 2013-10-09 11:44:16 Component control.dll version 2.4 2013-10-09 11:44:16 Component SVRTservice.exe version 2.4 2013-10-09 11:44:16 Component engine\osdp.dll version 1.44.0.2120 2013-10-09 11:44:16 Component engine\veex.dll version 3.47.3.2120 2013-10-09 11:44:16 Component engine\savi.dll version 8.0.0.2120 2013-10-09 11:44:16 Component rkdisk.dll version 1.5.30.0 2013-10-09 11:44:16 Version info: Product version 2.4 2013-10-09 11:44:16 Version info: Detection engine 3.47.3 2013-10-09 11:44:16 Version info: Detection data 4.93 2013-10-09 11:44:16 Version info: Build date 11/09/2013 2013-10-09 11:44:16 Version info: Data files added 456 2013-10-09 11:44:16 Version info: Last successful update (not yet updated) 2013-10-09 12:05:01 >>> Virus 'Troj/Keygen-FU' found in file C:\Documents and Settings\Al\Desktop\Office Professional 2010\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final\Office 2010 Toolkit.exe 2013-10-09 12:08:13 >>> Virus 'Mal/Generic-L' found in file C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits\insider_profits.exe 2013-10-09 12:08:16 >>> Virus 'Mal/Generic-L' found in file C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits.zip 2013-10-09 12:16:59 >>> Virus 'Troj/LCKeyGen-A' found in file C:\Documents and Settings\Work\My Documents\Downloads\Corel Draw X5 with Keygen\Keygen.exe 2013-10-09 12:36:14 >>> Virus 'Troj/Keygen-DX' found in file C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP440\A0171451.exe 2013-10-09 12:42:07 >>> Virus 'Troj/Keygen-DS' found in file C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP479\A0181708.exe 2013-10-09 12:56:55 >>> Virus 'Troj/Keygen-DX' found in file C:\WINDOWS\KMSEmulator.exe 2013-10-09 12:56:55 >>> Virus 'Troj/Keygen-DX' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\KMSEmulator.exe 2013-10-09 12:56:55 >>> Virus 'Troj/Keygen-DX' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts 2013-10-09 12:56:55 >>> Virus 'Troj/Keygen-DX' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions 2013-10-09 12:56:55 >>> Virus 'Troj/Keygen-DX' found in file HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts 2013-10-09 13:03:33 The following items will be cleaned up: 2013-10-09 13:03:33 Troj/Keygen-FU 2013-10-09 13:03:33 Mal/Generic-L 2013-10-09 13:03:33 Troj/LCKeyGen-A 2013-10-09 13:03:33 Troj/Keygen-DX 2013-10-09 13:03:33 Troj/Keygen-DS 2013-10-09 14:11:53 Threat 'Troj/Keygen-FU' has been cleaned up. 2013-10-09 14:11:53 File "C:\Documents and Settings\Al\Desktop\Office Professional 2010\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final\Office 2010 Toolkit.exe" belongs to 'Troj/Keygen-FU'. 2013-10-09 14:11:53 File "C:\Documents and Settings\Al\Desktop\Office Professional 2010\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final\Office 2010 Toolkit.exe" has been cleaned up. 2013-10-09 14:11:53 Removal successful 2013-10-09 14:12:00 Threat 'Mal/Generic-L' has been cleaned up. 2013-10-09 14:12:00 File "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits\insider_profits.exe" belongs to malware 'Mal/Generic-L'. 2013-10-09 14:12:00 File "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits\insider_profits.exe" has been cleaned up. 2013-10-09 14:12:00 File "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits.zip" belongs to malware 'Mal/Generic-L'. 2013-10-09 14:12:00 File "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits.zip" has been cleaned up. 2013-10-09 14:12:00 Removal successful 2013-10-09 14:12:02 Threat 'Troj/LCKeyGen-A' has been cleaned up. 2013-10-09 14:12:02 File "C:\Documents and Settings\Work\My Documents\Downloads\Corel Draw X5 with Keygen\Keygen.exe" belongs to 'Troj/LCKeyGen-A'. 2013-10-09 14:12:02 File "C:\Documents and Settings\Work\My Documents\Downloads\Corel Draw X5 with Keygen\Keygen.exe" has been cleaned up. 2013-10-09 14:12:02 Removal successful 2013-10-09 14:12:12 Threat 'Troj/Keygen-DX' has been cleaned up. 2013-10-09 14:12:12 File "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP440\A0171451.exe" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 File "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP440\A0171451.exe" has been cleaned up. 2013-10-09 14:12:12 Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\KMSEmulator.exe" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\KMSEmulator.exe" has been cleaned up. 2013-10-09 14:12:12 File "C:\WINDOWS\KMSEmulator.exe" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 File "C:\WINDOWS\KMSEmulator.exe" has been cleaned up. 2013-10-09 14:12:12 Registry key "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 Registry key "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts" has been cleaned up. 2013-10-09 14:12:12 Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 Registry value "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions" has been cleaned up. 2013-10-09 14:12:12 Registry key "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts" belongs to 'Troj/Keygen-DX'. 2013-10-09 14:12:12 Registry key "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts" has been cleaned up. 2013-10-09 14:12:12 Removal successful 2013-10-09 14:12:14 Threat 'Troj/Keygen-DS' has been cleaned up. 2013-10-09 14:12:14 File "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP479\A0181708.exe" belongs to 'Troj/Keygen-DS'. 2013-10-09 14:12:14 File "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP479\A0181708.exe" has been cleaned up. 2013-10-09 14:12:14 Removal successful 2013-10-09 14:12:14 Contents of SafeClean bin directory: 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000001", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\Documents and Settings\Al\Desktop\Office Professional 2010\Office 2010 Toolkit and EZ-Activator v 2.1.6 Final\", 2013-10-09 14:12:14 FileName : "Office 2010 Toolkit.exe", 2013-10-09 14:12:14 ThreatName : "Troj/Keygen-FU", 2013-10-09 14:12:14 Checksum : "a73a607bc7c8aae4d5cdcaf2b3ec389fda3ff2b9c439a58d5501bfd130de2477", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:11:40 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000002", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\insider_profits\", 2013-10-09 14:12:14 FileName : "insider_profits.exe", 2013-10-09 14:12:14 ThreatName : "Mal/Generic-L", 2013-10-09 14:12:14 Checksum : "7cd9c5d5926e5d5f772c00ece84ef6ee1510f359edceee11050cbd0482d111bd", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:11:53 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000003", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\Documents and Settings\Al\My Documents\Downloads\Al's Stuff\Backups\Backups\webmasters docs\", 2013-10-09 14:12:14 FileName : "insider_profits.zip", 2013-10-09 14:12:14 ThreatName : "Mal/Generic-L", 2013-10-09 14:12:14 Checksum : "a0226f95aed407f384742a04d9e4cf505bdb21d84d52919a0a732e99e77d4aec", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:11:53 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000004", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\Documents and Settings\Work\My Documents\Downloads\Corel Draw X5 with Keygen\", 2013-10-09 14:12:14 FileName : "Keygen.exe", 2013-10-09 14:12:14 ThreatName : "Troj/LCKeyGen-A", 2013-10-09 14:12:14 Checksum : "e624476bdf1193cfb9d1b94beefa3630b2bb11a30d123a0b98e5f420b8114a55", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:12:00 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000005", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP440\", 2013-10-09 14:12:14 FileName : "A0171451.exe", 2013-10-09 14:12:14 ThreatName : "Troj/Keygen-DX", 2013-10-09 14:12:14 Checksum : "494e694c9ba1b9e3d65972a1612e167279eaed918f9376c12284e62db91094ed", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:12:02 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000006", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\WINDOWS\", 2013-10-09 14:12:14 FileName : "KMSEmulator.exe", 2013-10-09 14:12:14 ThreatName : "Troj/Keygen-DX", 2013-10-09 14:12:14 Checksum : "494e694c9ba1b9e3d65972a1612e167279eaed918f9376c12284e62db91094ed", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:12:02 2013" 2013-10-09 14:12:14 } 2013-10-09 14:12:14 { 2013-10-09 14:12:14 RecordID : "0000000000000007", 2013-10-09 14:12:14 ItemType : "1", 2013-10-09 14:12:14 Location : "C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP479\", 2013-10-09 14:12:14 FileName : "A0181708.exe", 2013-10-09 14:12:14 ThreatName : "Troj/Keygen-DS", 2013-10-09 14:12:14 Checksum : "7c38affba880dc3d8039f429806d03be64a847649ffad26fca5d37e12a7ca837", 2013-10-09 14:12:14 TimeStamp : "Wed Oct 09 14:12:12 2013" 2013-10-09 14:12:14 } 2013-10-09 14:13:45 Scan completed. 2013-10-09 14:13:45 ------------------------------------------------------------ 2013-10-09 14:51:30 Sophos Virus Removal Tool version 2.4 2013-10-09 14:51:30 Copyright (c) 2009-2013 Sophos Limited. All rights reserved. 2013-10-09 14:51:30 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-10-09 14:51:30 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-10-09 14:51:30 Checking for updates... 2013-10-09 14:51:50 Update progress: proxy server not available 2013-10-09 14:52:05 Update error: failed to read remote metadata (error 4) Cannot locate server for http://dci.sophosupd.com/update/4/09/40970ac0c324fd8940e09e164ecc940c.xml 2013-10-09 14:52:19 Option all = no 2013-10-09 14:52:19 Option recurse = yes 2013-10-09 14:52:19 Option archive = no 2013-10-09 14:52:19 Option service = yes 2013-10-09 14:52:19 Option confirm = yes 2013-10-09 14:52:19 Option sxl = yes 2013-10-09 14:52:19 Option max-data-age = 35 2013-10-09 14:52:19 Option EnableSafeClean = yes 2013-10-09 14:52:20 Component SVRTcli.exe version 2.4 2013-10-09 14:52:20 Component control.dll version 2.4 2013-10-09 14:52:20 Component SVRTservice.exe version 2.4 2013-10-09 14:52:20 Component engine\osdp.dll version 1.44.0.2120 2013-10-09 14:52:20 Component engine\veex.dll version 3.47.3.2120 2013-10-09 14:52:20 Component engine\savi.dll version 8.0.0.2120 2013-10-09 14:52:20 Component rkdisk.dll version 1.5.30.0 2013-10-09 14:52:20 Version info: Product version 2.4 2013-10-09 14:52:20 Version info: Detection engine 3.47.3 2013-10-09 14:52:20 Version info: Detection data 4.93 2013-10-09 14:52:20 Version info: Build date 11/09/2013 2013-10-09 14:52:20 Version info: Data files added 456 2013-10-09 14:52:20 Version info: Last successful update (not yet updated) 2013-10-09 14:52:36 Scan completed. 2013-10-09 14:52:36 ------------------------------------------------------------ 2013-10-09 14:56:03 Sophos Virus Removal Tool version 2.4 2013-10-09 14:56:03 Copyright (c) 2009-2013 Sophos Limited. All rights reserved. 2013-10-09 14:56:03 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-10-09 14:56:03 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-10-09 14:56:03 Checking for updates... 2013-10-09 14:56:13 Option all = no 2013-10-09 14:56:13 Option recurse = yes 2013-10-09 14:56:13 Option archive = no 2013-10-09 14:56:13 Option service = yes 2013-10-09 14:56:13 Option confirm = yes 2013-10-09 14:56:13 Option sxl = yes 2013-10-09 14:56:13 Option max-data-age = 35 2013-10-09 14:56:13 Option EnableSafeClean = yes 2013-10-09 14:56:13 Component SVRTcli.exe version 2.4 2013-10-09 14:56:13 Component control.dll version 2.4 2013-10-09 14:56:13 Component SVRTservice.exe version 2.4 2013-10-09 14:56:13 Component engine\osdp.dll version 1.44.0.2120 2013-10-09 14:56:13 Component engine\veex.dll version 3.47.3.2120 2013-10-09 14:56:13 Component engine\savi.dll version 8.0.0.2120 2013-10-09 14:56:13 Component rkdisk.dll version 1.5.30.0 2013-10-09 14:56:13 Version info: Product version 2.4 2013-10-09 14:56:13 Version info: Detection engine 3.47.3 2013-10-09 14:56:13 Version info: Detection data 4.93 2013-10-09 14:56:13 Version info: Build date 11/09/2013 2013-10-09 14:56:13 Version info: Data files added 456 2013-10-09 14:56:13 Version info: Last successful update (not yet updated) 2013-10-09 14:56:21 Update progress: proxy server not available 2013-10-09 14:56:36 Update error: failed to read remote metadata (error 4) Cannot locate server for http://dci.sophosupd.com/update/4/09/40970ac0c324fd8940e09e164ecc940c.xml 2013-10-09 15:58:58 >>> Virus 'Troj/Keygen-FU' found in file C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP490\A0186994.exe 2013-10-09 15:59:00 >>> Virus 'Troj/Keygen-DX' found in file C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP490\A0186995.exe 2013-10-09 16:12:55 The following items will be cleaned up: 2013-10-09 16:12:55 Troj/Keygen-FU 2013-10-09 16:12:55 Troj/Keygen-DX