All processes killed
========== FILES ==========
File\Folder C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an not found.
File\Folder d.Patch-CRD\keygen\keygen.exe not found.
File\Folder C:\DOCUME~1\Others\Desktop\SoftForBa\ToKeepSoft\SUPERAntiSpyware.Professional.v4.27.1000.Multilingual.WinAll.Incl.Keygen.an not found.
File\Folder d.Patch-CRD\keygen\keygen.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All UseZs

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N8U66LJY\BlackList_Bill[1].xml deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N8U66LJY\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQ0LHJZ9\BlackList_Full[1].xml deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FQ0LHJZ9\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2HJ9N6B7\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2HJ9N6B7\IcbcToolBarConfig[1].xml deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 49186 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
C:\Documents and Settings\Others\Local Settings\Temp\mProjector3164945512\File.3.1.1e.mfx deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\mProjector3164945512\Flash6MovieV2.3.1.1e.mvx deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\mProjector3164945512\FlashPlayer.3.1.1e.ocx deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\mProjector3164945512\mPlayer.3.1.1e.dll deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\mProjector3164945512\System.3.1.1e.mfx deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\MessengerCache\4r6RnPf3IifR2kFg9peTnW7jVyg= deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\MessengerCache\ErrorResponse.xml deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_3D881AF4.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_549ED5A0.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_7E3D5398.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_89689BCF.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_9DB12AFC.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_D437C11D.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\Babylon\link_files\3ZCCGQGCV2_FD672358.bmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\26d915.mst deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\AdobeARM.log deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\cnv3.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\java_install.log deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\java_install_reg.log deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\java_install_sp.log deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\jinstall.cfg deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\jusched.log deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DF27E0.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DF2A06.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DF6BC0.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DFA01.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DFA318.tmp deleted successfully.
File delete failed. C:\Documents and Settings\Others\Local Settings\Temp\~DFB6.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\Others\Local Settings\Temp\~DFC292.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DFD6F4.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~DFDA62.tmp deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temp\~F13237.tmp deleted successfully.
->Temp folder emptied: 6483659 bytes
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\SuggestedSites.dat deleted successfully.
->Temporary Internet Files folder emptied: 5439733 bytes
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-21617631-n\jogl.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-21617631-n\jogl_awt.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-21617631-n\jogl_cg.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-21617631 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-21617631.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-1098467a deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-1098467a.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-5f97b3f4-1.0b06a- deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-5f97b3f4-1.0b06a-.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-4af74659-n\gluegen-rt.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-4af74659 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-4af74659.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-5a4556da deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-5a4556da.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-2ec10c78 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-2ec10c78.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-14a5bec5 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-14a5bec5.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-666f0bed-1.1.1a- deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-666f0bed-1.1.1a-.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-66d142a1 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-66d142a1.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3-n\jmc.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-262790b3.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563-n\jmc.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563 deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-41423563.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-572ea56c deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-572ea56c.idx deleted successfully.
C:\Documents and Settings\Others\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed deleted successfully.
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Tom Q

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
C:\WINDOWS\temp\hpqddsvc.log deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_15c.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_294.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_304.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_5b8.dat deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat deleted successfully.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot.
C:\WINDOWS\temp\SBC1.tmp deleted successfully.
C:\WINDOWS\temp\SBC9.tmp deleted successfully.
C:\WINDOWS\temp\WGAErrLog.txt deleted successfully.
File delete failed. C:\WINDOWS\temp\ZLT00b93.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 107844 bytes
RecycleBin emptied: 714528 bytes

Total Files Cleaned = 36.51 mb


OTL by OldTimer - Version 3.1.1.8 log created on 10312009_220837

Files\Folders moved on Reboot...
C:\Documents and Settings\Others\Local Settings\Temp\~DFB6.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_678.dat not found!
File\Folder C:\WINDOWS\temp\ZLT00b93.TMP not found!

Registry entries deleted on Reboot...

Dear Oldman960,

First of all, I have followed your instruction and removed keygen and cracks. However, "RelevantKnowledge
MarketResearch" are not found in the system.

Secondly, double clicking on Java from Add and Remove Programs could not update it; so I had to uninstall it manually and download and install the updated version from java's website you provided.

Thirdly, you mentioned early on that "Any particular reason these are in the Trusted Zone? By default you security setting are lower in this zone.

QUOTE
Trusted Zone: bankofamerica.com\www
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\v4.Windowsupdate
Trusted Zone: microsoft.com\Windowsupdate
Trusted Zone: msn.com\www
Trusted Zone: yahoo.com\www"

Could you give me instruction on how to increase the Trusted Zone security for the above?

Lastly, could you please tell me exactly what are the backdoor trojans we found so far? Did we get rid of them all so far?
Thanks very much for your continuing help!!!

Hi

You had 3-4 variants of bagel/beagle. Some of the files you listed are associated with rootkits. Here's some links to various versions. They will all do similar things including disabling security programs.
http://www.threatexpert.com/reports.aspx?f...mp;x=3&y=13
http://www.threatexpert.com/report.aspx?md...407fcac7023ff45

Since you did a considerable amount of cleaning before posting here, I don't know what else you were infected with.

We have so far removed everything we have found.

As for the sites in the Trusted Zone, it's far better to remove them from the Trusted Zone and run them in the Internet Zone. Generally speaking there isn't any reason that most sites won't work properly in the Intenet Zone. The only real advantange of the Trusted Zone is you won't be pestered with popups asking to download and install some of the sites components if necessary or your setting need to be low enough for that sites to communicate with your computer. If for some reason a site won't work or it needs to be in the Trusted Zone you can always add it back later. These would need to be sites you really trust though.

Did you run MBAM? If you did please post the log. It can be found by opening MBAM, clicking on the Logs tab. Click on the most recent and click open.

Please post the contents of that log.

Thanks

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/31/2009 at 11:33 PM

Application Version : 4.27.1000

Core Rules Database Version : 4218
Trace Rules Database Version: 2122

Scan type : Quick Scan
Total Scan Time : 00:49:11

Memory items scanned : 494
Memory threats detected : 0
Registry items scanned : 756
Registry threats detected : 0
File items scanned : 12123
File threats detected : 0

Thanks so much, Oldman960! My Zonealarm, Avast Virus scanner and Spywareguard are all functioning well, nothing disable any of them anymore. So do you think it is ok to start using this computer with all the new passwords I changed on another computer? Do I still have that big risk?

This post has been edited by Tom_q2356: Nov 1 2009, 02:31 PM

Hi Tom,

Good, it sounds like we are going in the right direction.

Let's finish this up first.

That was a SuperAntiSpyware scan you did. Your uninstall list show you have this program installed, Malwarebytes' Anti-Malware. This is the program I wanted the log from. If you still have the program, please run a scan with it with the instructions previously posted.

If you no longer have it installed, you can get a new copy from.

Malwarebytes Anti-Malware

Then

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


One more scan to check our work.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions.
• You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computerr under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Change the Files of type to Text file (.txt)
• Set the Save In to Desktop
• click the Save button.
• Please post this log in your next reply.

Please post back with

• MBAM log
• Kaspersky log

Thanks

Malwarebytes' Anti-Malware 1.41
Database version: 3082
Windows 5.1.2600 Service Pack 3

11/1/2009 10:09:57 PM
mbam-log-2009-11-01 (22-09-57).txt

Scan type: Quick Scan
Objects scanned: 115436
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Tom,

Thanks. Please post the Kaspersky log when you are ready.

Thanks

Hi Oldman960,

After almost six hours of Kaspersky completing its scan, I accidentally hit "close" or "X" and the browser dispalying Kaspersky scan results was gone. And all I could do was to say, "d-a-m-n it." I remember the scan results include 5 critical ones and 31 others infected something like that.

Should I scan again? I got to let my computer take a little brake for now. Please advice me. Thanks!

Tom

This post has been edited by Tom_q2356: Nov 2 2009, 04:57 PM

Hi Tom,

Unforunately, yes. Without knowing what Kaspersky found, we may be leaving some nasties aboard.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 2, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 03, 2009 02:26:52
Records in database: 3116013
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 133185
Threats found: 5
Infected objects found: 171
Suspicious objects found: 0
Scan duration: 04:14:02


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\mcache\0326D587E293220C.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\04FFC08B251A830C.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\08505A134C7DFBFC.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\0B156A36C84FB655.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\1452927A739A2A05.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\15E2AE3118640631.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\20507BA343250B7A.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\229365BAF884DC75.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\2CDCA9E5CD59E803.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\378A100C540A967C.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\3EEC4E70764E6A7C.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\3F53D1D0964A8B08.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\421F165E79A1C0BF.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\455598218C092C28.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\4F94D7165FEAF09E.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\53CC714B3F3B09B6.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\5E6BC1534D6B8F91.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\6425D020D1A8C369.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\6EDC5E4C5E688BF2.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\795FD64BA2C51FD4.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\7E3DEF28E6DF3F9A.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\80A944F021D297E9.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\928D3842A9A5750A.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\980C45197207BA80.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\9B0099BC320A64EE.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\9E2CD7FDD81BBAB0.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\A40820CFF3966859.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\B03C1830F8ED6E39.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\BA98A733852F2AF5.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\C21C1C506D89710B.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\C473BA6DA74EDA95.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\C518F8B8C10DB1D9.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\CD0DACE9F9AC17A0.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\CE98B9DA0D64F318.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\D5EA002EBC932E5D.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\E5270E0D10525956.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\EB5DB5B6D54E912D.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\mcache\EC3FAF73E253C865.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator\Log\VALspCommTest.zip Infected: Trojan-Downloader.Win32.Bagle.bkj 1
C:\Program Files\eMule0.49c\Temp\037.part Infected: Trojan-Clicker.Win32.AutoIt.k 1
C:\Program Files\eMule0.49c\Temp\037.part Infected: Trojan.Win32.Genome.bjgu 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.bhy 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\3D Water Effects 1.0 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\5_Card_Slingo_Deluxe_1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\A-one_DVD_to_MP3_Ripper_4.22.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AcidSpider_1.08.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Adolix_PDF_Converter_PRO_3.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Agree DIVX XVID AVI to WMV DVD Converter 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AIAB_(Am_I_a_Bot)_1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\ALTools Lunar Zodiac Snake Wallpaper 2005 Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Amethyst_PLT-2-DWG_2.01_KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Another_ViewPoint_5.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Another_Volume_Control_Widget_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\ApexSQL Code 2008.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Apollo_Missions_1.0_(Key+Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Aptcode Media Manager 1.2.19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AutoRun Wizard 2.03.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AutoTag 7.1.24.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AVCutty_2.4e.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AVG.Anti.Spyware.v7.5.0.47.Multilanguage.Cracked-CRD.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AVG_Anti-Spyware_Plus_7.5.0.50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\AVS_Video_to_GO_2.1.1.102_(KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\axsImaging 2.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Bernard_and_Hank_1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Bitrate Broadcast Calculator 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Blue Theme 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Budget Advisor 2.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\ccfilechecker 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Cd_Autoplay_Gen_2.0_(Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Chess3D_2.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Christmas Weather Report Screensaver 1.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Clippy 1.2.0 Build 20616.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\CL_Buddy_2.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Crystal XP 0.21 Prebuild.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Data ASAP 3.3.37.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\DataTierHelper_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\DB_Explorer_3.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Disk Space Monitor 1.0 b4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\DiskArcher_Backup_Utility_2.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Double-Click to Reload Tabs 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Ease Video Converter 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Ease_CD_Ripper_1.50_KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\ePodcast_Express_1.0.25_[Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Excel2HTML_Interactive_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Excelsior Installer 1.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\ExtraSMS 1.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Fast Soft Knee Limiter 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\File Topper 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Fish_Tycoon_1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Flashcard_Tables_1.09_Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Free and Easy Biorhythm Calculator 3.011.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\General Aviation 3 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Gravitational Lensing 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Habu_(formerly_Okopipi)_1.8.6.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Haxial TextEdit 1.700.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\honestech_MPEG_Encoder_6.0_[Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Hot_Rod_Cars_Screensaver_4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\HX_CLoK 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\HydraIRC 0.3.160.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\I Love You Darling 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\IDAutomation Code 128 Font Advantage 6.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Identify_Emails_-_Collect_emails_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\IE_ScrollBar_FreeStyler_Plus_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Image Sorter 2004 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Intech_ITSleuth_1.0_[With_Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Internet_Quotes_Assistant_3.80_Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\JDLabAgent 1.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Jesterware iPod Video Suite 2.06.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\JPOW_Calendar_4.2_(With_Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\KIIS_102.7_Radio_2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Kurral 6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Landscape_screensaver_2.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 Polish - Portuguese 1.1.18 [Cracked].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\LiveCalc_2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Live_Billiards_2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Lotto Cheatah 2.33.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\MailBee POP3 5.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\MailDetective for Exchange Server 2.1c.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\McAfee.ePo.3.0SP1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\MCSE_Windows_2000_Administration_301.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\MD5 Generator 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Mind Mastery Mental Conditioning 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\MLHotKey_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Movies_12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\No Trace 3.0b.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Norton.Antivirus.2006.+crack+serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\NuGenSQLWorks.NET 1.5.613.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Online To-Do List Manager.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Open Contacts 5.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Ortus_Shell_Dialogs_1.51_[Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Packed_Column_Calculator_1.1_[KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\PasswordMaker Firefox Add-on 1.7.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\pasteCode_0.6.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Pluto's ColorPick 1.03.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\PPC-Protect_1_build_04.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Prime Integer Observatory 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Punch_Me_In_1.17.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Purina Yesterday's News 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Rconfig_3.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Realtime Landscaping Architect 1.03.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Rebound Recharged.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\RN Password Manager 4.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Roommate_Finder_Solution_JUL.2007_(KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SetFSBTray 1.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SE_BOM_Extractor_3.6.27.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Shrek 3 Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SignalLab VCL 3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SkreenCAM 1.0 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SmartDraw_Photo_2.03.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Snackster.net_1.0.0_build_55.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SoftPepper DVD Ripper 1.0 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\StreamAware 1.0 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\SunRav_BookOffice_3.0_With_Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Tellura Key Minder 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Tray_Pilot_1.20_Build_14.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\TweakNow Windows Customizer 1.1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Unreal Tournament 2003 - Defiance Invasion map.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Unreal_Update_2.2.4b1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\USB-WinLock_1.2_[Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Vehicules 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Video-AVI to GIF Converter 3.011.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\WASP_-Water_And_Steam_Properties_2.0.36.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Web_Site_Robot_2.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Wiagra_Batch_Converter_2.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\WinConsole 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Window Seizer 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Windows Control 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Windows_Icon_Collection_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\XLitePro_1.6_(Cracked).zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Others\Application Data\m\shared\Yahoo!_Mail_Checker_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.bjj 1

Selected area has been scanned.

Holly... 171 of them!

Hi Tom,

It's not that bad, most of those have been quarantined already. Those will be removed when we remove our tools.

Next, Right click on OTL.exe and chose Run as Administrator to run it

• Under the Custom Scans/Fixes box at the bottom, paste in the following
• Do Not copy the word CODE
• please note the fix starts with the :

Then click the Run Fix button at the top

• Let the program run unhindered
• Please save the resulting log to be posted in your next reply.
• Reboot your computer

Please post post

• OTL fix log
• new OTL scan log

How's the computer?

Thanks

All processes killed
========== REGISTRY ==========
========== FILES ==========
Folder move failed. C:\Documents and Settings\All Users\Application Data\mcache scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator\Log\VALspCommTest.zip scheduled to be moved on reboot.
File move failed. C:\Program Files\eMule0.49c\Temp\037.part scheduled to be moved on reboot.
File move failed. C:\Program Files\eMule0.49c\Temp\037.part scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All UseZs

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

User: Others

User: Tom Q

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\hpqddsvc.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_220.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2dc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_434.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_470.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_49c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_53c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_68c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\SBC1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WGAErrLog.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 206194 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.20 mb


OTL by OldTimer - Version 3.1.1.8 log created on 11032009_082143

Files\Folders moved on Reboot...
C:\Documents and Settings\All Users\Application Data\mcache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedBit\Video Accelerator\Log\VALspCommTest.zip moved successfully.
C:\Program Files\eMule0.49c\Temp\037.part moved successfully.
C:\WINDOWS\temp\hpqddsvc.log moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_220.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_2dc.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_414.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_434.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_470.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_49c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_4c4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_53c.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5f0.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_68c.dat moved successfully.
C:\WINDOWS\temp\SBC1.tmp moved successfully.
C:\WINDOWS\temp\WGAErrLog.txt moved successfully.

Registry entries deleted on Reboot...

Hi Tom,

Please post a new OTL scan log. If it looks good, we'll clean up the tools and send you on your was.

Thanks