Hi,

I am infected with W32/Bagle.QV.worm and w32/bagle.hx.worm. My SPybot, HIjackThis, Anti-virus, Firewall and anti-spyware are all disabled and they say that they are not a valid W32 application when I try to run them. I cannot boot into safe mode. This is my log from Panda Online Scanner:

Virus:W32/Bagle.QV.worm Disinfected Operating system
Virus:w32/bagle.hx.worm Disinfected Operating system
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\John\Cookies\john@247realmedia[2].txt Spyware:Cookie/PointRoll Not disinfected
C:\Documents and Settings\John\Cookies\john@ads.pointroll[1].txt Spyware:Cookie/Adserver Not disinfected
C:\Documents and Settings\John\Cookies\john@adserver.easyad[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\John\Cookies\john@adtech[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John\Cookies\john@adultfriendfinder[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\John\Cookies\john@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\John\Cookies\john@atwola[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\John\Cookies\john@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@bs.serving-sys[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\John\Cookies\john@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John\Cookies\john@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John\Cookies\john@did-it[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\John\Cookies\john@fortunecity[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\John\Cookies\john@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\John\Cookies\john@kinghost[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\John\Cookies\john@programs.wegcash[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\John\Cookies\john@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\John\Cookies\john@revenue[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\John\Cookies\john@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\John\Cookies\john@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\John\Cookies\john@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John\Cookies\john@trafficmp[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\John\Cookies\john@weborama[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\John\Cookies\john@www3.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John\Cookies\john@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John\Cookies\john@yadro[1].txt
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\0UIE304L\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\41XAHKA8\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\EO3TKUQN\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\F09VR1O3\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\HZ4XPO8T\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K045V6JL\b64_31[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\P3T59Y6A\b64_1[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\Q4B2NNJR\b64_31[1].jpg
Virus:W32/Bagle.QV.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\TJ8WQ0GC\b64_2[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\WXY78X6F\b64_31[1].jpg
Virus:W32/Bagle.QV.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\X335ZVGQ\b64_2[1].jpg
Virus:W32/Bagle.RC.worm Disinfected C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\ZMAVY5JP\b64_1[1].jpg
Virus:W32/Bagle.QV.worm Disinfected C:\WINDOWS\system32\drivers\down\14422228.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\14432212.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\14435316.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\46036.exe
Virus:W32/Bagle.QV.worm Disinfected C:\WINDOWS\system32\drivers\down\51103.exe
Virus:W32/Bagle.QV.worm Disinfected C:\WINDOWS\system32\drivers\down\57652.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\59145.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\61738.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\66585.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\66695.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\69870.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\70331.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\72564.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\72634.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\drivers\down\75578.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\mdelk.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\system32\wintems.exe


I am running a GMER scan now and I will post the results. Any help would be greatly appreciated. Thanks.

I know nobody asked for it but here is the link to my GMER scan log.

http://rapidshare.de/files/38493702/ParkExGMER_Scan.log.html

Thanks.

Here's my Kaspersky scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 7:43:34 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 548456
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 97799
Number of viruses found: 8
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 11:54:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Desktop\FxBeagle.log Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012008020420080205\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\0UIE304L\b64_1[1].jpg Infected: Trojan-PSW.Win32.Agent.xd skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\0UIE304L\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K045V6JL\b64_31[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K045V6JL\b64_31[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\K045V6JL\b64_31[3].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\TJ8WQ0GC\b64_2[1].jpg Infected: Trojan.Win32.Pakes.bwy skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Infected: Trojan-Downloader.Win32.Bagle.jh skipped
C:\Program Files\Eset\infected\35N4O3AA.NQF Infected: Trojan-Spy.Win32.BZub.buz skipped
C:\Program Files\Eset\infected\OP3Z5GDA.NQF Infected: Trojan-Dropper.Win32.Delf.adh skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C84699F1-CF41-46BF-83BE-5428734C096E}\RP1\A0000119.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{C84699F1-CF41-46BF-83BE-5428734C096E}\RP1\A0000120.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{C84699F1-CF41-46BF-83BE-5428734C096E}\RP1\change.log Object is locked skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{C84699F1-CF41-46BF-83BE-5428734C096E}\RP1\change.log Object is locked skipped

Scan process completed.


Thanks.