Jump to content

registry values (trojan)


Recommended Posts

So im running XP SP3

here is what my mbam log shows

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 3

3/24/2009 6:44:35 PM

mbam-log-2009-03-24 (18-44-35).txt

Scan type: Quick Scan

Objects scanned: 57090

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

================================================================================

=========================

however when i try to remove it wont remove... i have DL'd:

AVIRA

HiJackThis

ComboFix

SuperAntiSpyware

ATF-cleaner

any thoughts?

I can start ATF, AVIRA and MBAM (though only through MBAM)

Link to post
Share on other sites

Hi thoes entries are consistent with the presense of Rootkit.Sentinel

However you are using a very old version of MBAM combined with a very old database.

Malwarebytes' Anti-Malware 1.30

Database version: 1306

We are currently upto 1.34 + DB 1891

Please uninstall old MBAM and then reinstall most recent version.

http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

Update and run a quick scan :(

Link to post
Share on other sites

ok i updated and heres where im at (when i updated MBAM it showed 15 total after scan now im back down to the original 4 again)

Malwarebytes' Anti-Malware 1.34

Database version: 1749

Windows 5.1.2600 Service Pack 3

3/25/2009 10:33:10 PM

mbam-log-2009-03-25 (22-33-10).txt

Scan type: Quick Scan

Objects scanned: 85588

Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

You have 2 very unpleasent rootkits present on computer that is going to take some fancy footwork to displace!

First to be addressed is the 1 thats not showing but is preventing MBAM from updating to its current database.

MBAM log is still showing you on Database version: 1749 and we are currently upto 1897

Please use the following walkthrough to diagnose(&cure) if present the CLB Rootkit Driver.

http://www.malwarebytes.org/forums/index.php?showtopic=12709

When you have done this open MBAM,goto update tab and select check for updates.

Now run quick scan and post back the MBAM log generated.

Thanks in advance.

Link to post
Share on other sites

Now this is the log.. rebooting to delete...brb

Malwarebytes' Anti-Malware 1.34

Database version: 1899

Windows 5.1.2600 Service Pack 3

3/26/2009 3:12:33 PM

mbam-log-2009-03-26 (15-12-33).txt

Scan type: Quick Scan

Objects scanned: 45107

Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 6

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\UAC5a35.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

all updated and still the virus..

Malwarebytes' Anti-Malware 1.34

Database version: 1899

Windows 5.1.2600 Service Pack 3

3/26/2009 4:05:53 PM

mbam-log-2009-03-26 (16-05-53).txt

Scan type: Quick Scan

Objects scanned: 92287

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

when i did the Rootrepeal i came up with this (i have no idea why so many mp3's are locked)

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/26 16:37

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\mnxfhean.dat

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\etilqs_H0Dq3Are9wQRiaAbRevE

Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\CD Burning\08CHOP~1.MP3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\CD Burning\1-16DR~1.MP3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\00-styles_p_feat_the_lox-blow_your_mind_(remix)_bw_gangs (1).m3u

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\03-styles_p_feat_the_lox-blow_your_mind_(remix)_(instrum (1).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\03-styles_p_feat_the_lox-blow_your_mind_(remix)_(instrumenta.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\04-playaz_circle_feat._lil_wayne_juelz_and_birdman_-_duffle_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-shawty_lo_ft_young_jeezy_ludacris_lil_wayne_plies-dey_kno.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-mike_jones_feat_hurricane_chris-drop_and_gimme_50_(90_bpm.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-soulja_boy_feat._jermaine_dupri_and_twista-crank_that_(re.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-styles_p_feat_the_lox-gangsta_gangsta_(instrumental)-apt..mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\07-daz_dillinger-caught_up_in_tha_game_(ft._jagged_edge_and_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\08-rihanna-dont_stop_the_music_(jody_den_broeder_big_room_du.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\210-dj_felli_fel_ft._diddy_akon_ludacris_and_lil_jon-get_buc.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\103-trey_songz-cant_help_but_wait_(il_hot_dj_toco_remixxx)-s.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\202-flo-rida_ft._timbaland-elevator_(il_hot_dj_docta_dawe_re.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\203-flo-rida_ft._timbaland-elevator_(il_hot_dj_awdamaddix_re.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\01-baby_bash_feat._t-pain_hurricane_chris_and_gorilla_zoe-cy.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\01-styles_p_feat_the_lox-blow_your_mind_(remix)_(clean)-apt..mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\02-lil_wayne-duffle_bag_boyz_(remix)_ft._birdman_and_juelz_s.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\000-va-il_hot_remix_vol._129_-_for_djs_only-2cd-bootleg-2008.m3u

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\02-styles_p_feat_the_lox-blow_your_mind_(remix)_(dirty)-apt..mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-fabolous-baby_dont_go_(feat_t-pain)_(produced_by_jermaine.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-rihanna-dont_stop_the_music_(jody_den_broeder_big_room_mi.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\01 - Eminem feat Bobby Creekwater & Cashis - Crack A Bottle Remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\02 - Chamillionaire feat The Game & Ludacris - Creepin (Solo) Remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\03 - Busta Rhymes feat Young Jeezy and Jadakiss - Respect My Conglomerate.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\06 - Q-Tip feat Busta Rhymes, Raekwon & Lil Wayne - Renaissance Rap Remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\07 - Jim Jones feat N.O.E. & Brittney Taylor - Na Na Nana Na Na.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\08 - Hustle Boy feat Mannie Fresh & Gorilla Zoe - It's Nuthin.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\18 - Ryan Leslie feat Jadakiss - How It Was Supposed To Be Remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 1 - Track Listing.txt

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D2 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 2 - Track Listing.txt

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D3 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 3 - Track Listing.txt

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-COVER.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-M3U.m3u

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-NFO.nfo

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols\So Seductive 9 (Valentine's Edition)\12-2_pistols-she_got_it_(feat._t-pain).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols feat T-Pain\X-Mix Radioactive Urban Radio February\15-2_pistols_feat_t-pain-she_got_it_(67_bpm)-atrium.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Big Noyd\Promo Only Urban Club March\106-big_noyd-things_done_changed.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Danity Kane\Radioplay Urban Express 760Y\09-danity_kane-damaged-(main).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fabolous Ft. Jermaine Dupri\Select Mix Select Essentials Vol. 28\08-fabolous_ft._jermaine_dupri-baby_dont_go_(100).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Charlie Wilson Feat. T-Pain\Supa Sexy (Promo CDS)\01-charlie_wilson_ft_t-pain-supa_sexy-main.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Katie Herzig\Vanguard 08-06-(Promo CD)\18-katie_herzig-sweeter_than_this.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Busta Rhymes\DJ Scope-Street Certified 16 (Bootleg)\23-busta_rhymes_-_jackin_4_beats_08-hood.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Busta Rhymes Ft. Main-O, Lil Kim\DJ Radio-Mr Sold Out Pt.14\10-busta_rhymes_ft._main-o_lil_kim-they_know_nyc_(remix)-fua.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Akon\Konvicted (Deluxe Edition)\06 - Never Took The Time.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\50 Cent\Curtis (Special Edition)\50 Cent-Curtis (Special Edition) - 14- Fire (Feat. Young Buc.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rob G Ft. Paul Wall\Rollin Phillies\210-rob_g_ft._paul_wall-private_dancer.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\11\Unknown Album\11_Rihanna_-_Dont_Stop_the_Music_(DJ_Samy_S_Club_Remix)-KMA.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Huey Ft. MeMpHiTz And T-Pain\Promo Only Urban Club March\104-huey_ft._memphitz_and_t-pain-tell_me_this_(g-5)_(tha_rem.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Serj Tankian\Vanguard 08-04-(Promo CD)\04-serj_tankian-sky_is_over.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grind Mode\J. Armz And Bless Entertainment Present\07-grind_mode-so_high.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grind Mode feat. Rick Ross\DJ Smallz-Best Thing Smokin Vol. 12\17-grind_mode_feat._rick_ross-im_so_high-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grindmode & Rick Ross\DrasticX, DJ EFN, Rick Ross - Made In Da\37 - Grindmode & Rick Ross - I'm So High (Remix) - DrasticX,.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Webbie feat. Fat Joe, Paul Wall & Jim Jo\DJ Envy, Tapemasters Inc. & Paul Wall-Pu\21-webbie_feat._fat_joe_paul_wall_and_jim_jones-gimme_dat_(r.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Webbie Ft. Gorilla Zoe, Phat & Lil' Boos\Promo Only Urban Club March\108-webbie_ft._gorilla_zoe_phat_and_lil_boosie-independent_(.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols Ft. T-Pain & Tay Dizm\Promo Only Mainstream Radio February\10-2_pistols_ft._t-pain_and_tay_dizm-she_got_it_(promo_only_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Khaled Feat. Akon, T-Pain, R.Kelly, L\DJ Arson & DJ Ty Boogie-The Hit List Vol\25-dj_khaled_feat._akon_t-pain_r.kelly_lil_kim_young_jeezy-w.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Khaled Ft. T-Pain, Trick Daddy, Rick\Promo Only Urban Club October\102-dj_khaled_ft._t-pain_trick_daddy_rick_ross_and_plies-im_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Freeway Ft. 50 Cent\Promo Only Urban Club March\110-freeway_ft._50_cent-take_it_to_the_top.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Elliot\The_Best_Of_Hiphop_RnB_Pop_Vol.13-2008\10 Missy Elliot - Ching-A-Ling.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Elliott\Funkymix 114\08-missy_elliott-ching-a-ling_-_102.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Higgins\Vanguard 08-06-(Promo CD)\20-missy_higgins-where_i_stood.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R.Kelly Feat T.I And T-Pain\Mistarello.Com-Hard Body Blend\23-r.kelly_feat_t.i_and_t-pain-im_a_flirt_b-w_50_cent-whip_y.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Colby Odanis feat. Akon\DJ Smallz-Smokin RnB Vol. 9\10-colby_odanis_feat._akon-what_u_got-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Colby Odanis feat. Akon\Mixshow Ingredients Vol. 17\16-colby_odanis_feat._akon-what_you_got_(120).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Eddie Vedder\Vanguard 08-06-(Promo CD)\05-eddie_vedder-guaranteed-(radio).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Juelz Santana Ft. Young Jeezy, Fabolous\I'm A Boss (Promo CDS)\02-juelz_santana_ft._young_jeezy_fabolous_and_cassidy-im_a_b.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kelly Rowland ft Eve\9 Inch Remix Vol. 2\201-kelly_rowland_ft_eve-like_this_(break)_(90_bpm).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Oneal Mcknight Feat. Greg Nice\Radioplay Urban Express 760Y\10-oneal_mcknight_feat._greg_nice-check_your_coat.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rich Boy\Mistarello.Com-Hard Body Blend\24-rich_boy-throw_some_ds_b-w_c_murder-down_for_my_niggas-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Carol City's King\32-rick_ross-duffle_bag_boy_(remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Coka Brovas\19-rick_ross-haterz.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Corna_Boyz Vol. 2\13-rick_ross-haterz_(rmx)-BbH.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Wu-Tang Clan\J-Love & Wu-Tang Clan-Return Of The Swar\01-wu-tang_clan-watch_your_mouth.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.Gusanero.com\Graduation\15 - Kanye West FT. Young Jeezy - Graduation - 2007 - Can't .mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T-Pain\DJ Tremayne-Shine Cause I Grin\13-t-pain-buy_you_a_drink_remix_feat_kanye_west-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T-Pain Ft. Teddy Verseti\Promo Only Urban Club November\118-t-pain_ft._teddy_verseti-church.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Michael Jackson With Will.I.Am\Radioplay Urban Express 760Y\11-michael_jackson_with_will.i.am-the_girl_is_mine_2008.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Styles P Ft Jadakiss And SHeek\Unknown Title (Bootleg)\21-styles_p_ft_jadakiss_and_sheek_louch-gangster_gangster_(s.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R.Kelly f. T.I. & T.Pain\I'm A Flirt\R.Kelly f. T.I. & T.Pain - I'm A Flirt(Remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rihanna\VA - Black Summmer 2007\204-rihanna-s.o.s.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\German Top20 BC\009-snoop_dogg_-_sensual_seduction-ministry.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\King stuff Radio Volume 2\18-snoop_dogg-sensual_seduction_(remix)_(feat._lil_kim).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\Radioplay Euro Express 761U\215-snoop_dogg_feat._robyn-sensual_seduction-(remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Felli Fel Ft. Diddy, Akon, Ludacris &\Promo Only Urban Club March\114-dj_felli_fel_ft._diddy_akon_ludacris_and_lil_jon-get_buc.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\101-missy_elliot-ching_a_ling_(il_hot_dj_solg_v4l_remixxx_pt.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\102-missy_elliot-ching_a_ling_(il_hot_dj_awdamaddix_remixxx_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\103-justin_timberlake-chop_me_up_(il_hot_dj_flashlight_remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\110-snoop_dogg-sensual_seduction_(il_hot_dj_flashlight_remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\101-baby_bash_ft._sean_kingston-what_is_that_(il_hot_dreadkn.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\102-50_cent_ft._young_buck_and_nicole_scherzinger-fire_(il_h.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\105-keyshia_cole_ft._amina-shoulda_let_u_go_(il_hot_r.e.e.o_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\110-missy_elliott-shake_it_like_a_pom_pom_(il_hot_awdamaddix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\204-50_cent-infared_(il_hot_r.e.e.o_remixxx)-scratch.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\205-michael_jackson_ft._will_i._am.-the_girl_is_mine_08_(il_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\206-shaggy_ft._akon-whats_love_(il_hot_dj_anakin_from_asv_re.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\207-mary_j._blige_vs._missy_elliott-just_fine_(il_hot_dj_raz.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\208-beyonce_vs._nicole_scherzinger-get_me_bodied_(il_hot_dj_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\209-rihanna-umbrella_(acoustic)_(il_hot_dj_redz_remixxx)-scr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\210-aretha_franklin-r.e.s.p.e.c.t_(il_hot_dj_e-motion_remixx.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\211-carlos_santana_ft._rob_thomas-smooth_(il_hot_dj_redz_rem.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Various Artists\Radioplay Urban Express 761Y\09-big_gemini_feat._flo_rida_and_lil_rob-hypnotized-(remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Mistarello.Com-A Lil Bit Of Di\17-kanye_west-cant_tell_me_nothing_(remix)_(feat_lil_wayne_y.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Unknown Album\Chopdezol Feat Sean Paul(Young Bloodz) - Pump It rmx.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Unknown Album\N.O.R.E ft Swizz Beatz, Busta Rhymes, Cassidy, Talib Kweli, .mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Panic At The Disco\Vanguard 08-06-(Promo CD)\03-panic_at_the_disco-nine_in_the_afternoon-(radio_edit).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones\Promo Only Urban Club March\107-jim_jones-love_me_no_more.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones\Radioplay Urban Express 760Y\01-jim_jones-they_dont_love_me_no_more-(clean).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones Feat. Baker Boyz\DJ Famous-Holla Ya Heard Part 6 (Bootleg\10-jim_jones_feat._baker_boyz-now_i_can_do_that-r3d.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ray-J feat. Yung Berg\DJ Arson And DJ E-Kim-The Hit List Vol_\09-ray-j_feat._yung_berg-sexy_can_i-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Razah\Promo Only Urban Club March\113-razah-rain.2.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Board Bangers\Promo Only Urban Club September\104-board_bangers-cause_the_beats_hot.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Bob Wow & Omarion\Vanguard 08-06-(Promo CD)\08-bob_wow_and_omarion-hey_baby-(jump_off).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.RnB4U.dl.am\Unknown Album\Chris Brown ft. The Game - Nice (Prod. by Scott Storch) (200.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.RnB4U.dl.am\Unknown Album\Yo Gotti Ft.Pleasue (Of Pretty Ricky)-Lets Vibe (2007).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Eric Lindell\Vanguard 08-04-(Promo CD)\19-eric_lindell-lay_back_down.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fat Joe Ft. J. Holiday\DJ Envy-The Hitlist 27-Bootleg\06-fat_joe_ft._j._holiday-i_wont_tell-bbh.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fergie\The Dutchess\19.Fergie - Clumsy.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fergie Feat. Soulja Boy\Radioplay Euro Express 757U\205-fergie_feat._soulja_boy-clumsy-(collipark_remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Swizz Beatz\One Man Band Man\12-swizz_beatz-its_me_(remix)_(feat._r._kelly_lil_wayne_and_.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sylvia Tosun\Promo Only Dance Radio November\16-sylvia_tosun-head_over_heels_(warren_rigg_radio_mix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Soulja Boy\Souljaboytellem.com\08-soulja_boy-yahhh_feat_arab.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sean Kingston\Radioplay Pop Express 744P\03-sean_kingston-take_you_there.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Mike Jones\Follow The Future-Hip Hop Radio Bootleg\20-mike_jones-turning_heads-ukp.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Chingy\Hate It Or Love It\06-chingy-gimme_dat_(feat_ludacris_and_bobby_valentino)_(pro.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Pitbull Feat Lil Jon\Mixshow Ingredients Vol. 16\19-pitbull_feat_lil_jon-the_anthem_(124).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\pitbull feat lloyd\Worlds Dance Music October Part 2\14-pitbull_feat_lloyd-secret_admirer_(radio).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Pittsburgh Slim\Promo Only Mainstream Radio November\20-pittsburgh_slim-girls_kiss_girls.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Theory Of A Deadman\Vanguard 08-04-(Promo CD)\10-theory_of_a_deadman-so_happy-(radio_edit).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Flo-Rida\Tapemasters Inc.-Codeine Hitz Pt. 5 Boot\18-flo-rida-low_ft._t-pain-ukp.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\flo-rida ft. k\If You Buyin We Sellin XV\23-flo-rida_ft._k-elevator.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Drama\Gangsta Grillz Volume 17\19-b.g._and_t.i.-for_a_minute.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Envy & Red Cafe feat. Jermaine Dupri,\Bizkit-Tapes Top 20 Vol. 20\08-dj_envy_and_red_cafe_feat._jermaine_dupri_juelz_santana_s.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Felli Fel f Ne-Yo, Fabolous, Kanye We\Black Music Collection 14 by fluppi\DJ Felli Fel f Ne-Yo, Fabolous, Kanye West, and J.D. - The F.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\King stuff Radio Volume 2\08-three_6_mafia-on_sum_chrome_(feat._u.g.k.).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\13-three_6_mafia-pussy_got_ya_hooked_(ft.remy_ma)-sut.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\05-three_6_mafia-swervin_(ft.mike_jones_and_paul_wall)-sut.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\08-three_6_mafia-hard_hittaz_(ft.boogiemane)-sut.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\14-three_6_mafia-dont_cha_get_mad_(ft.lil_flip)-sut.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\16-three_6_mafia-stay_fly_remix_(ft.slim_thug_trick_daddy_an.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\20-three_6_mafia-dancin_on_a_pole_(ft.chrome)-sut.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia feat. Kanye West & Project\DJ Envy, Tapemasters Inc. & Rick Ross-Pu\11-three_6_mafia_feat._kanye_west_and_project_pat-side_2_sid.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three Days Grace\Vanguard 08-06-(Promo CD)\09-three_days_grace-riot-(edit-clean).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ashanti\The Way That I Love You\02-ashanti-the_way_that_i_love_you-main.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ashanti\Vanguard 08-06-(Promo CD)\04-ashanti-the_way_that_i_love_you.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jay-Z\DJ Whiteowl-Pump Up The Volume 2 Bootleg\01-jay-z-roc_boys_(prod_by_p._diddy)-ukp.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Elliott Yamin\Radioplay Pop Express 745P\19-elliott_yamin-one_word-(radio_edit).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Scotty K\Promo Only Mainstream Club November\206-dj_scotty_k-goodnight_tonight_(original_klub_mix_ft._kno.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Collage\Promo Only Dance Radio November\15-collage-ill_be_loving_you_(chris_the_greek_radio_mix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Common\Promo Only Urban Club November\115-common-i_want_you.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Shawty Lo Ft. Maino, Lil' Kim & Busta Rh\Promo Only Urban Club March\103-shawty_lo_ft._maino_lil_kim_and_busta_rhymes-they_know_(.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ryan Leslie Ft. Kanye West\Promo Only Urban Club February\113-ryan_leslie_ft._kanye_west-diamond_girl.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R Kelly Ft. T.I. & T-Pain\DJ G-Spot-Blends Done My Way Bootleg\13-r_kelly_ft._t.i._and_t-pain-im_a_flirt_(dj_g-spot_rmx).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\Double Up\08-r._kelly-i'm_a_flirt_(remix)_(ft._t.i._&_t-pain).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\Double Up\08 - R. KellyT.I.T-Pain - I'm a Flirt Remix-RGF.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\http___myspace.com_smoskaspace\R.Kelly -I'm Flirt (French Remix feat. S.M.O. and T. Pain).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly Ft. T.I. T-Pain\Kings Of RnB Mixtape\11-r._kelly_ft._t.i._t-pain-im_a_flirt_(remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T.I._Tip\DMC Dj-Only 101\204-r_kelly_featuring_t.i._and_t._pain-im_a_flirt.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\UGK\Underground Kingz\50. UGK - Intl Players Anthem (I choose you) featuring Outka.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Lloyd\Shawty Get Loose\01-lil_mamma_feat._chris_brown_and_t-pain-shawty_get_loose_(.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Silversun Pickups\Vanguard 08-06-(Promo CD)\13-silversun_pickups-little_lovers_so_polite-(radio_edit).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\B.O.B. Ft. Rick Ross And Juvenile\DJ Envy-The Hitlist 27-Bootleg\22-b.o.b._ft._rick_ross_and_juvenile-haterz-bbh.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\b.o.b. juvenile rick ross\The Return Of The Hot Boys Pt. 3\20-b.o.b._juvenile_rick_ross-haterz_everywhere_remix.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Trazz Feat. Wayne Wonder\Radioplay Urban Express 760Y\14-trazz_feat._wayne_wonder-gonna_love_u.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Trey Songz Feat. Plies\Radioplay Urban Express 760Y\13-trey_songz_feat._plies-cant_help_but_wait-(remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Janet\Discipline\03-janet_jackson-luv-whoa.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\AZ\Radioplay Urban Express 760Y\04-az-undeniable-(clean).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kanye West\DJ Clue-The Storm Ultimatum\13-kanye_west-cant_tell_me_nothing_(rocafella_remix)_(feat._.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sonic Youth\Vanguard 08-06-(Promo CD)\11-sonic_youth-superstar.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\JC Feat. Gorilla Zoe\Radioplay Urban Express 760Y\12-jc_feat._gorilla_zoe-nobody_gotta_know.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Gary Louris\Vanguard 08-06-(Promo CD)\23-gary_louris-omaha_nights.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kasper From The K\Vanguard 08-04-(Promo CD)\17-kasper_from_the_k-whatchagondo.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Wayne Taylor\Promo Only Urban Club November\114-wayne_taylor-came_here_to_party_(the_original_party_mix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rob G. feat. Paul Wall\DJ Smallz-Texas Trafficking\14-rob_g._feat._paul_wall-private_dancer-cr.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\David Banner\Down South Slangin' 45\10-david_banner-candyman.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\david guetta & chris wills\Hitbox 2007 volume 3\16-david_guetta_and_chris_wills_-_love_is_gone.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Keyshia Cole\Just Like You\05-keyshia_cole-i_remember.mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Twista\Adrenaline Rush 2007\11-Twista-Creep Fast (feat. T-Pain).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Twista\Adrenaline Rush 2007\16-Twista-Ain't No Hoes (feat. Bone Thugs N Harmony).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\WWW.MY12INCH.COM\Before Ego Trippin\14 . Sensual Seduction (Remix).mp3

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Application Data\Mozilla\Firefox\Profiles\gjmp53xz.default\Cache\_CACHE_001_

Status: Size mismatch (API: 394832, Raw: 394065)

Link to post
Share on other sites

Ok right the presence of the following MBAM removed item confirms that you have sucessfully killed the CLB driver :(

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted

That is the first Rootkit dealt with and now we need to move onto the second one which is RootKit.Sentinel

I can create an automated fix for this using MBAM but i will need for you to collect 3 target files from your infected computer and upload them to me so i can further analsyse them and update MBAM accordingly to target them :(

Those mp3's items are not a concern but quite possibly you had had ITunes open during the rootrepeal session and it was picking up the current playlist but then again they are not importent!

Right back to the chase now for these 3 target file requireds can you please create a new folder in my Documents and call it "suspect files"

File 1,

Please use RootRepeal to *Copy* the following file into the suspect file folder.

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\mnxfhean.dat

Status: Locked to the Windows API!

File 2+3 i will need you to run 2 more diagnostic tools for me to be able to identify where they are hiding first!

1st report log needed-

[*]Please download this program Trend Micro HijackThis to your desktop.

[*]Double-click on it to run and install it.

[*]Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.

Please Copy and paste the contents of that log to a topic reply.

2nd report log needed-

Download and install Autoruns.

http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

When you first run it it will generate an extensive listing and the word "Ready" will appear in the bottom left of the sofware GUI.

At this point goto options and place check(tick) against verify coded signatures and hide Microsoft & windows entries.Next press F5 button to refresh.

Once Ready status by software is gained then goto File option.Select "Export as" and save output file as Autoruns.txt

Can you please then copy and paste the contents of that text file into your next reply for analysis.

Thanks in advance :)

Link to post
Share on other sites

Here is what i could find to give you....

thanks for everything so far

when i copy file it gives me this (i am pretty sure im doing it wrong)

--------------------------------------

13:23:51: can't open file 'C:\Documents and Settings\Gary.TAFT-D93B5620A7\Desktop\copy_mnxfhean.dat' (error 5: access is denied.)

13:23:51: Successfully copied the file!

Here is HiJackThis...

----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:01:44 PM, on 3/27/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

Hi ya,

Ok my bad i forgot the target file was locked to WinAPI and as such will resist attempts to copy or delete it.

No problem we will just use another trick to fool it into giving up its secrets :D

Please download IceSword and use only as directed.

http://majorgeeks.com/Icesword_d5199.html

Extract it from ZIP and run icesword.exe.

In the bottom left corner of the main software GUI is a file option/button.Please select this.

Navigate using the file explorer tree to C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp folder.

Next look to file list in the middle of the screen and locate the line with mnxfhean.dat listed.

Highlight the line with your mouse and rightclick and select *copy file* only

You will need to rename it to *suspect.old* and save it to the folder you created for holding samples .

Close Icesword at this point.

Next the following entry in Autoruns-

+ qrgnqkxr Sony USB Lower Filter driver (Not verified) Sony Corporation c:\windows\system32\drivers\qrgnqkxr.sys

If you can grab a copy of the file qrgnqkxr.sys and save that to the holding folder also.

The 3rd file i required actually appears to have already been removed as signified by the following HJT entry :D

O2 - BHO: (no name) - {5C3997A9-80CB-44D9-A537-F045CBBE3F06} - C:\WINDOWS\system32\bthser.dll (file missing)

So now please can you zip up the holding folder and upload to a new topic marked for my attention in the following forum.

http://www.malwarebytes.org/forums/index.php?showforum=55

Thanks in advance :)

Thanks in advance

C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\

Link to post
Share on other sites

Hi and sorry for the delay in replying as i have been busy over the weekend.

New Rules will be added to MBAM database in the next 24 hours(DB 1922/1923) to attack and remove your variant.

When these updates are available please run MBAM quick scan and post back a new log + new HJT log.

Thanks in advance.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.