So im running XP SP3

here is what my mbam log shows

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

3/24/2009 6:44:35 PM
mbam-log-2009-03-24 (18-44-35).txt

Scan type: Quick Scan
Objects scanned: 57090
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
================================================================================
=========================

however when i try to remove it wont remove... i have DL'd:
AVIRA
HiJackThis
ComboFix
SuperAntiSpyware
ATF-cleaner

any thoughts?

I can start ATF, AVIRA and MBAM (though only through MBAM)

Hi thoes entries are consistent with the presense of Rootkit.Sentinel

However you are using a very old version of MBAM combined with a very old database.
Malwarebytes' Anti-Malware 1.30
Database version: 1306

We are currently upto 1.34 + DB 1891

Please uninstall old MBAM and then reinstall most recent version.

http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

Update and run a quick scan

Where is version 1.35??????? and when?????

The download link is in my previous post


Click to view attachment

that is version 1.34 not 1.35 as stated in your 1st post! (post#2)....must have been a "finger" error!

lol my bad ! will edit to correct

Cheers!

ok i updated and heres where im at (when i updated MBAM it showed 15 total after scan now im back down to the original 4 again)

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

3/25/2009 10:33:10 PM
mbam-log-2009-03-25 (22-33-10).txt

Scan type: Quick Scan
Objects scanned: 85588
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

You have 2 very unpleasent rootkits present on computer that is going to take some fancy footwork to displace!

First to be addressed is the 1 thats not showing but is preventing MBAM from updating to its current database.
MBAM log is still showing you on Database version: 1749 and we are currently upto 1897

Please use the following walkthrough to diagnose(&cure) if present the CLB Rootkit Driver.
http://www.malwarebytes.org/forums/index.php?showtopic=12709

When you have done this open MBAM,goto update tab and select check for updates.

Now run quick scan and post back the MBAM log generated.

Thanks in advance.

Now this is the log.. rebooting to delete...brb


Malwarebytes' Anti-Malware 1.34
Database version: 1899
Windows 5.1.2600 Service Pack 3

3/26/2009 3:12:33 PM
mbam-log-2009-03-26 (15-12-33).txt

Scan type: Quick Scan
Objects scanned: 45107
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Supports RAS Connections (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\UAC5a35.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

all updated and still the virus..

Malwarebytes' Anti-Malware 1.34
Database version: 1899
Windows 5.1.2600 Service Pack 3

3/26/2009 4:05:53 PM
mbam-log-2009-03-26 (16-05-53).txt

Scan type: Quick Scan
Objects scanned: 92287
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

when i did the Rootrepeal i came up with this (i have no idea why so many mp3's are locked)

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/03/26 16:37
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\mnxfhean.dat
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\etilqs_H0Dq3Are9wQRiaAbRevE
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\CD Burning\08CHOP~1.MP3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\gary\Local Settings\Application Data\Microsoft\CD Burning\1-16DR~1.MP3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\00-styles_p_feat_the_lox-blow_your_mind_(remix)_bw_gangs (1).m3u
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\03-styles_p_feat_the_lox-blow_your_mind_(remix)_(instrum (1).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\03-styles_p_feat_the_lox-blow_your_mind_(remix)_(instrumenta.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\04-playaz_circle_feat._lil_wayne_juelz_and_birdman_-_duffle_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-shawty_lo_ft_young_jeezy_ludacris_lil_wayne_plies-dey_kno.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-mike_jones_feat_hurricane_chris-drop_and_gimme_50_(90_bpm.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-soulja_boy_feat._jermaine_dupri_and_twista-crank_that_(re.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\06-styles_p_feat_the_lox-gangsta_gangsta_(instrumental)-apt..mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\07-daz_dillinger-caught_up_in_tha_game_(ft._jagged_edge_and_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\08-rihanna-dont_stop_the_music_(jody_den_broeder_big_room_du.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\210-dj_felli_fel_ft._diddy_akon_ludacris_and_lil_jon-get_buc.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\103-trey_songz-cant_help_but_wait_(il_hot_dj_toco_remixxx)-s.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\202-flo-rida_ft._timbaland-elevator_(il_hot_dj_docta_dawe_re.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\203-flo-rida_ft._timbaland-elevator_(il_hot_dj_awdamaddix_re.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\01-baby_bash_feat._t-pain_hurricane_chris_and_gorilla_zoe-cy.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\01-styles_p_feat_the_lox-blow_your_mind_(remix)_(clean)-apt..mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\02-lil_wayne-duffle_bag_boyz_(remix)_ft._birdman_and_juelz_s.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\000-va-il_hot_remix_vol._129_-_for_djs_only-2cd-bootleg-2008.m3u
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\02-styles_p_feat_the_lox-blow_your_mind_(remix)_(dirty)-apt..mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-fabolous-baby_dont_go_(feat_t-pain)_(produced_by_jermaine.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\05-rihanna-dont_stop_the_music_(jody_den_broeder_big_room_mi.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\01 - Eminem feat Bobby Creekwater & Cashis - Crack A Bottle Remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\02 - Chamillionaire feat The Game & Ludacris - Creepin (Solo) Remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\03 - Busta Rhymes feat Young Jeezy and Jadakiss - Respect My Conglomerate.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\06 - Q-Tip feat Busta Rhymes, Raekwon & Lil Wayne - Renaissance Rap Remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\07 - Jim Jones feat N.O.E. & Brittney Taylor - Na Na Nana Na Na.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\08 - Hustle Boy feat Mannie Fresh & Gorilla Zoe - It's Nuthin.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\18 - Ryan Leslie feat Jadakiss - How It Was Supposed To Be Remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D1 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 1 - Track Listing.txt
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D2 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 2 - Track Listing.txt
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\Downloads\DJ Willis - Mix of the Month - March 2009 3CD (williswho.com)\DJ Willis - Mix of the Month - March 2009 - D3 (williswho.com)\DJ Willis - Mix of the Month - March 2009 - Disc 3 - Track Listing.txt
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-COVER.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-M3U.m3u
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-The Pirate Bay-\Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)\00 Tapemasters Inc - The Future Of RnB 12 (Hosted By Uness)-NFO.nfo
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols\So Seductive 9 (Valentine's Edition)\12-2_pistols-she_got_it_(feat._t-pain).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols feat T-Pain\X-Mix Radioactive Urban Radio February\15-2_pistols_feat_t-pain-she_got_it_(67_bpm)-atrium.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Big Noyd\Promo Only Urban Club March\106-big_noyd-things_done_changed.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Danity Kane\Radioplay Urban Express 760Y\09-danity_kane-damaged-(main).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fabolous Ft. Jermaine Dupri\Select Mix Select Essentials Vol. 28\08-fabolous_ft._jermaine_dupri-baby_dont_go_(100).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Charlie Wilson Feat. T-Pain\Supa Sexy (Promo CDS)\01-charlie_wilson_ft_t-pain-supa_sexy-main.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Katie Herzig\Vanguard 08-06-(Promo CD)\18-katie_herzig-sweeter_than_this.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Busta Rhymes\DJ Scope-Street Certified 16 (Bootleg)\23-busta_rhymes_-_jackin_4_beats_08-hood.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Busta Rhymes Ft. Main-O, Lil Kim\DJ Radio-Mr Sold Out Pt.14\10-busta_rhymes_ft._main-o_lil_kim-they_know_nyc_(remix)-fua.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Akon\Konvicted (Deluxe Edition)\06 - Never Took The Time.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\50 Cent\Curtis (Special Edition)\50 Cent-Curtis (Special Edition) - 14- Fire (Feat. Young Buc.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rob G Ft. Paul Wall\Rollin Phillies\210-rob_g_ft._paul_wall-private_dancer.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\11\Unknown Album\11_Rihanna_-_Dont_Stop_the_Music_(DJ_Samy_S_Club_Remix)-KMA.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Huey Ft. MeMpHiTz And T-Pain\Promo Only Urban Club March\104-huey_ft._memphitz_and_t-pain-tell_me_this_(g-5)_(tha_rem.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Serj Tankian\Vanguard 08-04-(Promo CD)\04-serj_tankian-sky_is_over.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grind Mode\J. Armz And Bless Entertainment Present\07-grind_mode-so_high.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grind Mode feat. Rick Ross\DJ Smallz-Best Thing Smokin Vol. 12\17-grind_mode_feat._rick_ross-im_so_high-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Grindmode & Rick Ross\DrasticX, DJ EFN, Rick Ross - Made In Da\37 - Grindmode & Rick Ross - I'm So High (Remix) - DrasticX,.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Webbie feat. Fat Joe, Paul Wall & Jim Jo\DJ Envy, Tapemasters Inc. & Paul Wall-Pu\21-webbie_feat._fat_joe_paul_wall_and_jim_jones-gimme_dat_(r.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Webbie Ft. Gorilla Zoe, Phat & Lil' Boos\Promo Only Urban Club March\108-webbie_ft._gorilla_zoe_phat_and_lil_boosie-independent_(.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\2 Pistols Ft. T-Pain & Tay Dizm\Promo Only Mainstream Radio February\10-2_pistols_ft._t-pain_and_tay_dizm-she_got_it_(promo_only_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Khaled Feat. Akon, T-Pain, R.Kelly, L\DJ Arson & DJ Ty Boogie-The Hit List Vol\25-dj_khaled_feat._akon_t-pain_r.kelly_lil_kim_young_jeezy-w.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Khaled Ft. T-Pain, Trick Daddy, Rick\Promo Only Urban Club October\102-dj_khaled_ft._t-pain_trick_daddy_rick_ross_and_plies-im_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Freeway Ft. 50 Cent\Promo Only Urban Club March\110-freeway_ft._50_cent-take_it_to_the_top.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Elliot\The_Best_Of_Hiphop_RnB_Pop_Vol.13-2008\10 Missy Elliot - Ching-A-Ling.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Elliott\Funkymix 114\08-missy_elliott-ching-a-ling_-_102.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Missy Higgins\Vanguard 08-06-(Promo CD)\20-missy_higgins-where_i_stood.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R.Kelly Feat T.I And T-Pain\Mistarello.Com-Hard Body Blend\23-r.kelly_feat_t.i_and_t-pain-im_a_flirt_b-w_50_cent-whip_y.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Colby Odanis feat. Akon\DJ Smallz-Smokin RnB Vol. 9\10-colby_odanis_feat._akon-what_u_got-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Colby Odanis feat. Akon\Mixshow Ingredients Vol. 17\16-colby_odanis_feat._akon-what_you_got_(120).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Eddie Vedder\Vanguard 08-06-(Promo CD)\05-eddie_vedder-guaranteed-(radio).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Juelz Santana Ft. Young Jeezy, Fabolous\I'm A Boss (Promo CDS)\02-juelz_santana_ft._young_jeezy_fabolous_and_cassidy-im_a_b.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kelly Rowland ft Eve\9 Inch Remix Vol. 2\201-kelly_rowland_ft_eve-like_this_(break)_(90_bpm).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Oneal Mcknight Feat. Greg Nice\Radioplay Urban Express 760Y\10-oneal_mcknight_feat._greg_nice-check_your_coat.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rich Boy\Mistarello.Com-Hard Body Blend\24-rich_boy-throw_some_ds_b-w_c_murder-down_for_my_niggas-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Carol City's King\32-rick_ross-duffle_bag_boy_(remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Coka Brovas\19-rick_ross-haterz.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rick Ross\Corna_Boyz Vol. 2\13-rick_ross-haterz_(rmx)-BbH.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Wu-Tang Clan\J-Love & Wu-Tang Clan-Return Of The Swar\01-wu-tang_clan-watch_your_mouth.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.Gusanero.com\Graduation\15 - Kanye West FT. Young Jeezy - Graduation - 2007 - Can't .mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T-Pain\DJ Tremayne-Shine Cause I Grin\13-t-pain-buy_you_a_drink_remix_feat_kanye_west-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T-Pain Ft. Teddy Verseti\Promo Only Urban Club November\118-t-pain_ft._teddy_verseti-church.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Michael Jackson With Will.I.Am\Radioplay Urban Express 760Y\11-michael_jackson_with_will.i.am-the_girl_is_mine_2008.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Styles P Ft Jadakiss And SHeek\Unknown Title (Bootleg)\21-styles_p_ft_jadakiss_and_sheek_louch-gangster_gangster_(s.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R.Kelly f. T.I. & T.Pain\I'm A Flirt\R.Kelly f. T.I. & T.Pain - I'm A Flirt(Remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rihanna\VA - Black Summmer 2007\204-rihanna-s.o.s.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\German Top20 BC\009-snoop_dogg_-_sensual_seduction-ministry.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\King Shit Radio Volume 2\18-snoop_dogg-sensual_seduction_(remix)_(feat._lil_kim).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Snoop Dogg\Radioplay Euro Express 761U\215-snoop_dogg_feat._robyn-sensual_seduction-(remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Felli Fel Ft. Diddy, Akon, Ludacris &\Promo Only Urban Club March\114-dj_felli_fel_ft._diddy_akon_ludacris_and_lil_jon-get_buc.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\101-missy_elliot-ching_a_ling_(il_hot_dj_solg_v4l_remixxx_pt.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\102-missy_elliot-ching_a_ling_(il_hot_dj_awdamaddix_remixxx_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\103-justin_timberlake-chop_me_up_(il_hot_dj_flashlight_remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 128 -For Dj's Only Boo\110-snoop_dogg-sensual_seduction_(il_hot_dj_flashlight_remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\101-baby_bash_ft._sean_kingston-what_is_that_(il_hot_dreadkn.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\102-50_cent_ft._young_buck_and_nicole_scherzinger-fire_(il_h.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\105-keyshia_cole_ft._amina-shoulda_let_u_go_(il_hot_r.e.e.o_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\110-missy_elliott-shake_it_like_a_pom_pom_(il_hot_awdamaddix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\204-50_cent-infared_(il_hot_r.e.e.o_remixxx)-scratch.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\205-michael_jackson_ft._will_i._am.-the_girl_is_mine_08_(il_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\206-shaggy_ft._akon-whats_love_(il_hot_dj_anakin_from_asv_re.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\207-mary_j._blige_vs._missy_elliott-just_fine_(il_hot_dj_raz.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\208-beyonce_vs._nicole_scherzinger-get_me_bodied_(il_hot_dj_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\209-rihanna-umbrella_(acoustic)_(il_hot_dj_redz_remixxx)-scr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\210-aretha_franklin-r.e.s.p.e.c.t_(il_hot_dj_e-motion_remixx.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\VA\IL Hot Remix Vol. 129 - for Dj's Only Bo\211-carlos_santana_ft._rob_thomas-smooth_(il_hot_dj_redz_rem.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Various Artists\Radioplay Urban Express 761Y\09-big_gemini_feat._flo_rida_and_lil_rob-hypnotized-(remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Mistarello.Com-A Lil Bit Of Di\17-kanye_west-cant_tell_me_nothing_(remix)_(feat_lil_wayne_y.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Unknown Album\Chopdezol Feat Sean Paul(Young Bloodz) - Pump It rmx.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Unknown Album\N.O.R.E ft Swizz Beatz, Busta Rhymes, Cassidy, Talib Kweli, .mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Panic At The Disco\Vanguard 08-06-(Promo CD)\03-panic_at_the_disco-nine_in_the_afternoon-(radio_edit).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones\Promo Only Urban Club March\107-jim_jones-love_me_no_more.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones\Radioplay Urban Express 760Y\01-jim_jones-they_dont_love_me_no_more-(clean).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jim Jones Feat. Baker Boyz\DJ Famous-Holla Ya Heard Part 6 (Bootleg\10-jim_jones_feat._baker_boyz-now_i_can_do_that-r3d.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ray-J feat. Yung Berg\DJ Arson And DJ E-Kim-The Hit List Vol_\09-ray-j_feat._yung_berg-sexy_can_i-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Razah\Promo Only Urban Club March\113-razah-rain.2.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Board Bangers\Promo Only Urban Club September\104-board_bangers-cause_the_beats_hot.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Bob Wow & Omarion\Vanguard 08-06-(Promo CD)\08-bob_wow_and_omarion-hey_baby-(jump_off).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.RnB4U.dl.am\Unknown Album\Chris Brown ft. The Game - Nice (Prod. by Scott Storch) (200.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\www.RnB4U.dl.am\Unknown Album\Yo Gotti Ft.Pleasue (Of Pretty Ricky)-Lets Vibe (2007).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Eric Lindell\Vanguard 08-04-(Promo CD)\19-eric_lindell-lay_back_down.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fat Joe Ft. J. Holiday\DJ Envy-The Hitlist 27-Bootleg\06-fat_joe_ft._j._holiday-i_wont_tell-bbh.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fergie\The Dutchess\19.Fergie - Clumsy.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Fergie Feat. Soulja Boy\Radioplay Euro Express 757U\205-fergie_feat._soulja_boy-clumsy-(collipark_remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Swizz Beatz\One Man Band Man\12-swizz_beatz-its_me_(remix)_(feat._r._kelly_lil_wayne_and_.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sylvia Tosun\Promo Only Dance Radio November\16-sylvia_tosun-head_over_heels_(warren_rigg_radio_mix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Soulja Boy\Souljaboytellem.com\08-soulja_boy-yahhh_feat_arab.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sean Kingston\Radioplay Pop Express 744P\03-sean_kingston-take_you_there.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Mike Jones\Follow The Future-Hip Hop Radio Bootleg\20-mike_jones-turning_heads-ukp.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Chingy\Hate It Or Love It\06-chingy-gimme_dat_(feat_ludacris_and_bobby_valentino)_(pro.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Pitbull Feat Lil Jon\Mixshow Ingredients Vol. 16\19-pitbull_feat_lil_jon-the_anthem_(124).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\pitbull feat lloyd\Worlds Dance Music October Part 2\14-pitbull_feat_lloyd-secret_admirer_(radio).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Pittsburgh Slim\Promo Only Mainstream Radio November\20-pittsburgh_slim-girls_kiss_girls.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Theory Of A Deadman\Vanguard 08-04-(Promo CD)\10-theory_of_a_deadman-so_happy-(radio_edit).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Flo-Rida\Tapemasters Inc.-Codeine Hitz Pt. 5 Boot\18-flo-rida-low_ft._t-pain-ukp.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\flo-rida ft. k\If You Buyin We Sellin XV\23-flo-rida_ft._k-elevator.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Drama\Gangsta Grillz Volume 17\19-b.g._and_t.i.-for_a_minute.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Envy & Red Cafe feat. Jermaine Dupri,\Bizkit-Tapes Top 20 Vol. 20\08-dj_envy_and_red_cafe_feat._jermaine_dupri_juelz_santana_s.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Felli Fel f Ne-Yo, Fabolous, Kanye We\Black Music Collection 14 by fluppi\DJ Felli Fel f Ne-Yo, Fabolous, Kanye West, and J.D. - The F.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\King Shit Radio Volume 2\08-three_6_mafia-on_sum_chrome_(feat._u.g.k.).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\13-three_6_mafia-pussy_got_ya_hooked_(ft.remy_ma)-sut.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\05-three_6_mafia-swervin_(ft.mike_jones_and_paul_wall)-sut.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\08-three_6_mafia-hard_hittaz_(ft.boogiemane)-sut.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\14-three_6_mafia-dont_cha_get_mad_(ft.lil_flip)-sut.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\16-three_6_mafia-stay_fly_remix_(ft.slim_thug_trick_daddy_an.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia\Most Known Unknown\20-three_6_mafia-dancin_on_a_pole_(ft.chrome)-sut.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three 6 Mafia feat. Kanye West & Project\DJ Envy, Tapemasters Inc. & Rick Ross-Pu\11-three_6_mafia_feat._kanye_west_and_project_pat-side_2_sid.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Three Days Grace\Vanguard 08-06-(Promo CD)\09-three_days_grace-riot-(edit-clean).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ashanti\The Way That I Love You\02-ashanti-the_way_that_i_love_you-main.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ashanti\Vanguard 08-06-(Promo CD)\04-ashanti-the_way_that_i_love_you.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Jay-Z\DJ Whiteowl-Pump Up The Volume 2 Bootleg\01-jay-z-roc_boys_(prod_by_p._diddy)-ukp.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Elliott Yamin\Radioplay Pop Express 745P\19-elliott_yamin-one_word-(radio_edit).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\DJ Scotty K\Promo Only Mainstream Club November\206-dj_scotty_k-goodnight_tonight_(original_klub_mix_ft._kno.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Collage\Promo Only Dance Radio November\15-collage-ill_be_loving_you_(chris_the_greek_radio_mix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Common\Promo Only Urban Club November\115-common-i_want_you.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Shawty Lo Ft. Maino, Lil' Kim & Busta Rh\Promo Only Urban Club March\103-shawty_lo_ft._maino_lil_kim_and_busta_rhymes-they_know_(.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Ryan Leslie Ft. Kanye West\Promo Only Urban Club February\113-ryan_leslie_ft._kanye_west-diamond_girl.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R Kelly Ft. T.I. & T-Pain\DJ G-Spot-Blends Done My Way Bootleg\13-r_kelly_ft._t.i._and_t-pain-im_a_flirt_(dj_g-spot_rmx).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\Double Up\08-r._kelly-i'm_a_flirt_(remix)_(ft._t.i._&_t-pain).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\Double Up\08 - R. KellyT.I.T-Pain - I'm a Flirt Remix-RGF.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly\http___myspace.com_smoskaspace\R.Kelly -I'm Flirt (French Remix feat. S.M.O. and T. Pain).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\R. Kelly Ft. T.I. T-Pain\Kings Of RnB Mixtape\11-r._kelly_ft._t.i._t-pain-im_a_flirt_(remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\T.I._Tip\DMC Dj-Only 101\204-r_kelly_featuring_t.i._and_t._pain-im_a_flirt.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\UGK\Underground Kingz\50. UGK - Intl Players Anthem (I choose you) featuring Outka.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Lloyd\Shawty Get Loose\01-lil_mamma_feat._chris_brown_and_t-pain-shawty_get_loose_(.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Silversun Pickups\Vanguard 08-06-(Promo CD)\13-silversun_pickups-little_lovers_so_polite-(radio_edit).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\B.O.B. Ft. Rick Ross And Juvenile\DJ Envy-The Hitlist 27-Bootleg\22-b.o.b._ft._rick_ross_and_juvenile-haterz-bbh.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\b.o.b. juvenile rick ross\The Return Of The Hot Boys Pt. 3\20-b.o.b._juvenile_rick_ross-haterz_everywhere_remix.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Trazz Feat. Wayne Wonder\Radioplay Urban Express 760Y\14-trazz_feat._wayne_wonder-gonna_love_u.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Trey Songz Feat. Plies\Radioplay Urban Express 760Y\13-trey_songz_feat._plies-cant_help_but_wait-(remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Janet\Discipline\03-janet_jackson-luv-whoa.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\AZ\Radioplay Urban Express 760Y\04-az-undeniable-(clean).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kanye West\DJ Clue-The Storm Ultimatum\13-kanye_west-cant_tell_me_nothing_(rocafella_remix)_(feat._.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Sonic Youth\Vanguard 08-06-(Promo CD)\11-sonic_youth-superstar.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\JC Feat. Gorilla Zoe\Radioplay Urban Express 760Y\12-jc_feat._gorilla_zoe-nobody_gotta_know.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Gary Louris\Vanguard 08-06-(Promo CD)\23-gary_louris-omaha_nights.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Kasper From The K\Vanguard 08-04-(Promo CD)\17-kasper_from_the_k-whatchagondo.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Wayne Taylor\Promo Only Urban Club November\114-wayne_taylor-came_here_to_party_(the_original_party_mix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Rob G. feat. Paul Wall\DJ Smallz-Texas Trafficking\14-rob_g._feat._paul_wall-private_dancer-cr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\David Banner\Down South Slangin' 45\10-david_banner-candyman.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\david guetta & chris wills\Hitbox 2007 volume 3\16-david_guetta_and_chris_wills_-_love_is_gone.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Keyshia Cole\Just Like You\05-keyshia_cole-i_remember.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Twista\Adrenaline Rush 2007\11-Twista-Creep Fast (feat. T-Pain).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\Twista\Adrenaline Rush 2007\16-Twista-Ain't No Hoes (feat. Bone Thugs N Harmony).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\My Documents\My Music\iTunes\iTunes Music\WWW.MY12INCH.COM\Before Ego Trippin\14 . Sensual Seduction (Remix).mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Application Data\Mozilla\Firefox\Profiles\gjmp53xz.default\Cache\_CACHE_001_
Status: Size mismatch (API: 394832, Raw: 394065)

Ok right the presence of the following MBAM removed item confirms that you have sucessfully killed the CLB driver
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted

That is the first Rootkit dealt with and now we need to move onto the second one which is RootKit.Sentinel

I can create an automated fix for this using MBAM but i will need for you to collect 3 target files from your infected computer and upload them to me so i can further analsyse them and update MBAM accordingly to target them

Those mp3's items are not a concern but quite possibly you had had ITunes open during the rootrepeal session and it was picking up the current playlist but then again they are not importent!

Right back to the chase now for these 3 target file requireds can you please create a new folder in my Documents and call it "suspect files"

File 1,

Please use RootRepeal to *Copy* the following file into the suspect file folder.

Path: C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\mnxfhean.dat
Status: Locked to the Windows API!

File 2+3 i will need you to run 2 more diagnostic tools for me to be able to identify where they are hiding first!

1st report log needed-

[*]Please download this program Trend Micro™ HijackThis™ to your desktop.
[*]Double-click on it to run and install it.
[*]Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.

Please Copy and paste the contents of that log to a topic reply.

2nd report log needed-

Download and install Autoruns.
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

When you first run it it will generate an extensive listing and the word "Ready" will appear in the bottom left of the sofware GUI.
At this point goto options and place check(tick) against verify coded signatures and hide Microsoft & windows entries.Next press F5 button to refresh.

Once Ready status by software is gained then goto File option.Select "Export as" and save output file as Autoruns.txt

Can you please then copy and paste the contents of that text file into your next reply for analysis.

Thanks in advance

Here is what i could find to give you....
thanks for everything so far




when i copy file it gives me this (i am pretty sure im doing it wrong)
--------------------------------------
13:23:51: can't open file 'C:\Documents and Settings\Gary.TAFT-D93B5620A7\Desktop\copy_mnxfhean.dat' (error 5: access is denied.)
13:23:51: Successfully copied the file!


Here is HiJackThis...
----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:44 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C3997A9-80CB-44D9-A537-F045CBBE3F06} - C:\WINDOWS\system32\bthser.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\531220359531.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\RunServices: [Supports RAS Connections] svhost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6352 bytes


this is an ugly log file (from ARuns)
------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AppleSyncNotifier AppleSyncNotifier (Verified) Apple Inc. c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe
+ avgnt Antivirus System Tray Tool (Not verified) Avira GmbH c:\program files\avira\antivir desktop\avgnt.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\program files\itunes\ituneshelper.exe
+ Malwarebytes Anti-Malware (reboot) Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbam.exe
+ Ptipbmf ptipbmf DLL (Not verified) Promise Technology, Inc. c:\windows\system32\ptipbmf.dll
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ Malwarebytes Anti-Malware (reboot) Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\531220359531.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ mount.exe Drives mounting services and virtual drives management. (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\fileutilities.3\mount.exe
+ Yahoo! Pager Yahoo! Messenger (Verified) Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Windows Media Player Microsoft Windows Media Player Setup Utility (Not verified) Microsoft Corporation c:\windows\inf\unregmp2.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ WPDShServiceObj Windows Portable Device Shell Service Object (Not verified) Microsoft Corporation c:\windows\system32\wpdshserviceobj.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ FileUtilities_MainContextMenu Class Shell Extension, Member of GiPo@FileUtilities (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\fileutilities.3\fush.dll
+ Shell Extension for Malware scanning AntiVirus context menu (Not verified) Avira GmbH c:\program files\avira\antivir desktop\shlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ MBAMShlExt Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ FileUtilities_MainContextMenu Class Shell Extension, Member of GiPo@FileUtilities (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\fileutilities.3\fush.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ HardLinkShlExt Shell Extension, Member of GiPo@FileUtilities (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\fileutilities.3\fush.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ GiPoPPShellEx GiPo@Utilities Shell (Property Page) (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\common files\gibinsoft shared\gu_shell.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ FileUtilities_MainContextMenu Class Shell Extension, Member of GiPo@FileUtilities (Not verified) Gibin Software House (http://www.gibinsoft.net) c:\program files\gipo@utilities\fileutilities.3\fush.dll
+ MBAMShlExt Malwarebytes' Anti-Malware (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll
+ Shell Extension for Malware scanning AntiVirus context menu (Not verified) Avira GmbH c:\program files\avira\antivir desktop\shlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ Portable Devices Portable Devices Shell Extension (Not verified) Microsoft Corporation c:\windows\system32\wpdshext.dll
+ Portable Devices Menu Portable Devices Shell Extension (Not verified) Microsoft Corporation c:\windows\system32\wpdshext.dll
+ Portable Media Devices Portable Media Devices Shell Extension (Not verified) Microsoft Corporation c:\windows\system32\audiodev.dll
+ Shell Extension for Malware scanning AntiVirus context menu (Not verified) Avira GmbH c:\program files\avira\antivir desktop\shlext.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher (Not verified) Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher (Not verified) Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher (Not verified) Microsoft Corporation c:\windows\system32\wmpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Verified) WinZip Computing c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ &Yahoo! Toolbar Helper Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn2\yt.dll
+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ FlashFXP Helper for Internet Explorer (Verified) IniCom Networks, Inc. c:\program files\flashfxp\ieflash.dll
+ Java™ Plug-In 2 SSV Helper Java™ Platform SE binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll
+ JQSIEStartDetectorImpl Class Java™ Quick Starter binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
+ Yahoo! IE Services Button Yahoo! IE Services (Verified) Yahoo! Inc. c:\program files\yahoo!\common\yiesrvc.dll
+ {5C3997A9-80CB-44D9-A537-F045CBBE3F06} File not found: C:\WINDOWS\system32\bthser.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ Yahoo! ¤u¨ã¦C Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn2\yt.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Yahoo! ¤u¨ã¦C Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn2\yt.dll
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Inc. c:\program files\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services
+ AntiVirSchedulerService Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates. (Not verified) Avira GmbH c:\program files\avira\antivir desktop\sched.exe
+ AntiVirService Offers permanent protection against viruses and malware with the AntiVir search engine. (Not verified) Avira GmbH c:\program files\avira\antivir desktop\avguard.exe
+ Apple Mobile Device Provides the interface to Apple mobile devices. (Verified) Apple Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ Ati HotKey Poller ATI External Event Utility EXE Module (Not verified) ATI Technologies Inc. c:\windows\system32\ati2evxx.exe
+ Bonjour Service Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. (Verified) Apple Inc. c:\program files\bonjour\mdnsresponder.exe
+ JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications (Verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jqs.exe
HKLM\System\CurrentControlSet\Services
+ aeaudio Andrea Audio Noise Cancellation Driver (Not verified) Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys
+ ati2mtag ATI Radeon WindowsNT Miniport Driver (Not verified) ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys
+ avgio Avira AntiVir Support for Minifilter (Verified) Avira GmbH c:\program files\avira\antivir desktop\avgio.sys
+ avgntflt Avira files mini-filter driver (Verified) Avira GmbH c:\windows\system32\drivers\avgntflt.sys
+ avipbb Avira's Driver for RootKit Detection (Verified) Avira GmbH c:\windows\system32\drivers\avipbb.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ DMusic Microsoft Kernel DLS Synthesizer (Not verified) Microsoft Corporation c:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter (Not verified) Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ fasttx2k Promise Driver for Windows XP (Not verified) Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ isapnp PNP ISA Bus Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ NPF npf.sys (NT5/6 x86) Kernel Driver (Verified) CACE TECHNOLOGIES, LLC c:\windows\system32\drivers\npf.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ qrgnqkxr Sony USB Lower Filter driver (Not verified) Sony Corporation c:\windows\system32\drivers\qrgnqkxr.sys
+ rspndr Allows this PC to be discovered and located on the network. (Not verified) Microsoft Corporation c:\windows\system32\drivers\rspndr.sys
+ smwdm SoundMAX Integrated Digital Audio (Not verified) Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys
+ ssmdrv Avira Snapshot Driver (Verified) Avira GmbH c:\windows\system32\drivers\ssmdrv.sys
+ swmidi Microsoft GS Wavetable Synthesizer (Not verified) Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ sysaudio System Audio WDM Filter (Not verified) Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys
+ viaagp1 VIA NT AGP Filter (Not verified) VIA Technologies, Inc. c:\windows\system32\drivers\viaagp1.sys
+ viasraid VIA SATA RAID DRIVER FOR WINXP (Not verified) VIA Technologies inc,.ltd c:\windows\system32\drivers\viasraid.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WudfPf Provide communciation services for UMDF components. (Not verified) Microsoft Corporation c:\windows\system32\drivers\wudfpf.sys
+ WudfRd Reflect device requests to user-mode driver drivers (Not verified) Microsoft Corporation c:\windows\system32\drivers\wudfrd.sys
+ yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter (Not verified) Marvell Semiconductor Inc. c:\windows\system32\drivers\yukonwxp.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEvent ATI External Event Utility DLL Module (Not verified) ATI Technologies Inc. c:\windows\system32\ati2evxx.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider (Not verified) Apple Inc. c:\program files\bonjour\mdnsnsp.dll

Hi ya,

Ok my bad i forgot the target file was locked to WinAPI and as such will resist attempts to copy or delete it.

No problem we will just use another trick to fool it into giving up its secrets

Please download IceSword and use only as directed.
http://majorgeeks.com/Icesword_d5199.html

Extract it from ZIP and run icesword.exe.
In the bottom left corner of the main software GUI is a file option/button.Please select this.
Navigate using the file explorer tree to C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp folder.
Next look to file list in the middle of the screen and locate the line with mnxfhean.dat listed.
Highlight the line with your mouse and rightclick and select *copy file* only
You will need to rename it to *suspect.old* and save it to the folder you created for holding samples .
Close Icesword at this point.

Next the following entry in Autoruns-
+ qrgnqkxr Sony USB Lower Filter driver (Not verified) Sony Corporation c:\windows\system32\drivers\qrgnqkxr.sys


If you can grab a copy of the file qrgnqkxr.sys and save that to the holding folder also.

The 3rd file i required actually appears to have already been removed as signified by the following HJT entry
O2 - BHO: (no name) - {5C3997A9-80CB-44D9-A537-F045CBBE3F06} - C:\WINDOWS\system32\bthser.dll (file missing)

So now please can you zip up the holding folder and upload to a new topic marked for my attention in the following forum.
http://www.malwarebytes.org/forums/index.php?showforum=55
Thanks in advance



Thanks in advance






C:\Documents and Settings\Gary.TAFT-D93B5620A7\Local Settings\Temp\

Hi and sorry for the delay in replying as i have been busy over the weekend.

New Rules will be added to MBAM database in the next 24 hours(DB 1922/1923) to attack and remove your variant.

When these updates are available please run MBAM quick scan and post back a new log + new HJT log.

Thanks in advance.

Please update and run quick scan with MBAM as defs have now been added