SheaReinke
Posts: 21 +0
I am fairly techapable, but god damn old chum if I am out of my league right now with messing with my computer. I have AVG, Spybot S&D2, MS Castle Icon.. and a system optimizer that I paid for..seems to be doing things ..well.. I dunno, I don't really muck with the registry too much. I figure allot of this problem would be solved by 'the so called locking down of the system' which I assume has to do with ports.. or something? anyway :grinthumb
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-10 12:53:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MDT_MD400EB-00CPF0 rev.06.04G06
Running: krtcpr9m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwecqaow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF7532018]
SSDT sptd.sys ZwEnumerateValueKey [0xF75323A6]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1Port2Path0Target0Lun0 899F11E8
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1 899F11E8
Device \FileSystem\Ntfs \Ntfs 89C121E8
Device \FileSystem\Fastfat \Fat 89672430
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
mbam-log-2011-11-10
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8122
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/10/2011 2:57:49 AM
mbam-log-2011-11-10 (02-57-48).txt
Scan type: Full scan (C:\|)
Objects scanned: 301622
Time elapsed: 2 hour(s), 53 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
& D.D.S.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 14:01:20 on 2011-11-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_00000420_00010379\RapportSetup-Full.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317519239530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088} : DhcpNameServer = 192.168.7.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e97gqy55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-10 06:36:54 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1035f0a-e6d8-4e9e-b691-3a76de25b50a}\mpengine.dll
2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 21:08:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\FixItCenter
2011-11-07 20:29:50 -------- d-----w- c:\windows\MATS
2011-11-07 20:29:47 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-07 20:22:51 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-07 20:22:51 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-07 20:22:41 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-07 20:22:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-07 20:06:09 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-11-07 19:19:41 -------- d-----w- c:\program files\VIA
2011-11-07 19:11:39 -------- d-----w- c:\program files\StartNow Toolbar
2011-11-06 00:22:28 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
2011-11-06 00:21:29 88696 ----a-r- c:\windows\system32\packet.dll
2011-11-06 00:21:29 68224 ----a-r- c:\windows\system32\WanPacket.dll
2011-11-06 00:21:29 53299 ----a-r- c:\windows\system32\pthreadVC.dll
2011-11-06 00:21:29 34064 ----a-r- c:\windows\system32\drivers\npf.sys
2011-11-06 00:21:29 240248 ----a-r- c:\windows\system32\wpcap.dll
2011-11-04 22:36:42 -------- d-----w- c:\program files\Windows AIK
2011-11-04 22:25:38 -------- d-----w- C:\SpybotBootCD
2011-11-03 22:05:58 -------- d-----w- C:\ProcAlyzer Dumps
2011-11-03 19:43:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-03 19:43:22 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-03 19:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-02 15:56:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-26 07:05:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-26 07:05:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-26 07:01:29 -------- d-----w- c:\program files\iPod
2011-10-26 07:01:19 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-26 07:01:18 -------- d-----w- c:\program files\iTunes
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:18:08 -------- d-----w- c:\program files\Cisco Systems
2011-10-23 22:13:03 335104 ----a-w- c:\windows\system\rtl8187B.sys
2011-10-23 22:13:03 -------- d-----w- c:\windows\OPTIONS
2011-10-23 22:13:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2011-10-23 19:20:32 -------- d-----w- c:\windows\Performance
2011-10-23 19:20:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2011-10-23 19:19:07 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-10-22 21:16:36 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-21 08:22:01 -------- d-----w- c:\program files\MemTurbo 4
2011-10-21 07:16:50 -------- d-----w- c:\program files\Hard Disk Tune-Up
2011-10-21 06:26:55 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2011-10-21 06:26:14 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-10-18 02:46:52 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2011-10-18 02:45:05 -------- d-----w- c:\program files\ARO 2011
2011-10-18 02:36:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\OpenCandy
2011-10-18 02:36:07 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
2011-10-18 02:35:56 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-18 02:35:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-18 02:34:52 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
2011-10-18 02:34:20 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-10-17 03:46:46 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-10-17 03:46:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-17 03:46:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 03:46:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 02:20:06 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-17 02:17:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 02:10:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-16 02:18:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 04:45:27 -------- d-----w- c:\program files\C-Media
.
==================== Find3M ====================
.
2011-10-31 23:00:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:05:30.24 ===============
..D.D.S. is still running.. I ..didn't.. turn off the security systems for GMER and DDS
I can run it again, but they ran! :grin: I mean I have done some document guided troubleshooting before and the four redundant security packs seems to have not stopped the D.D.S. Is there a recommended Registry Optimizer? Google suggests the ARO package ..and Solarwinds products like everywhere I go ~ I try to stay logged in to get better ad targeting from my searchs..ya know. 'Whats the incognito mode for?' ~Opera Unite!
:waits:
Ok, maybe using the internet while running D.D.S. was a bad idea..turned off the power timeout feature on the desktop too.. that might have done it.. eitherway I am going to post, unplug, and msconfig ~ BRB w/EDIT.D.S. Log!
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-10 12:53:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MDT_MD400EB-00CPF0 rev.06.04G06
Running: krtcpr9m.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwecqaow.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwEnumerateKey [0xF7532018]
SSDT sptd.sys ZwEnumerateValueKey [0xF75323A6]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1Port2Path0Target0Lun0 899F11E8
Device \Driver\aiylr8gy \Device\Scsi\aiylr8gy1 899F11E8
Device \FileSystem\Ntfs \Ntfs 89C121E8
Device \FileSystem\Fastfat \Fat 89672430
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
mbam-log-2011-11-10
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8122
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/10/2011 2:57:49 AM
mbam-log-2011-11-10 (02-57-48).txt
Scan type: Full scan (C:\|)
Objects scanned: 301622
Time elapsed: 2 hour(s), 53 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
& D.D.S.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 14:01:20 on 2011-11-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_00000420_00010379\RapportSetup-Full.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317519239530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{56805CA3-4887-45E9-BC73-0B5EBB2E421F} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{BD7DA048-8D28-4997-81AA-993AC03FE088} : DhcpNameServer = 192.168.7.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\e97gqy55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cafeworld.com/ | http://plus.google.com | http://celebrity.myspace.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
cmdfile=NOTEPAD.EXE %1
JSEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-10 06:36:54 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1035f0a-e6d8-4e9e-b691-3a76de25b50a}\mpengine.dll
2011-11-08 05:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 21:08:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\FixItCenter
2011-11-07 20:29:50 -------- d-----w- c:\windows\MATS
2011-11-07 20:29:47 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-11-07 20:22:51 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-07 20:22:51 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-11-07 20:22:41 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-07 20:22:41 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-07 20:06:09 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-11-07 19:19:41 -------- d-----w- c:\program files\VIA
2011-11-07 19:11:39 -------- d-----w- c:\program files\StartNow Toolbar
2011-11-06 00:22:28 1034240 ----a-r- c:\windows\system32\drivers\AE2500xp.sys
2011-11-06 00:21:29 88696 ----a-r- c:\windows\system32\packet.dll
2011-11-06 00:21:29 68224 ----a-r- c:\windows\system32\WanPacket.dll
2011-11-06 00:21:29 53299 ----a-r- c:\windows\system32\pthreadVC.dll
2011-11-06 00:21:29 34064 ----a-r- c:\windows\system32\drivers\npf.sys
2011-11-06 00:21:29 240248 ----a-r- c:\windows\system32\wpcap.dll
2011-11-04 22:36:42 -------- d-----w- c:\program files\Windows AIK
2011-11-04 22:25:38 -------- d-----w- C:\SpybotBootCD
2011-11-03 22:05:58 -------- d-----w- C:\ProcAlyzer Dumps
2011-11-03 19:43:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-03 19:43:22 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-11-03 19:43:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-02 15:56:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-02 15:56:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-10-26 07:05:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-26 07:05:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-26 07:01:29 -------- d-----w- c:\program files\iPod
2011-10-26 07:01:19 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-26 07:01:18 -------- d-----w- c:\program files\iTunes
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 01:18:08 -------- d-----w- c:\program files\Cisco Systems
2011-10-23 22:13:03 335104 ----a-w- c:\windows\system\rtl8187B.sys
2011-10-23 22:13:03 -------- d-----w- c:\windows\OPTIONS
2011-10-23 22:13:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2011-10-23 19:20:32 -------- d-----w- c:\windows\Performance
2011-10-23 19:20:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2011-10-23 19:19:07 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-10-22 21:16:36 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-21 08:22:01 -------- d-----w- c:\program files\MemTurbo 4
2011-10-21 07:16:50 -------- d-----w- c:\program files\Hard Disk Tune-Up
2011-10-21 06:26:55 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2011-10-21 06:26:14 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-10-18 02:46:52 -------- d-----w- c:\documents and settings\owner\application data\Sammsoft
2011-10-18 02:45:05 -------- d-----w- c:\program files\ARO 2011
2011-10-18 02:36:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\OpenCandy
2011-10-18 02:36:07 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
2011-10-18 02:35:56 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-18 02:35:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-18 02:34:52 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
2011-10-18 02:34:20 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-10-17 03:46:46 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-10-17 03:46:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-17 03:46:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 03:46:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 02:20:06 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-17 02:17:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-17 02:10:37 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-16 02:18:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-12 04:45:27 -------- d-----w- c:\program files\C-Media
.
==================== Find3M ====================
.
2011-10-31 23:00:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:05:30.24 ===============
..D.D.S. is still running.. I ..didn't.. turn off the security systems for GMER and DDS
I can run it again, but they ran! :grin: I mean I have done some document guided troubleshooting before and the four redundant security packs seems to have not stopped the D.D.S. Is there a recommended Registry Optimizer? Google suggests the ARO package ..and Solarwinds products like everywhere I go ~ I try to stay logged in to get better ad targeting from my searchs..ya know. 'Whats the incognito mode for?' ~Opera Unite!
:waits:
Ok, maybe using the internet while running D.D.S. was a bad idea..turned off the power timeout feature on the desktop too.. that might have done it.. eitherway I am going to post, unplug, and msconfig ~ BRB w/EDIT.D.S. Log!