Jump to content


Photo
- - - - -

Issues


  • This topic is locked This topic is locked
92 replies to this topic

#1 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 14 December 2008 - 08:01 AM

I am not sure what is wrong, whenever I put in my SD card into my card reader and try to click on my computer it freezes and won't do anything, but if I take the card out it will un-freeze. I have done a full viral boot scan with Avast and a full scan with Malwarebytes' These two discovered some Malware in rundll.exe and msservice.exe. I already knew these two were an issue because they kept hogging my CPU power. After dealing with those and every other file that was infected I am still having the issue, and I need to access my SD card. It is not the SD card because I have tried other cards and they also do not work, I even tried another Card reader and I was able to access that, but Avast kept popping up and saying there was a virus in the autorun.inf file, and I clicked delete on that and that file kept re-appearing and so did the Warning from Avast. At first I thought it was my computer failing on me because I received the blue screen and it was all slow and everything which was o.k. because I was planning on making a new one, then I did these scans and now I'm not o.k. because I was just gonna re-use this HDD, but if it has these issues idk if that'll work for me.
Please help if you can.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:42 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msnguard.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by 1&1 Internet Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Program Files\Ideazon\Reaper Edge\Tray.exe"
O4 - HKLM\..\Run: [Gaming Mouse Hid] "C:\Program Files\Ideazon\Reaper Edge\hid.exe"
O4 - HKLM\..\Run: [MSN Messenger Guard] msnguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1and1.com/b2home/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191251896343
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v8.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: netstats - Malware Labs - C:\WINDOWS\system\msservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11359 bytes


------------------
System Information
------------------
Time of this report: 12/14/2008, 07:58:06
Machine name: SPICY
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.080814-1236)
Language: English (Regional Setting: English)
System Manufacturer: RS480_
System Model: AWRDACPI
BIOS: )Phoenix - Award WorkstationBIOS v6.00PG
Processor: AMD Athlon™ 64 Processor 3400+, MMX, 3DNow, ~2.2GHz
Memory: 1278MB RAM
Page File: 569MB used, 2480MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode


The cake is a lie....
Bummer Dude

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 December 2008 - 10:58 AM

Can I get a look at what that file is related to please
Definitely looks like a bad guy, just want a look

Can you open up Task Manager and end process on the following
msnguard.exe

Then, go to this link
http://www.virustota...h/index_en.html
Copy and paste the following bold line to the space next to 'Upload a File'
If using Firefox, you may have to paste to the Filename field of the File Upload box that opens
Or Browse to the file

C:\WINDOWS\msnguard.exe
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

In addition, can I see the following
Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Can you post Both those logs please

NOTE: If you do get an error message trying to post those logs back to the forum
Can you simply upload them, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box
A copy of the files can also be found in this location
C:\rsit folder>>It's normally just Log.txt you have to upload, it's the one causing an error message

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 14 December 2008 - 01:42 PM

I will do all of that as soon as my internet starts to work again, it'll work on my laptop but not my desktop which has the issue
The cake is a lie....
Bummer Dude

#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 December 2008 - 01:50 PM

OIC, actually, don't worry about uploading the file then
I take it you have a way to transfer files from one computer to the other
We're going to need a couple tools

Did the Internet connection stop after you got the infection?

Edited by guestolo, 14 December 2008 - 01:51 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 14 December 2008 - 01:55 PM

internet is working again :) had to reset the router
The cake is a lie....
Bummer Dude

#6 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 December 2008 - 01:56 PM

Oh, ok, post the info if you can then

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#7 Everlasting Death

Everlasting Death

    Forum Addict

  • Elite Anti-Scammers
  • PipPipPipPipPipPip
  • 1,032 posts

Posted 14 December 2008 - 02:00 PM

here is the analysis: http://www.virustota...87a17399fdc6c7e and here are the log and info files

Logfile of random's system information tool 1.04 (written by random/random)
Run by James at 2008-12-14 13:56:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 207 GB (54%) free of 382 GB
Total RAM: 1278 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:41 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system\msservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\msnguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\My Documents\My Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,S