I'm running Windows XP Pro, Service Pack 3, with security software being an up-to-date Comodo Internet Security Premium.
A few days ago, with Firefox, I visited a page on the website tinypic.com, and later on noticed that google safe browsing diagnostic page showed tinypic to have carried a scripting exploit recently.
AVG ThreatLabs site reports Blackhole Exploit Kit as a threat on the website.
Quttera free online heuristic URL scanner reports potentially suspicious javascript code injection (full report here: http://quttera.com/d...ort/tinypic.com )
urlquery.net reported "FILEMAGIC Macromedia Flash data (compressed)" alerts with a severity level of 3.
I have not noticed strange behaviour on my pc aside from some slight slowing down which I have no idea if it's related, and I don't recall any plug-in crashing when visiting the website in question etc., but I would appreciate if someone could take a look at my OTL logs and tell me if anything looks suspicious. I would like to make sure to eliminate the possibility of having been infected.
I have ran scans with Sophos Virus Removal Tool, Norton Power Eraser, and TDSSKiller. Nothing was found.
Below are the OTL logs. And if it's of any useful information, I recall having accessed the infected website for the first time on 5th of January, between 12 am & 1 am. Perhaps it would show in the created/modified files in the log section? Thanks for any help.
Edit: Using Emisoft's HiJackFree, I can see some services running that do not even appear at all when accessing services.msc. Such services are Remote Access Auto Connection driver (rasacd.sys), Remote Access IP ARP Driver (wanarp.sys), Remote Access NDIS WAN Driver (ndiswan.sys) and Remote Access PPOE Driver (raspppoe.sys), and mrxsmb.sys, for example. Is it normal to have this appear only through Emisoft's program and not through Windows' own service management? Should they be left running? I have never had any need for remote access.
___________________________________________________________________________________________
OTL logfile created on: 9.1.2013 9:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
1015,48 Mb Total Physical Memory | 533,11 Mb Available Physical Memory | 52,50% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 25,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS
Drive E: | 36,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NIMI-A498799635 | User Name: Nimi1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.09 09:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset\OTL.exe
PRC - [2012.12.05 20:26:10 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.11.08 01:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.11.08 01:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\ouc.exe
PRC - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.08 22:40:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012.12.18 16:28:36 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SUO
MOD - [2012.12.05 20:26:09 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.19 01:08:09 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtNetwork4.dll
MOD - [2012.10.19 01:08:09 | 000,843,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QueryStrategy.dll
MOD - [2012.10.19 01:08:09 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtXml4.dll
MOD - [2012.10.19 01:08:07 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtCore4.dll
MOD - [2012.10.19 01:08:05 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\mingwm10.dll
MOD - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\ouc.exe
MOD - [2012.10.19 01:08:04 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2012.10.05 02:33:28 | 000,070,352 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2008.04.14 08:11:40 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.01.08 22:40:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 20:26:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.08 01:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Broadband\UpdateDog\ouc.exe -- (Mobile Broadband. RunOuc)
SRV - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.01.09 07:57:22 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012.11.08 01:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.11.08 01:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.11.08 01:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.11.08 01:38:13 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012.10.19 01:08:10 | 000,239,488 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.10.19 01:08:10 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.10.19 01:08:10 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.10.19 01:08:10 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.10.19 01:08:10 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007.05.03 17:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se32.sys -- (se32)
DRV - [2003.02.17 06:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:26:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.09.16 15:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Extensions
[2012.12.28 02:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions
[2012.09.17 23:07:24 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.12.28 02:44:36 | 000,533,036 | ---- | M] () (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 23:10:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.05 20:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.05 20:26:10 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 06:49:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.05 20:26:08 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.12.05 20:26:08 | 000,001,185 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fi.xml
[2012.12.05 20:26:08 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.12.05 20:26:08 | 000,001,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-haku = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2004.09.15 14:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1347809402609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1355080331125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B}: NameServer = 8.26.56.26,8.20.247.20
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.15 23:57:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.03.17 01:27:22 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.02 03:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{45f0610c-1978-11e2-a661-8a4fe2d1d405}\Shell - "" = AutoRun
O33 - MountPoints2\{45f0610c-1978-11e2-a661-8a4fe2d1d405}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{45f0610e-1978-11e2-a661-d1a1349ce073}\Shell - "" = AutoRun
O33 - MountPoints2\{45f0610e-1978-11e2-a661-d1a1349ce073}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{cd7711cd-22e0-11e2-a670-ab798ddc2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{cd7711cd-22e0-11e2-a670-ab798ddc2cb2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.09 07:57:22 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013.01.09 07:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\NPE
[2013.01.09 07:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013.01.09 06:21:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.09 06:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013.01.09 06:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Käynnistä-valikko\Ohjelmat\Sophos
[2013.01.09 06:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.01.09 05:50:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nimi1\Recent
[2013.01.01 05:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PeerBlock
[2013.01.01 05:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012.12.10 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.12.10 19:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.09 08:40:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.09 08:07:33 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013.01.09 08:00:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.09 08:00:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.09 07:59:56 | 000,010,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013.01.09 07:57:22 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013.01.09 06:18:06 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Nimi1\Työpöytä\Sophos Virus Removal Tool.lnk
[2013.01.09 04:26:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Malwarebytes Anti-Malware.lnk
[2013.01.07 22:52:45 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Mobile Broadband.lnk
[2013.01.05 20:16:35 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.01 05:47:55 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerBlock.lnk
[2013.01.01 05:47:55 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Nimi1\Työpöytä\PeerBlock.lnk
[2012.12.29 06:26:05 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.12.21 19:39:11 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.09 06:16:30 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\Sophos Virus Removal Tool.lnk
[2013.01.01 05:47:55 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerBlock.lnk
[2013.01.01 05:47:55 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\PeerBlock.lnk
[2012.12.30 00:07:35 | 000,032,315 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\04092010.jpg
[2012.12.23 23:34:36 | 000,036,355 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\2vmentx.jpg
[2012.12.23 23:34:36 | 000,034,358 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\25694jk.jpg
[2012.12.09 22:31:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.12.09 22:21:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.10.13 22:10:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.09.28 23:17:01 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 15:49:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.09.16 02:42:55 | 000,004,381 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.16 02:41:50 | 000,122,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.16 01:44:05 | 000,010,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012.09.15 23:59:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.09.15 23:54:16 | 000,021,672 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.06.28 23:32:18 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:54:17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:11:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.10.19 01:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012.09.26 02:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2012.09.26 02:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012.10.19 01:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband
[2013.01.09 06:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012.09.26 02:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\Guitar Pro 6
[2012.09.26 02:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\MakeMusic
[2013.01.09 03:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\QuickScan
[2012.12.09 22:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\SystemRequirementsLab
[2012.10.31 00:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\Trillian
========== Purity Check ==========
< End of report >
--------------------------------------------------------------------------------------------
OTL Extras logfile created on: 9.1.2013 9:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
1015,48 Mb Total Physical Memory | 533,11 Mb Available Physical Memory | 52,50% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 25,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS
Drive E: | 36,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NIMI-A498799635 | User Name: Nimi1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Suomi
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Finale NotePad 2012" = Finale NotePad 2012
"Finale Reader" = Finale Reader 2011
"Guitar Pro 5_is1" = Guitar Pro 5.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mobile Broadband" = Mobile Broadband
"Monitor Asset Manager" = Monitor Asset Manager
"Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Trillian" = Trillian
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"VLC media player" = VLC media player 2.0.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 9.1.2013 1:44:36 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 1:46:25 | Computer Name = NIMI-A498799635 | Source = atapi | ID = 262153
Description = Laite \Device\Ide\IdePort1 ei vastannut aikakatkaisuajan kuluessa.
Error - 9.1.2013 1:46:50 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 1:46:57 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 1:47:04 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 1:47:11 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 1:47:18 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.
Error - 9.1.2013 2:00:16 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun Mobile Broadband. OUC yhdistymistä.
Error - 9.1.2013 2:00:16 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7000
Description = Palvelua Mobile Broadband. OUC ei voi käynnistää. Virhekoodi on %%1053
Error - 9.1.2013 2:00:18 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7026
Description = Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
PCIIde
< End of report >
Edited by okosijomiti, 09 January 2013 - 05:00 AM.