ComboFix 11-02-17.02 - user 02/19/2011 12:36:11.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.57 [GMT 7:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Fearghus
c:\documents and settings\All Users\Application Data\Microsoft\USB2.0
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.xml
c:\documents and settings\user\Application Data\PriceGong\Data\a.xml
c:\documents and settings\user\Application Data\PriceGong\Data\b.xml
c:\documents and settings\user\Application Data\PriceGong\Data\c.xml
c:\documents and settings\user\Application Data\PriceGong\Data\d.xml
c:\documents and settings\user\Application Data\PriceGong\Data\e.xml
c:\documents and settings\user\Application Data\PriceGong\Data\f.xml
c:\documents and settings\user\Application Data\PriceGong\Data\g.xml
c:\documents and settings\user\Application Data\PriceGong\Data\h.xml
c:\documents and settings\user\Application Data\PriceGong\Data\i.xml
c:\documents and settings\user\Application Data\PriceGong\Data\J.xml
c:\documents and settings\user\Application Data\PriceGong\Data\k.xml
c:\documents and settings\user\Application Data\PriceGong\Data\l.xml
c:\documents and settings\user\Application Data\PriceGong\Data\m.xml
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.xml
c:\documents and settings\user\Application Data\PriceGong\Data\o.xml
c:\documents and settings\user\Application Data\PriceGong\Data\p.xml
c:\documents and settings\user\Application Data\PriceGong\Data\q.xml
c:\documents and settings\user\Application Data\PriceGong\Data\r.xml
c:\documents and settings\user\Application Data\PriceGong\Data\s.xml
c:\documents and settings\user\Application Data\PriceGong\Data\t.xml
c:\documents and settings\user\Application Data\PriceGong\Data\u.xml
c:\documents and settings\user\Application Data\PriceGong\Data\v.xml
c:\documents and settings\user\Application Data\PriceGong\Data\w.xml
c:\documents and settings\user\Application Data\PriceGong\Data\x.xml
c:\documents and settings\user\Application Data\PriceGong\Data\y.xml
c:\documents and settings\user\Application Data\PriceGong\Data\z.xml
c:\windows\system32\autorun.in
c:\windows\system32\keyboard
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.
2011-02-18 11:48 . 2011-02-18 11:48 -------- d-----w- c:\program files\Common Files\Java
2011-02-17 09:17 . 2011-02-17 09:17 -------- dc----w- C:\_OTL
2011-02-13 10:53 . 2011-02-13 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-02-12 10:07 . 2011-02-12 10:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-02-09 10:07 . 2011-02-09 10:07 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ESET
2011-02-09 09:09 . 2011-02-13 11:02 -------- d-----w- c:\program files\ESET
2011-02-09 09:09 . 2011-02-09 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-02-09 08:27 . 2011-02-09 08:27 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Opera
2011-02-09 08:26 . 2011-02-09 08:27 -------- d-----w- c:\program files\Opera
2011-02-09 07:07 . 2011-02-09 07:07 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-09 07:07 . 2010-12-20 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 07:07 . 2011-02-09 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-09 07:07 . 2011-02-09 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-09 07:07 . 2010-12-20 11:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 08:17 . 2011-02-08 08:17 -------- d-----w- c:\program files\IObit
2011-02-07 08:40 . 2011-02-07 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-02-07 08:37 . 2011-02-13 10:57 -------- d-----w- c:\documents and settings\user\Application Data\IObit
2011-02-06 09:43 . 2011-02-06 09:43 -------- d-----w- c:\program files\GiftAuto
2011-01-29 21:35 . 2011-01-29 21:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-28 05:06 . 2011-02-16 09:52 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-28 03:38 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-28 03:38 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-28 03:38 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-28 03:38 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-28 03:38 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-28 03:38 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-28 03:37 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-28 03:31 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-28 03:31 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-28 03:28 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-28 03:26 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-28 03:26 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-28 03:26 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-28 03:26 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-27 16:34 . 2011-01-27 16:34 -------- d-----w- c:\windows\ServicePackFiles
2011-01-27 16:34 . 2011-01-28 21:17 -------- d-----w- c:\windows\ie8updates
2011-01-27 16:33 . 2011-01-27 16:33 -------- d-----w- c:\program files\MSXML 4.0
2011-01-25 09:00 . 2011-01-25 09:00 -------- d-----w- c:\documents and settings\user\Application Data\HDRsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 14:40 . 2010-06-30 22:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 12:19 . 2010-06-30 22:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-03 135664]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 11:00 1818624 ----a-w- c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-06-01 03:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\CityVilleBot\\CVBot.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
S0 rdhfae;rdhfae;c:\windows\system32\drivers\nbmkxm.sys --> c:\windows\system32\drivers\nbmkxm.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/9/2011 2:07 PM 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva312;XDva312; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2011-02-19 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-02-08 07:11]
2011-02-17 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2011-02-08 08:24]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-682003330-2081526759-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 01:00]
2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-682003330-2081526759-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 01:00]
2011-02-19 c:\windows\Tasks\User_Feed_Synchronization-{1B678AF0-529E-452D-9BC6-4A0E6FA61477}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
IE: Download Link Using Mega Manager...
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\z2eodb1p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ToggleEN Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&q=
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 12:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-02-19 12:55:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-19 05:55
Pre-Run: 8,508,731,392 bytes free
Post-Run: 8,443,871,232 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 819416D16A7C700324CA206F62584628