ComboFix 11-05-10.01 - camron 05/11/2011 0:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.480.190 [GMT -7:00]
Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\defender.exe
c:\documents and settings\camron\Application Data\shb.dat
c:\documents and settings\camron\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Common Files\WinSoftware
c:\program files\Common Files\WinSoftware\PrCheck.dll
c:\windows\Down_Temp
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\midas.dll
.
Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 07:19 . 2011-05-11 07:19 8782 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-05-11 07:19 . 2011-05-11 07:19 7271 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-05-11 07:19 . 2011-05-11 07:19 23327 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-05-11 07:19 . 2011-05-11 07:19 20719 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-05-11 06:43 . 2011-05-11 06:43 -------- dc----w- c:\documents and settings\bootkit_remover
2011-05-11 06:33 . 2011-05-11 06:33 -------- dc----w- c:\program files\7-Zip
2011-05-10 01:59 . 2011-05-10 01:59 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-09 21:07 . 2011-05-09 21:07 -------- dc----w- c:\windows\system32\wbem\Repository
2011-05-09 21:01 . 2011-05-09 21:01 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2011-05-06 16:42 . 2011-05-10 01:01 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-23 01:51 . 2011-05-07 03:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-04-23 01:50 . 2011-04-23 01:50 -------- dc----w- c:\program files\Common Files\Skype
2011-04-12 19:37 . 2011-04-12 19:37 398760 -c--a-r- c:\windows\system32\cpnprt2.cid
2011-04-12 19:37 . 2011-04-12 19:37 -------- dc----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 17:33 . 2011-02-14 22:05 71072 -c--a-w- c:\windows\CouponPrinter.ocx
2011-03-07 05:33 . 2003-03-03 23:57 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2003-11-21 22:07 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-11-21 22:07 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2003-11-21 22:07 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2003-11-21 22:07 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2003-11-21 22:07 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-10-16 17:28 385024 -c--a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2003-11-21 22:07 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-11-21 22:07 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 14:33 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2003-11-21 22:07 290432 -c--a-w- c:\windows\system32\atmfd.dll
2004-10-09 09:26 . 2004-10-09 09:26 7269227 -c--a-w- c:\program files\NJCWP500.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-07-01 95344]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
"LgWDskTp"="c:\program files\Wireless Desktop\LgWDskTp.exe" [2003-08-04 65536]
"Logitech Utility"="Logi_MwX.Exe" [2003-07-29 19968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 70800]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"rfagent"="c:\program files\RFA\rfagent.exe" [2005-04-23 330240]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2007-12-20 1748992]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\camron\Start Menu\Programs\Startup\
HotSync Manager.lnk - d:\palmone\Hotsync.exe [2004-6-9 471040]
palmOne Registration.lnk - d:\programfile\palmOne\register.exe [2005-9-19 2367488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe [2004-1-22 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Belkin Wireless LAN Utility.lnk - c:\windows\system32\belsta.exe [2005-10-16 172146]
Configuration Utility.lnk - c:\program files\LINKSYS\Configuration Utility\config.exe [2005-10-16 290816]
HOTSYNCSHORTCUTNAME.lnk - d:\palmone\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Photo Loader supervisory.lnk - c:\found.000\dir0023.chk\Plauto.exe [2006-1-2 229376]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 9:39 AM 431456]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2/28/2011 11:17 PM 44416]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [12/19/2007 5:04 PM 265088]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [11/21/2003 3:07 PM 175744]
R3 ndcprtns;NDC Network Agent;c:\windows\system32\drivers\Ndcprtns.sys [10/16/2005 12:36 PM 9328]
R3 SMSCMS;SMSC LPC Memory Stick Host Controller;c:\windows\system32\drivers\SMSCMS.SYS [11/21/2003 3:07 PM 58624]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [12/19/2007 5:04 PM 4352]
S3 BEL;Belkin 11Mbps Wireless LAN Driver;c:\windows\system32\drivers\belnds.sys [10/16/2005 6:03 PM 51712]
S3 MD1900;GSL MD1900 Electronic Dictionary;c:\windows\system32\drivers\MD1900.sys [3/17/2008 4:10 AM 33967]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [12/11/2005 8:47 PM 8960]
S3 WPC11;Instant Wireless Network PC Card V2.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [5/16/2002 2:42 PM 54083]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201819217-2088249844-2145301736-1005Core.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 20:34]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201819217-2088249844-2145301736-1005UA.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 20:34]
.
2011-03-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2011-01-07 23:56]
.
2011-05-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2010-03-28 04:22]
.
2004-10-04 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-11-21 00:12]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-11 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JB-00JJC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85F3331B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="7943B9AB16059654D529590369949FABBE58E1A074A820D415712D4F5573E4CC408D70D18D8ADAB68DAA926D6936B0891ED70B4474877B10E3BE5576854C75BB32F5F3A34EC648C1DDA883AB05BC638CE685DC4F9D52EB803A08C4100A36B2867F8BB4ED95A1C06F783026EECB9EF424EC8B79F86B2CA5282DB56975EEA3E6649C9208CF23F9C9CE5101D73B4EC8C0D446C8E949622F8020126011D54BF983A43F02A73EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CC038D530D6EB34529DB7CE019D40AA5C9362E507D767A499A329D65C04F768C1BA767B949B4FC7A219EE2184EA43A6D5970586C1C021D24A6C2151B646C3C675019F9D7ED875FC5F5A1D959AF825D07A8E149A72CB6973CB49C6859F245AEB63E6FE6892A62DAA27951973817333AD65125ED429E813AEC466363B5E6FE8E8F8471EDD6B57226DC8F87995C6CB34816CC0A9860A4BA31131F281E04BB95535F3847BA3398035446A34C8F98DB7A97339BDACA94CE9D68BDE232D86D3DD37A7698308823C7A7B0F04FE85458F31C10F492F9459BE7E1A71EFAEB16178F5D70041AA2AE9CC633C96E211253E9578E3436E4080D5BE8A10FBDBCF7C4ACFE2395DB5E8BC6B539BF404A6A98C4F018DA8E3CE9E8401C2500F476D476F3E02C80E47D82D0DBCCDC7D5E446891807C2B6DDA864FD29655156A2D344D85EDECD903C260C6D5CB750D2C32E88F6951864FE852CFC15692E88688806D04C93EE83E4E1470921E15A80E756348ABAC8D97EB3546F399D37AA179534275DEC4AD888374C5CDA46C74697F9DB323EA3E7C6C36735539057744F42314A61018AB42955BA817A61DB2B41E4BC52C667031F7FF47143A14B837AB4625227C72DF778127868B61B4F681FB5CAAAF0739EAD0DC4E9E9D104086A151563D3594C230EAD66927C589B2FF329B13F7F1E1FD07EC3FE8E30E50B37D404D0465421C9FAA861A059F585BDD98AC267CB3D7714BFD14CB761E53A292113FBEC1DB877FA9DA6945D9519132680BDD92B8FA84D80FE8A201FF5F1BA375DF6248F132606004B6BBBDBA4EE075FA5A0D1783E4CA378780D2E08747D096F5AD798856289AB5E97DEC10378441ED5234D00EB9BF2B4EF6744DA689677FB71DA106A405C117A7E666C035B95A7465C23DFAD49022FEA42DE9DFADA2C121CC0737D9C51E3AFB82C7505CE91156EA42626791AF36156E72F410ADC9F1942A6C48E0427F0731DE197529BEB76243090CE00BEF5783B0100D64800BB99D3440DC86909F67C95D423D5DEA6927E06C814D1D8576903A68C3CC101F7CDCEE814F5FB95786BF26B15DFDE5323F0430D587092ABEF8BE54C1AD758CBF0386AF5F43AF1F94158F7A860AF8F3A112681A4"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
c:\program files\Wireless Desktop\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\oodag.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2011-05-11 00:32:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 07:32
.
Pre-Run: 12,836,868,096 bytes free
Post-Run: 13,309,530,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1DF0C33E0F4D5C5F26C3B63344E3C246