ComboFix 10-12-04.06 - jack 2010-12-06 18:47:55.3.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1015.617 [GMT 1:00] Uruchomiony z: g:\programy\ComboFix.exe Użyto następujących komend :: c:\documents and settings\jack.JACK-DB1D08FF6A\Pulpit\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} FW: Sygate Personal Firewall Pro *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows.0\system32\kernel32.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-11-06 do 2010-12-06 ))))))))))))))))))))))))))))))) . 2010-12-06 16:26 . 2010-12-06 16:26 4526 ----a-w- c:\windows.0\system32\PerfStringBackup.TMP 2010-12-06 16:21 . 2007-06-19 15:26 143360 ----a-w- c:\windows.0\system32\igfxres.dll 2010-12-06 16:18 . 2010-12-06 16:18 -------- d-----w- c:\windows.0\system32\wbem\Repository 2010-12-06 15:34 . 2008-04-15 12:00 455168 ----a-w- c:\windows.0\system32\dllcache\tintsetp.exe 2010-12-06 15:33 . 2008-04-15 12:00 92416 ----a-w- c:\windows.0\system32\dllcache\mga.sys 2010-12-06 15:32 . 2008-04-15 12:00 28416 ----a-w- c:\windows.0\system32\dllcache\drwatson.exe 2010-12-06 15:27 . 2008-04-14 21:50 28672 ----a-w- c:\windows.0\system32\irmon.dll 2010-12-06 15:27 . 2008-04-14 21:51 152064 ----a-w- c:\windows.0\system32\irftp.exe 2010-12-06 15:27 . 2008-04-14 21:51 8192 ----a-w- c:\windows.0\system32\wshirda.dll 2010-12-06 15:27 . 2008-04-13 23:24 88192 ----a-w- c:\windows.0\system32\drivers\irda.sys 2010-12-06 15:16 . 2001-08-17 20:51 19584 ----a-w- c:\windows.0\system32\drivers\rasirda.sys 2010-12-06 15:15 . 2008-04-15 12:00 24661 ----a-w- c:\windows.0\system32\spxcoins.dll 2010-12-06 15:15 . 2008-04-15 12:00 24661 ----a-w- c:\windows.0\system32\dllcache\spxcoins.dll 2010-12-06 15:15 . 2008-04-15 12:00 13312 ----a-w- c:\windows.0\system32\irclass.dll 2010-12-06 15:15 . 2008-04-15 12:00 13312 ----a-w- c:\windows.0\system32\dllcache\irclass.dll 2010-12-06 15:14 . 2008-04-15 12:00 16825 ----a-r- c:\windows.0\SET7F.tmp 2010-12-06 15:14 . 2008-04-15 12:00 1088840 ----a-r- c:\windows.0\SET70.tmp 2010-12-06 15:14 . 2008-04-15 12:00 1246357 ----a-r- c:\windows.0\SET6D.tmp 2010-12-03 19:43 . 2008-04-15 12:00 16825 ----a-r- c:\windows.0\SET7B.tmp 2010-12-03 19:43 . 2008-04-15 12:00 1088840 ----a-r- c:\windows.0\SET6C.tmp 2010-12-03 19:43 . 2008-04-15 12:00 1246357 ----a-r- c:\windows.0\SET66.tmp 2010-12-03 15:06 . 2008-04-15 12:00 16384 ----a-w- c:\windows.0\system32\dllcache\isignup.exe 2010-12-03 14:52 . 2008-04-15 12:00 16825 ----a-r- c:\windows.0\SET75.tmp 2010-12-03 14:52 . 2008-04-15 12:00 1088840 ----a-r- c:\windows.0\SET69.tmp 2010-12-03 14:52 . 2008-04-15 12:00 1246357 ----a-r- c:\windows.0\SET68.tmp 2010-11-30 19:15 . 2010-11-30 19:15 -------- d-----w- c:\windows.0\system32\CatRoot_bak 2010-11-30 18:44 . 2004-08-03 23:26 14043 ----a-r- c:\windows.0\SET7A.tmp 2010-11-30 18:44 . 2004-08-03 23:27 1086058 ----a-r- c:\windows.0\SET6E.tmp 2010-11-30 18:44 . 2004-08-03 23:32 1014483 ----a-r- c:\windows.0\SET6B.tmp 2010-11-30 18:22 . 2010-11-30 18:22 -------- d-----w- c:\documents and settings\jack.JACK-DB1D08FF6A\Dane aplikacji\Uniblue 2010-11-30 17:35 . 2005-09-27 11:16 14944 ----a-w- c:\windows.0\system32\drivers\wg6n.sys 2010-11-30 17:35 . 2005-09-27 11:16 14944 ----a-w- c:\windows.0\system32\drivers\wg5n.sys 2010-11-30 17:35 . 2005-09-27 11:16 14944 ----a-w- c:\windows.0\system32\drivers\wg4n.sys 2010-11-30 17:35 . 2005-09-27 11:16 14944 ----a-w- c:\windows.0\system32\drivers\wg3n.sys 2010-11-30 17:35 . 2005-09-27 10:44 21075 ----a-w- c:\windows.0\system32\drivers\wpsdrvnt.sys 2010-11-30 17:35 . 2005-09-27 10:43 61008 ----a-w- c:\windows.0\system32\drivers\Teefer.sys 2010-11-30 17:35 . 2005-09-27 11:15 83592 ----a-w- c:\windows.0\system32\SSSensor.dll 2010-11-30 17:34 . 2010-11-30 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-11-30 16:29 . 2006-12-28 23:31 19569 ----a-w- c:\windows.0\003272_.tmp 2010-11-29 19:58 . 2008-04-15 12:00 32768 ----a-w- c:\windows.0\system32\dllcache\icwdl.dll 2010-11-29 19:47 . 2004-08-03 23:26 14043 ----a-r- c:\windows.0\SET76.tmp 2010-11-29 19:47 . 2004-08-03 23:27 1086058 ----a-r- c:\windows.0\SET6A.tmp 2010-11-29 19:47 . 2004-08-03 23:32 1014483 ----a-r- c:\windows.0\SET67.tmp 2010-11-29 16:47 . 2010-10-12 11:55 87688 ----a-w- c:\windows.0\system32\IncContxMenu.dll 2010-11-29 16:47 . 2010-10-12 10:08 2233016 ----a-w- c:\windows.0\system32\Incinerator.dll 2010-11-29 16:46 . 2010-10-12 11:55 11776 ----a-w- c:\windows.0\system32\smrgdf.exe 2010-11-29 16:46 . 2010-10-12 11:55 29696 ----a-w- c:\windows.0\system32\iolobtdfg.exe 2010-11-29 15:49 . 2008-04-14 21:51 294912 ------w- c:\program files\Windows Media Player\dlimport.exe 2010-11-29 15:40 . 2006-12-28 23:31 19569 ----a-w- c:\windows.0\003287_.tmp 2010-11-29 15:19 . 2010-11-29 15:19 -------- d-----w- c:\program files\microsoft frontpage 2010-11-29 15:17 . 2010-11-29 15:17 -------- d-----w- c:\program files\Usługi online 2010-11-29 14:59 . 2008-04-15 12:00 22016 ----a-w- c:\windows.0\system32\dllcache\agt0408.dll 2010-11-29 14:59 . 2008-04-15 12:00 19456 ----a-w- c:\windows.0\system32\dllcache\agt041f.dll 2010-11-29 14:59 . 2008-04-15 12:00 19456 ----a-w- c:\windows.0\system32\dllcache\agt0419.dll 2010-11-29 14:59 . 2008-04-15 12:00 19968 ----a-w- c:\windows.0\system32\dllcache\agt040e.dll 2010-11-29 14:59 . 2008-04-15 12:00 19456 ----a-w- c:\windows.0\system32\dllcache\agt0405.dll 2010-11-29 14:59 . 2004-08-03 23:26 14043 ----a-r- c:\windows.0\SETFC.tmp 2010-11-29 14:59 . 2004-08-03 23:27 1086058 ----a-r- c:\windows.0\SETF0.tmp 2010-11-29 14:59 . 2004-08-03 23:32 1014483 ----a-r- c:\windows.0\SETED.tmp 2010-11-29 14:51 . 2010-11-29 14:51 -------- d-----w- c:\windows.0\msapps 2010-11-29 11:33 . 2010-09-23 12:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL 2010-11-29 10:55 . 2010-11-29 10:55 -------- d-----w- c:\documents and settings\LocalService.ZARZĄDZANIE NT.000\Dane aplikacji\iolo 2010-11-29 10:53 . 2010-11-29 10:53 74703 ----a-w- c:\windows.0\system32\mfc45.dll 2010-11-29 10:53 . 2010-11-29 10:53 -------- d-----w- c:\documents and settings\jack.JACK-DB1D08FF6A\Dane aplikacji\iolo 2010-11-29 10:53 . 2010-11-29 10:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Dane aplikacji\iolo 2010-11-15 21:27 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll 2010-11-15 21:27 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll 2010-11-15 21:27 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll 2010-11-15 21:27 . 2010-11-15 21:27 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll 2010-11-15 21:27 . 2010-11-15 21:27 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll 2010-11-15 21:27 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll 2010-11-15 21:27 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-15 10:30 . 2010-10-15 10:30 69632 ----a-w- c:\windows.0\SRNTService.exe 2010-10-03 12:02 . 2010-06-01 18:00 285480 ----a-w- c:\windows.0\system32\guard32.dll 2010-10-03 12:02 . 2010-06-01 18:00 91560 ----a-w- c:\windows.0\system32\drivers\inspect.sys 2010-10-03 12:02 . 2010-06-01 18:00 25240 ----a-w- c:\windows.0\system32\drivers\cmdhlp.sys 2010-10-03 12:02 . 2010-06-01 18:00 15592 ----a-w- c:\windows.0\system32\drivers\cmderd.sys 2010-10-03 12:02 . 2010-06-04 10:55 239240 ----a-w- c:\windows.0\system32\drivers\cmdGuard.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 10:58 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "e:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "RSRWin.exe"="c:\windows\RSRWin.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-16 1447168] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 88363] "iPlusManager"="e:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ServeurIPAsde"="c:\program files\Common Files\sagem SA\DgIpSvr.exe" [2010-07-06 315462] "SmcService"="e:\progra~1\Sygate\SPF\smc.exe" [2006-11-07 2635472] "igfxtray"="c:\windows.0\system32\igfxtray.exe" [2007-06-19 101144] "igfxhkcmd"="c:\windows.0\system32\hkcmd.exe" [2007-06-19 84760] "igfxpers"="c:\windows.0\system32\igfxpers.exe" [2007-06-19 125720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-15 15360] "RSRWin.exe"="c:\windows\RSRWin.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-15 100864] "tscuninstall"="c:\windows.0\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users.WINDOWS.0\Menu Start\Programy\Autostart\ Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\Opera\\opera.exe"= "e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows.0\system32\drivers\cmdGuard.sys [2010-06-04 239240] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows.0\system32\drivers\cmdhlp.sys [2010-06-01 25240] R1 epfwtdir;epfwtdir;c:\windows.0\system32\drivers\epfwtdir.sys [2008-08-18 34312] R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows.0\system32\drivers\eusk2par.sys [2010-06-05 24786] R1 SBRE;SBRE;c:\windows.0\system32\drivers\SBREDrv.sys [2010-06-16 93360] R1 UserPort;UserPort;c:\windows.0\system32\drivers\UserPort.sys [2010-06-04 4256] R2 ekrn;Eset Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-09-17 468224] R2 ioloSystemService;iolo System Service;e:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-12-03 711352] R2 RegServ;RegServ;c:\windows.0\SRNTService.exe [2010-10-15 69632] R3 GTIPCI21;GTIPCI21;c:\windows.0\system32\drivers\gtipci21.sys [2010-05-19 87936] S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\e:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL --> e:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [?] S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\e:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL --> e:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [?] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Funkcja Google Sidewiki - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: {0E6B3B3E-1ADD-4A0A-8BB6-856101F8D8B3} = 10.0.100.100 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-06 18:56 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI detected NTDLL code modification: ZwClose, ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS.0\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1012) c:\windows.0\system32\guard32.dll - - - - - - - > 'explorer.exe'(3800) c:\windows.0\system32\guard32.dll c:\windows.0\system32\SSSensor.dll c:\windows.0\system32\wpdshserviceobj.dll c:\windows.0\system32\portabledevicetypes.dll c:\windows.0\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows.0\System32\SCardSvr.exe c:\windows.0\AGRSMMSG.exe c:\windows.0\system32\igfxsrvc.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe e:\program files\Sygate\SPF\smc.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe . ************************************************************************** . Czas ukończenia: 2010-12-06 18:58:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-12-06 17:58 ComboFix2.txt 2010-12-06 17:31 ComboFix3.txt 2010-12-06 17:12 Przed: 589 332 480 bajtów wolnych Po: 573 112 320 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0 [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\="Microsoft Windows 98" - - End Of File - - 8704A6D38414EC81A4898FB9DD0A16E2