ComboFix 10-09-20.02 - sey administrator 09/21/2010 0:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.198 [GMT -4:00]
Running from: c:\documents and settings\sey administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
PEV Error: AppFolder
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Freddex\.COMMgr
c:\documents and settings\Freddex\Local Settings\Application Data\{3A003BEE-46AE-4397-805A-7F9373466871}
c:\documents and settings\sey administrator\Local Settings\Application Data\{9F932E84-ECFC-4D16-976D-3A3B4AEB3EF8}
c:\program files\CxtPls
c:\windows\desktop
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\Freddex\Local Settings\Application Data\{3A003BEE-46AE-4397-805A-7F9373466871}\chrome.manifest
c:\documents and settings\Freddex\Local Settings\Application Data\{3A003BEE-46AE-4397-805A-7F9373466871}\chrome\content\_cfg.js
c:\documents and settings\Freddex\Local Settings\Application Data\{3A003BEE-46AE-4397-805A-7F9373466871}\chrome\content\overlay.xul
c:\documents and settings\Freddex\Local Settings\Application Data\{3A003BEE-46AE-4397-805A-7F9373466871}\install.rdf
c:\documents and settings\sey administrator\Local Settings\Application Data\{9F932E84-ECFC-4D16-976D-3A3B4AEB3EF8}\chrome.manifest
c:\documents and settings\sey administrator\Local Settings\Application Data\{9F932E84-ECFC-4D16-976D-3A3B4AEB3EF8}\chrome\content\_cfg.js
c:\documents and settings\sey administrator\Local Settings\Application Data\{9F932E84-ECFC-4D16-976D-3A3B4AEB3EF8}\chrome\content\overlay.xul
c:\documents and settings\sey administrator\Local Settings\Application Data\{9F932E84-ECFC-4D16-976D-3A3B4AEB3EF8}\install.rdf
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\desktop\Compaq Knowledge Center.lnk
c:\windows\icehiqijoyiqopa.dll
c:\windows\system32\instsrv.exe
c:\windows\system32\O.BAT
Infected copy of c:\windows\system32\drivers\avgtdix.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.
2010-09-20 20:14 . 2010-09-21 04:58 -------- d-----w- c:\program files\sys231
2010-09-18 06:16 . 2010-09-18 06:16 -------- d-----w- c:\documents and settings\sey administrator\Application Data\AVG9
2010-09-16 17:03 . 2010-09-16 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-16 05:52 . 2010-09-16 05:52 -------- d-----w- c:\program files\Trend Micro
2010-09-16 04:44 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 18:04 . 2010-09-15 18:04 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Malwarebytes
2010-09-15 18:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 18:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 18:02 . 2010-09-15 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 04:49 . 2010-09-15 04:49 -------- d-----w- c:\documents and settings\Freddex\Application Data\PCToolsFirewallPlus
2010-09-14 16:25 . 2010-09-20 20:40 95744 ----a-w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 16:25 . 2010-09-20 20:40 161280 ----a-w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com
2010-09-14 16:20 . 2010-09-14 16:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-14 15:58 . 2010-09-14 15:58 -------- d-----w- c:\program files\CCleaner
2010-09-14 15:45 . 2010-09-14 15:46 -------- d-----w- c:\documents and settings\sey administrator\Application Data\PCToolsFirewallPlus
2010-09-14 15:41 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-14 15:41 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-14 15:41 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-14 15:40 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-14 15:40 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-09-14 15:40 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-14 15:40 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-09-14 15:40 . 2010-09-16 05:41 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-09-11 21:36 . 2010-09-11 21:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-11 21:22 . 2010-09-21 04:01 0 ----a-w- c:\windows\Tfiko.bin
2010-09-11 21:22 . 2010-09-21 02:45 120 ----a-w- c:\windows\Qwavifetahefozu.dat
2010-09-11 21:16 . 2010-09-13 17:46 -------- d-----w- c:\documents and settings\Freddex\Application Data\C48C287A5F27A887A3E6CDBB287BDE57
2010-09-04 18:14 . 2010-09-04 22:37 -------- d-----w- c:\documents and settings\Freddex\Application Data\FileZilla
2010-09-04 18:13 . 2010-09-16 05:54 -------- d-----w- c:\program files\Filezilla 3.3.2.1
2010-08-31 00:39 . 2010-08-31 00:39 -------- d-----w- c:\documents and settings\sey administrator\Application Data\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 05:02 . 2009-11-10 22:50 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Gymu
2010-09-21 05:01 . 2010-01-05 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-21 05:01 . 2010-02-21 18:58 -------- d-----w- c:\program files\QuickTime
2010-09-21 04:58 . 2010-01-01 16:11 -------- d-----w- c:\program files\Microsoft
2010-09-20 20:40 . 2010-03-31 20:32 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll
2010-09-20 20:40 . 2010-05-28 16:56 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll
2010-09-20 20:39 . 2010-08-09 00:56 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll
2010-09-20 20:30 . 2010-03-23 23:46 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll
2010-09-20 20:30 . 2010-05-25 23:18 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll
2010-09-20 20:29 . 2010-08-03 02:18 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll
2010-09-16 16:29 . 2010-03-23 22:54 -------- d-----w- c:\program files\DivX
2010-09-16 16:29 . 2010-02-21 21:01 -------- d-----w- c:\program files\LimeWire Music
2010-09-16 05:54 . 2001-09-19 06:51 -------- d-----w- c:\program files\Microsoft Works
2010-09-16 04:44 . 2010-03-23 23:42 -------- d-----w- c:\program files\Java
2010-09-14 15:41 . 2010-01-05 23:15 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-14 15:04 . 2010-02-21 21:02 -------- d-----w- c:\program files\ToggleEN
2010-09-14 14:13 . 2010-05-29 21:46 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Skype
2010-09-14 14:02 . 2010-09-13 15:55 112 ----a-w- c:\documents and settings\All Users\Application Data\r5NCJ5GrW.dat
2010-09-11 20:32 . 2010-04-14 21:49 -------- d-----w- c:\documents and settings\Freddex\Application Data\uTorrent
2010-09-11 16:49 . 2010-07-01 19:46 -------- d-----w- c:\documents and settings\Freddex\Application Data\LimeWire Music
2010-09-05 14:20 . 2010-01-01 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-31 02:30 . 2010-02-21 21:01 -------- d-----w- c:\program files\Download_Energy
2010-08-22 07:09 . 2010-04-18 15:57 -------- d-----w- c:\documents and settings\Freddex\Application Data\Skype
2010-08-14 16:09 . 2010-03-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-11 13:18 . 2010-01-05 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-09 00:56 . 2010-08-09 00:56 503808 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcp71.dll
2010-08-09 00:56 . 2010-08-09 00:56 499712 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\jmc.dll
2010-08-09 00:56 . 2010-08-09 00:56 61440 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-sse.dll
2010-08-09 00:56 . 2010-08-09 00:56 12800 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-d3d.dll
2010-08-03 02:18 . 2010-08-03 02:18 503808 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcp71.dll
2010-08-03 02:18 . 2010-08-03 02:18 499712 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\jmc.dll
2010-08-03 02:18 . 2010-08-03 02:18 61440 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-sse.dll
2010-08-03 02:18 . 2010-08-03 02:18 12800 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-d3d.dll
2010-07-31 17:45 . 2010-02-21 21:01 -------- d-----w- c:\documents and settings\sey administrator\Application Data\LimeWire Music
2010-07-16 13:30 . 2010-01-05 23:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:30 . 2010-07-16 13:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:29 . 2010-01-05 23:49 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 13:28 . 2010-01-05 23:49 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\COMPAQ\Coloreal\coloreal .exe
c:\program files\COMPAQ\Easy Access Button Support\StartEAK .exe
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft Works\WkDetect .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\system32\rundll32 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-09-21 03:45 2735200 ----a-w- c:\program files\Download_Energy\tbDow1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [N/A]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [N/A]
"{257715E4-3F57-82F0-2A8F-9F44FF99EE07}"="c:\documents and settings\sey administrator\Application Data\Nave\goic.exe" [2006-09-07 145408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [N/A]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [N/A]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE" [2002-12-25 75776]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Jfarorerewe"="c:\windows\icehiqijoyiqopa.dll" [N/A]
"nonep"="c:\docume~1\SEYADM~1\LOCALS~1\Temp\tmp0ae15bd7\KillEXE.exe" [2010-09-21 368128]
c:\documents and settings\Freddex\Start Menu\Programs\Startup\
hoip.exe [2010-9-21 145408]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
ybykl.exe [2010-9-21 145408]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ewgy.exe [2010-9-21 145408]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire Music\\LimeWire Music.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/5/2010 7:49 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/5/2010 7:49 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 7:49 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 7:49 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2010 11:41 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 9:28 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:29 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/16/2010 9:28 AM 2331032]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/14/2010 11:41 AM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/5/2010 7:15 PM 583640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/5/2010 7:49 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/5/2010 7:48 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 7:48 PM 26192]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/14/2010 11:40 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/14/2010 11:40 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/14/2010 11:40 AM 115216]
R3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\spixnew.sys [1/21/2010 6:10 PM 95528]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/16/2010 9:29 AM 5897808]
S2 gupdate1cacadbef3afef0;Google Update Service (gupdate1cacadbef3afef0);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 6:55 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-09-21 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-14 18:11]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]
2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]
2004-09-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
2004-09-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-21 01:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00001f40
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"sllauncher.exe"=dword:00000000
"PresentationHost.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
@DACL=(02 0000)
"msfeedssync.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000004
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
@DACL=(02 0000)
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
@DACL=(02 0000)
"communicator.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
@DACL=(02 0000)
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{E2E03A56-F650-49AD-9458-84AC5A26824B}\00Tcpip\\Parameters\\Interfaces\\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}\00Tcpip\\Parameters\\Interfaces\\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}\00Tcpip\\Parameters\\Interfaces\\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}\00\00"
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:56,3a,e0,e2,50,f6,ad,49,94,58,84,ac,5a,26,82,4b,6b,83,1e,9d,
a1,dd,f1,48,82,5d,3b,e1,4b,2c,29,0c,4e,a5,15,92,aa,3e,c2,4d,8e,fe,47,31,c2,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AA05CFB-0DDF-48E4-ABE8-1E78BE894167}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2F865EAA-DF52-4F83-B627-C01FA56AB1B5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93DFA675-845C-4FB9-B057-A889D11F364B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"DhcpClassIdBin"=hex:
"RegisterAdapterName"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000003\00\00"
"DhcpClassIdBin"=hex:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E2E03A56-F650-49AD-9458-84AC5A26824B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-09-21 01:11:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 05:10
Pre-Run: 10,666,930,176 bytes free
Post-Run: 10,457,047,040 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - F21AAF59933A3D314E074E13866A7423