ComboFix 08-12-26.03 - jo 2008-12-28 12:27:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.267 [GMT 1:00]
Running from: c:\documents and settings\jo\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\gogo\Application Data\Hotbar_Icons
c:\documents and settings\gogo\Application Data\Hotbar_Icons\Fix-PC-Registry-Errors.ico
c:\documents and settings\gogo\Application Data\Hotbar_Icons\games2.ico
c:\documents and settings\gogo\Application Data\ShoppingReport
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\gogo\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\gogo\Application Data\WeatherDPA
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\Default
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\Genera1
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\Weather_XML\General
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Links
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Error
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen3
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\gogo\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Goran\Start Menu\programs\plug&play.lnk
c:\documents and settings\jo\Application Data\comrepl.exe
c:\documents and settings\jo\Application Data\dllhst3g.exe
c:\documents and settings\jo\Application Data\ShoppingReport
c:\documents and settings\jo\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\jo\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\jo\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\jo\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\jo\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\TEMP\Application Data\m
c:\documents and settings\TEMP\Favorites\plug&play.lnk
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui.dat
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui.exe
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui_nav.dat
c:\documents and settings\TEMP\Local Settings\Application Data\ccgaeui_navps.dat
c:\program files\FunWebProducts
c:\program files\INSTALL.LOG
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 12:22 . 2008-12-28 12:22 <DIR> d-------- c:\documents and settings\All Users.WIN\Application Data\Avg8
2008-12-25 11:22 . 2008-12-25 20:14 <DIR> d-------- c:\documents and settings\jo\Application Data\BSplayer PRO
2008-12-23 18:15 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\rsvp.exe
2008-12-23 16:43 . 2008-12-23 16:43 <DIR> d-------- c:\program files\GNU
2008-12-21 21:06 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\esentutl.exe
2008-12-19 19:49 . 2008-12-19 19:49 107,888 --a------ c:\win\system32\CmdLineExt.dll
2008-12-19 19:29 . 2008-12-19 19:29 <DIR> d-------- c:\program files\EA Sports
2008-12-19 19:29 . 2007-10-12 14:14 3,734,536 --a------ c:\win\system32\d3dx9_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 3,727,720 --a------ c:\win\system32\d3dx9_35.dll
2008-12-19 19:29 . 2007-10-12 14:14 1,374,232 --a------ c:\win\system32\D3DCompiler_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 1,358,192 --a------ c:\win\system32\D3DCompiler_35.dll
2008-12-19 19:29 . 2007-10-02 08:56 444,776 --a------ c:\win\system32\d3dx10_36.dll
2008-12-19 19:29 . 2007-07-19 17:14 444,776 --a------ c:\win\system32\d3dx10_35.dll
2008-12-19 19:29 . 2007-10-22 02:39 267,272 --a------ c:\win\system32\xactengine2_10.dll
2008-12-19 19:29 . 2007-07-19 23:57 267,112 --a------ c:\win\system32\xactengine2_9.dll
2008-12-15 07:27 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\spoolsv.exe
2008-12-14 13:29 . 2008-12-14 13:29 <DIR> d-------- c:\program files\Relja
2008-12-13 19:32 . 2008-12-28 12:22 <DIR> d-------- c:\documents and settings\Administrator
2008-12-10 06:01 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\sessmgr.exe
2008-12-10 05:56 . 2008-10-18 17:37 81,920 --a------ c:\documents and settings\jo\Application Data\cmstp.exe
2008-12-09 22:29 . 2008-12-09 22:29 118 --a------ c:\win\system32\MRT.INI
2008-12-09 22:10 . 2008-12-18 17:05 <DIR> d--h----- c:\win\$hf_mig$
2008-12-04 19:11 . 2008-12-04 19:11 <DIR> d--h----- c:\win\system32\GroupPolicy
2008-12-03 21:38 . 2008-10-18 17:37 81,920 --a------ c:\win\system32\drivers\mstsc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 14:28 --------- d-----w c:\program files\eMule
2008-12-14 15:44 --------- d-----w c:\program files\KD
2008-12-05 21:47 --------- d-----w c:\documents and settings\jo\Application Data\GRETECH
2008-12-01 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 16:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 16:23 --------- d-----w c:\program files\IMSI
2008-11-23 12:12 --------- d-----w c:\documents and settings\jo\Application Data\eTeks
2008-11-20 17:43 --------- d-----w c:\program files\GRETECH
2008-11-20 17:43 --------- d-----w c:\program files\CoreAAC
2008-11-20 17:33 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\GRETECH
2008-11-17 19:27 --------- d-----w c:\program files\RadarSyncBar2
2008-11-09 16:17 --------- d-----w c:\documents and settings\gogo\Application Data\AdobeUM
2008-10-28 19:44 --------- d-----w c:\documents and settings\jo\Application Data\BitTorrent
2008-10-28 19:35 --------- d-----w c:\documents and settings\All Users.WIN\Application Data\WLInstaller
2008-10-23 12:36 286,720 ----a-w c:\win\system32\gdi32.dll
2008-10-18 16:37 81,920 ----a-w c:\win\cisvc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\mstsc.exe
2008-10-18 16:37 81,920 ----a-w c:\documents and settings\jo\Application Data\cisvc.exe
2008-10-16 20:38 826,368 ----a-w c:\win\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\win\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\win\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\win\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\win\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\win\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\win\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\win\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\win\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\win\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\win\system32\muweb.dll
2008-10-05 11:14 81,920 ----a-w c:\documents and settings\jo\Application Data\ezpinst.exe
2008-10-05 11:14 47,360 ----a-w c:\documents and settings\jo\Application Data\pcouffin.sys
2008-10-05 11:08 499,712 ----a-w c:\win\system32\msvcp71.dll
2008-10-05 11:08 348,160 ----a-w c:\win\system32\msvcr71.dll
2008-10-03 10:02 247,326 ----a-w c:\win\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\win\system32\msxml4.dll
2008-01-20 12:15 22,328 ----a-w c:\documents and settings\Goran\Application Data\PnkBstrK.sys
2007-10-31 21:10 2,293,712 ----a-w c:\program files\FLV PlayerFCSetup.exe
2007-10-31 21:09 3,655,488 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2007-10-31 21:08 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2007-09-10 17:41 81,920 ----a-w c:\documents and settings\Goran\Application Data\ezpinst.exe
2007-09-10 17:41 47,360 ----a-w c:\documents and settings\Goran\Application Data\pcouffin.sys
2007-04-19 16:15 75,576 ----a-w c:\documents and settings\Goran\Application Data\GDIPFONTCACHEV1.DAT
2006-07-28 08:30 88,102 ----a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 ----a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 ----a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 ----a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 ----a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 ----a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 ----a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 ----a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 ----a-w c:\program files\DSETUP.dll
2006-05-31 05:39 181,745 ----a-w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 ----a-w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 ----a-w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 ----a-w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 ----a-w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 ----a-w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 ----a-w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 ----a-w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 ----a-w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 ----a-w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-03 08:00 179,247 ----a-w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 ----a-w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 ----a-w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 ----a-w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 ----a-w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 ----a-w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 ----a-w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 ----a-w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-07-22 18:14 1,351,430 ----a-w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 ----a-w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 ----a-w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 ----a-w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 ----a-w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 ----a-w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 ----a-w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 ----a-w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 ----a-w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 ----a-w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 ----a-w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 ----a-w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 ----a-w c:\program files\BDANT.cab
2004-05-30 17:09 1,568 ----a-w c:\documents and settings\Goran\Application Data\mpauth.dat
2003-08-17 19:07 10,457 ----a-w c:\program files\readme.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]
[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
2008-11-17 20:27 1784856 --a------ c:\program files\RadarSyncBar2\tbRad1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3D708B11-B57C-4ABA-98F2-141DCF6C6FF8}"= "c:\program files\RadarSyncBar2\tbRad1.dll" [2008-11-17 1784856]
[HKEY_CLASSES_ROOT\clsid\{3d708b11-b57c-4aba-98f2-141dcf6c6ff8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 68856]
"MAXadsl - Provjera prometa"="c:\program files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2008-03-15 726016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]
"ATIPTA"="c:\win\atiptaxx.exe" [2003-06-05 335872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\win\system32\NeroCheck.exe" [2001-07-09 155648]
"VGAUtil"="c:\win\system32\G-VGA.exe" [2003-01-06 540672]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\win\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\win\System32\drivers\logman.exe" [2008-10-18 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\docume~1\jo\APPLIC~1\MICROS~1\esentutl.exe" [2008-10-18 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Cisvc"="c:\win\cisvc.exe" [2008-10-18 81920]
c:\documents and settings\gogo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\jo\LOCALS~1\Temp\sessmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WIN\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WIN\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WIN\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA Sports\\UEFA EURO 2008\\EURO08.exe"=
R1 eusk2par;EUTRON SmartKey Parallel Driver;\??\c:\win\system32\Drivers\eusk2par.sys [2008-10-31 24786]
S1 Asapi;Asapi;c:\win\system32\drivers\Asapi.sys [2008-09-24 11264]
S3 eusk3usb;SmartKey 3 USB;c:\win\system32\Drivers\eusk3usb.sys [2008-11-03 45534]
S3 GemCCID;GemCCID;c:\win\system32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\win\system32\drivers\nmwcdnsu.sys [2008-09-16 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\win\system32\drivers\nmwcdnsuc.sys [2008-09-16 8320]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50f3a235-67c6-11dd-a720-806d6172696f}]
\Shell\AutoRun\command - e:\bin\Assetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {58888CAB-936C-42EA-B676-5F607B22B514} = 192.168.1.1
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-28 12:29:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\win\system32\Ati2evxx.dll
.
Completion time: 2008-12-28 12:30:05
ComboFix-quarantined-files.txt 2008-12-28 11:29:57
Pre-Run: 1.040.879.616 bytes free
Post-Run: 1,218,252,800 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=signature(3c373c36)disk(0)rdisk(0)partition(1)\WIN
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
signature(3c373c36)disk(0)rdisk(0)partition(1)\WIN="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /safeboot:network
277 --- E O F --- 2008-12-18 16:05:33