Any help with this would be greatly appreciated
I have suddenly started to get several IE popups (even though I use FireFox) and I have the occasional popup asking something to do with installing Adobe Reader
I decided to try and run HJT but it wont start complaining about the fact I have not go appropriate permissions
I decided to run ComboFix in safe mode and the log is below - I still cannot run HJT
ComboFix 09-09-06.02 - Administrator 06/09/2009 19:36.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.759 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\msa.exe
c:\windows\system32\ammppg.dll
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\logevent.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-06 18:27 . 2009-09-06 18:35 -------- d--h--w- c:\windows\PIF
2009-09-06 18:22 . 2009-09-06 18:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-06 18:21 . 2009-09-06 18:21 -------- d-----w- c:\program files\Trend Micro
2009-09-06 12:17 . 2009-09-06 12:17 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-06 12:17 . 2009-09-06 12:18 -------- d-----w- c:\documents and settings\Desktop\.housecall6.6
2009-09-06 09:13 . 2009-09-06 09:13 -------- d-----w- c:\documents and settings\Desktop\Application Data\Apple Computer
2009-09-06 09:02 . 2009-09-06 09:02 -------- d-----w- c:\documents and settings\Desktop\Application Data\Macromedia Flash Player
2009-09-06 09:02 . 2009-09-06 09:02 -------- d-----w- c:\documents and settings\Desktop\Application Data\Videora Pro
2009-09-06 09:00 . 2009-09-06 09:00 -------- d-----w- c:\program files\Regensoft
2009-09-06 09:00 . 2009-09-06 09:00 -------- d-----w- c:\program files\PSP Video 9
2009-09-05 17:30 . 2009-09-05 17:31 -------- d-----w- c:\program files\QuickTime
2009-09-05 17:30 . 2009-09-05 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-05 17:30 . 2009-09-05 17:30 -------- d-----w- c:\documents and settings\Desktop\Local Settings\Application Data\Apple
2009-09-05 17:30 . 2009-09-05 17:30 -------- d-----w- c:\program files\Apple Software Update
2009-09-05 17:30 . 2009-09-05 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-05 17:30 . 2009-09-05 17:30 -------- d-----w- c:\documents and settings\Desktop\Local Settings\Application Data\Apple Computer
2009-09-04 15:58 . 2009-09-04 15:58 488968 ----a-w- c:\documents and settings\Desktop\Application Data\Real\Update\setup\setup.exe
2009-08-22 07:35 . 2009-09-06 15:43 -------- d-----w- c:\program files\Hide Your IP Address
2009-08-14 17:12 . 2009-08-14 17:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-14 17:12 . 2009-08-14 17:12 -------- d-----w- c:\program files\Common Files\Real
2009-08-14 17:12 . 2009-08-14 17:12 -------- d-----w- c:\program files\Real
2009-08-12 22:49 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 18:23 . 2009-08-12 18:23 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-12 18:09 . 2009-08-12 18:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-12 17:11 . 2009-08-12 17:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2009-08-10 19:17 . 2009-05-15 13:45 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-10 19:17 . 2009-05-15 13:45 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2009-08-10 19:17 . 2009-08-10 19:17 -------- d-----w- c:\program files\doPDF 6
2009-08-10 19:15 . 2009-08-10 19:15 -------- d-----w- c:\documents and settings\Desktop\Application Data\Hewlett-Packard
2009-08-10 19:14 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-10 19:14 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-10 19:13 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-10 19:13 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-10 19:13 . 2009-08-10 19:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-10 19:12 . 2009-08-10 19:12 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-10 19:11 . 2009-08-10 19:14 19558 ----a-w- c:\windows\hpoins01.dat
2009-08-10 19:11 . 2003-04-22 09:24 16606 ------w- c:\windows\hpomdl01.dat
2009-08-10 19:11 . 2009-08-12 18:22 -------- d-----w- C:\temp
2009-08-10 19:11 . 2009-08-10 19:11 -------- d-----w- c:\temp\HP All-in-One Series Web Release
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 18:29 . 2009-07-16 18:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-06 18:18 . 2009-07-17 18:31 -------- d-----w- c:\documents and settings\Desktop\Application Data\uTorrent
2009-09-06 18:18 . 2009-08-04 23:04 -------- d-----w- c:\program files\PeerGuardian2
2009-09-06 16:17 . 2009-07-17 17:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-06 10:44 . 2009-06-30 10:31 1 ----a-w- c:\documents and settings\Desktop\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-06 10:22 . 2009-07-17 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-23 07:13 . 2009-06-30 08:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 07:13 . 2009-06-30 08:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 07:13 . 2009-06-30 08:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-12 18:26 . 2009-08-12 18:22 -------- d-----w- c:\program files\MP3RingtoneGold
2009-08-06 17:16 . 2009-06-30 08:10 -------- d-----w- c:\program files\Java
2009-08-06 17:15 . 2009-08-06 17:15 152576 ----a-w- c:\documents and settings\Desktop\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 06:45 . 2009-08-01 10:43 -------- d-----w- c:\documents and settings\Desktop\Application Data\Juniper Networks
2009-08-01 10:43 . 2009-08-01 10:43 37230 ----a-w- c:\documents and settings\Desktop\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
2009-08-01 10:43 . 2009-08-01 10:43 33220 ----a-w- c:\documents and settings\Desktop\Application Data\Juniper Networks\setup\uninstall.exe
2009-08-01 10:43 . 2009-08-01 10:43 36948 ------w- c:\documents and settings\Desktop\Application Data\JuniperExtXP.exe
2009-08-01 10:43 . 2009-08-01 10:43 36948 ------w- c:\documents and settings\Desktop\Application Data\JuniperExtXP.exe
2009-07-31 08:00 . 2009-07-16 19:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-28 06:01 . 2009-07-18 20:14 -------- d-----w- c:\documents and settings\Desktop\Application Data\Nero
2009-07-27 22:59 . 2009-07-27 22:59 -------- d-----w- c:\program files\Flv Audio Video Extractor
2009-07-26 22:29 . 2009-07-19 23:08 67128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-26 22:18 . 2009-07-26 22:18 -------- d-----w- c:\documents and settings\Desktop\Application Data\GlobalSCAPE
2009-07-26 22:17 . 2009-07-26 22:17 -------- d-----w- c:\program files\GlobalSCAPE
2009-07-26 22:17 . 2009-07-03 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-26 22:17 . 2009-07-03 08:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-25 04:23 . 2009-06-30 08:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 07:48 . 2009-07-18 18:00 -------- d-----w- c:\program files\The Logo Creator v5
2009-07-19 18:20 . 2009-07-19 18:20 -------- d-----w- c:\program files\MSXML 4.0
2009-07-19 10:56 . 2009-07-19 10:56 -------- d-----w- c:\program files\odf-converter-integrator
2009-07-18 20:20 . 2009-07-18 20:20 -------- d-----w- c:\documents and settings\Desktop\Application Data\Ahead
2009-07-18 20:17 . 2009-07-18 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-18 20:15 . 2009-07-06 18:29 17280 ----a-w- c:\documents and settings\Desktop\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 20:13 . 2009-07-18 19:58 -------- d-----w- c:\program files\Common Files\Nero
2009-07-18 20:06 . 2009-07-18 19:58 -------- d-----w- c:\program files\Nero
2009-07-18 20:05 . 2009-07-18 20:05 -------- d-----w- c:\program files\Windows Sidebar
2009-07-18 18:08 . 2009-07-18 18:08 -------- d-----w- c:\program files\Driver-Soft
2009-07-18 07:55 . 2009-07-18 07:55 -------- d-----w- c:\program files\ConvertHelper
2009-07-18 07:39 . 2009-07-18 07:39 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 18:32 . 2009-07-17 18:32 -------- d-----w- c:\program files\uTorrent
2009-07-17 17:04 . 2009-07-17 17:04 -------- d-----w- c:\documents and settings\Desktop\Application Data\Talkback
2009-07-17 17:04 . 2009-07-17 17:04 -------- d-----w- c:\documents and settings\Desktop\Application Data\Thunderbird
2009-07-17 16:57 . 2009-07-17 16:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-17 16:57 . 2009-07-17 16:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-16 19:23 . 2009-07-16 19:23 -------- d-----w- c:\program files\MSBuild
2009-07-16 19:23 . 2009-07-16 19:23 -------- d-----w- c:\program files\Reference Assemblies
2009-07-16 17:47 . 2009-06-30 08:09 -------- d-----w- c:\documents and settings\Desktop\Application Data\AVGTOOLBAR
2009-07-12 11:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 08:32 . 2009-07-03 08:23 105088 ----a-w- c:\windows\system32\drivers\nvata.sys
2009-07-03 08:32 . 2009-07-03 08:23 363008 ----a-w- c:\windows\system32\idecoiins.dll
2009-07-03 08:19 . 2009-07-03 08:19 315392 ----a-w- c:\windows\HideWin.exe
2009-06-30 20:37 . 2009-06-30 20:37 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 12:55 . 2009-06-30 12:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-30 08:09 . 2009-06-30 08:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2009-06-30 20:36 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-14 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Desktop\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Desktop\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/06/2009 09:09 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/06/2009 09:09 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [30/06/2009 09:09 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30/06/2009 09:09 297752]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4249931695.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]
2009-09-06 c:\windows\Tasks\User_Feed_Synchronization-{E0582F65-E71C-4AFA-9D72-8198CA1BB961}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Desktop\Application Data\Mozilla\Firefox\Profiles\bwu6xuob.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 19:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-09-06 19:42 - machine was rebooted [Desktop]
ComboFix-quarantined-files.txt 2009-09-06 18:42
Pre-Run: 209,747,447,808 bytes free
Post-Run: 213,518,036,992 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
244 --- E O F --- 2009-09-05 02:00