I ran Combo Fix and it was suggested that I post my log file...does anyone see anything else that will cause problems?
ComboFix 09-01-21.04 - pward 2009-01-28 12:27:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1521 [GMT -5:00]
Running from: c:\documents and settings\pward\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aaISDcdd.ini
c:\windows\system32\aaISDcdd.ini2
c:\windows\system32\awtqrpmj.dll
c:\windows\system32\bywditgl.ini
c:\windows\system32\drivers\gaopdxijxvmlkt.sys
c:\windows\system32\gaopdxexwpuysi.dll
c:\windows\system32\rebprivx.dll
c:\windows\system32\srrutBeg.ini
c:\windows\system32\srrutBeg.ini2
c:\windows\system32\vnasuvjp.ini
c:\windows\Tasks\sejkyzbv.job
----- BITS: Possible infected sites -----
hxxp://SMS-SJ1:80
hxxp://10.8.189.146:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.
2009-01-27 22:07 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-27 21:05 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-27 21:04 . 2009-01-27 21:04 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 21:03 . 2009-01-27 21:03 <DIR> d-------- c:\program files\Lavasoft
2009-01-27 20:36 . 2009-01-27 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\documents and settings\pward\Application Data\Malwarebytes
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 09:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 09:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 21:58 . 2009-01-26 21:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-26 21:58 . 2009-01-26 21:58 262,144 --a------ C:\ntuser.dat
2009-01-26 21:39 . 2009-01-26 21:58 <DIR> d-------- c:\program files\Yahoo!
2009-01-26 21:39 . 2009-01-26 21:39 <DIR> d-------- c:\program files\Common Files\Scanner
2009-01-26 16:21 . 2009-01-26 16:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-26 16:21 . 2009-01-26 21:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 16:46 . 2009-01-20 16:46 <DIR> d-------- c:\program files\FLPQuoteTool
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 02:59 --------- d-----w c:\documents and settings\pward\Application Data\Yahoo!
2009-01-27 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-26 18:14 --------- d-----w c:\documents and settings\pward\Application Data\Apple Computer
2009-01-05 19:34 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-12 17:57 --------- d-----w c:\program files\Common Files\AOL
2008-12-11 15:22 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-07 00:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-07 00:37 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-07 00:37 --------- d-----w c:\program files\AIM Search
2008-06-25 12:22 62,910 ----a-w c:\program files\Uninstall.exe
2008-06-25 12:22 0 ----a-w c:\program files\uninstall.dat
2006-12-29 19:15 626,688 ----a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 19:15 40,960 ----a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 19:15 3,100,672 ----a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 19:15 192,512 ----a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 14:26 1,129,984 ----a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 14:26 1,124,864 ----a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-18 91440]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8495104]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-04-04 136512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-22 33280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-18 91440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 18:54 89600 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mxjjlr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0HiberNative\0lsdelete
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PKIWirelessReg.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\0\0]
"Script"=SP2_FW_Disable.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\1\0]
"Script"=Admin2Computer.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\2\0]
"Script"=SMSLogonScriptGA.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\3\0]
"Script"=ComputersContainerToOU.vbe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\PCHealth\\HelpCTR\\Binaries\\helpsvc.exe"= ”c:\\Windows\\PCHealth\\HelpCTR\\Binaries\\helpsvc.exe
"c:\\Windows\\system32\\sessmgr.exe"= ”c:\\Windows\\system32\\sessmgr.exe
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Offer Remote Assistance Service
"62515:UDP"= 62515:UDP:Cisco VPN Service
"8081:TCP"= 8081:TCP:EPO Update
"3389:TCP"= 3389:TCP:Remote Desktop
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *
R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2005-04-27 11456]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2005-04-28 90688]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-27 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 19760]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-01-03 59904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-01-04 4442]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-05-27 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-05-27 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2006-09-20 8064]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-01-04 81280]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R4 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-09-21 167936]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R4 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2007-07-25 45640]
R4 PCG Protect;PCG Protect;c:\program files\PC Guardian\EP Hard Disk\User\PCGProt.exe [2005-06-29 61440]
R4 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-19 24652]
R4 WebClientSrv;WebClientSrv;c:\program files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe [2005-06-21 262144]
R4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 106496]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2006-09-20 16128]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2006-09-20 113408]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2006-09-20 34560]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-09-30 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-09-30 73856]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-06-13 15744]
S4 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [2007-07-25 5218304]
S4 EphdXlatService;EphdXlatService;c:\program files\PC Guardian\EP Hard Disk\User\DISrv.exe [2005-06-29 192512]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ENTDRV51
*Deregistered* - ephdlink
.
Contents of the 'Scheduled Tasks' folder
2009-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]
2009-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-06-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-21 00:19]
.
- - - - ORPHANS REMOVED - - - -
BHO-{96AD8821-B1CD-4F80-A9AA-344588F4AE90} - c:\windows\system32\ddcDSIaa.dll
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {292CBB36-AC91-11D1-B911-080009EF1192} - hxxp://mercedes.corp.adobe.com:99/fm/ui/CabFiles/jfITEnvelopeCtrl.cab
FF - ProfilePath - c:\documents and settings\pward\Application Data\Mozilla\Firefox\Profiles\w6i69qlp.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJPI142_16.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 12:38:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
- - - - - - - > 'lsass.exe'(1360)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\windows\system32\bmnet.dll
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(7960)
c:\windows\system32\EntApi.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\CCM\SMSCliUI.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-01-28 12:48:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-28 17:48:21
Pre-Run: 122,973,618,176 bytes free
Post-Run: 124,158,275,584 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
288