Multiple threat detection (Resolved)

**ranjee** · 2009-07-22, 06:49

Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 5.1.2600 Service Pack 2

22/07/2009 00:03:24
mbam-log-2009-07-22 (00-03-24).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 147987
Time elapsed: 25 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Backdoor.Poison) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regdiit (Backdoor.Poison) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winjpg.jpg (Backdoor.Poison) -> Delete on reboot.
C:\winfile.jpg (Backdoor.Poison) -> Delete on reboot.
C:\WINDOWS\system32\wscript.exe (Backdoor.Poison) -> Delete on reboot.

**************************************************
ComboFix 09-07-21.03 - Zecharia 07/22/2009 7:32.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1037.18.2047.1588 [GMT 3:00]
Running from: c:\documents and settings\Zecharia\שולחן העבודה\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\_005863_.tmp.dll
c:\windows\system32\_005864_.tmp.dll
c:\windows\system32\_005865_.tmp.dll
c:\windows\system32\_005866_.tmp.dll
c:\windows\system32\_005873_.tmp.dll
c:\windows\system32\_005874_.tmp.dll
c:\windows\system32\_005875_.tmp.dll
c:\windows\system32\_005876_.tmp.dll
c:\windows\system32\_005878_.tmp.dll
c:\windows\system32\_005879_.tmp.dll
c:\windows\system32\_005882_.tmp.dll
c:\windows\system32\_005883_.tmp.dll
c:\windows\system32\_005885_.tmp.dll
c:\windows\system32\_005886_.tmp.dll
c:\windows\system32\_005887_.tmp.dll
c:\windows\system32\_005889_.tmp.dll
c:\windows\system32\_005892_.tmp.dll
c:\windows\system32\_005893_.tmp.dll
c:\windows\system32\_005897_.tmp.dll
c:\windows\system32\_005898_.tmp.dll
c:\windows\system32\_005900_.tmp.dll
c:\windows\system32\_005903_.tmp.dll
c:\windows\system32\_005905_.tmp.dll
c:\windows\system32\_005906_.tmp.dll
c:\windows\system32\_005907_.tmp.dll
c:\windows\system32\_005908_.tmp.dll
c:\windows\system32\_005909_.tmp.dll
c:\windows\system32\_005912_.tmp.dll
c:\windows\system32\_005913_.tmp.dll
c:\windows\system32\_005914_.tmp.dll
c:\windows\system32\_005915_.tmp.dll
c:\windows\system32\_005916_.tmp.dll
c:\windows\system32\_005921_.tmp.dll
c:\windows\system32\_005923_.tmp.dll
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
E:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-21 20:34 . 2009-07-21 20:34 -------- d-----w- c:\documents and settings\Zecharia\Application Data\Malwarebytes
2009-07-21 20:34 . 2009-07-13 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 20:34 . 2009-07-21 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 20:34 . 2009-07-13 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 10:52 . 2009-07-07 09:39 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 07:40 . 2009-07-18 07:41 -------- d-----w- c:\documents and settings\Zecharia\Local Settings\Application Data\Temp
2009-07-17 16:45 . 2009-07-17 16:45 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-11 17:43 . 2000-05-01 20:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2009-07-09 11:36 . 2009-07-07 09:39 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-06-29 20:34 . 2009-06-29 20:34 -------- d-----w- c:\documents and settings\Zecharia\Local Settings\Application Data\Identities
2009-06-25 14:50 . 2009-07-07 09:39 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-24 18:53 . 2009-06-24 18:53 -------- d-----w- c:\documents and settings\LocalService\שולחן העבודה
2009-06-24 03:29 . 2009-06-24 03:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-23 19:25 . 2009-06-23 19:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-23 19:24 . 2009-06-23 19:34 -------- d-----w- c:\documents and settings\Zecharia\Local Settings\Application Data\Google
2009-06-23 19:23 . 2009-06-23 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-23 19:23 . 2009-06-23 19:27 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 17:33 . 2009-03-01 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-17 16:44 . 2009-02-28 17:54 -------- d-----w- c:\program files\Common Files\Real
2009-07-10 06:38 . 2009-03-22 06:32 -------- d-----w- c:\documents and settings\Zecharia\Application Data\Canon
2009-07-07 09:39 . 2009-01-29 22:36 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-21 17:19 . 2009-01-29 22:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-19 20:51 . 2009-06-12 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 05:33 . 2009-06-12 05:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-02 10:37 . 2009-06-12 06:09 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-11 20:00 . 2009-01-29 22:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-11 20:00 . 2009-01-29 22:36 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 10:59 . 2003-04-09 12:00 59424 ----a-w- c:\windows\system32\perfc00d.dat
2009-05-02 10:59 . 2003-04-09 12:00 314342 ----a-w- c:\windows\system32\perfh00d.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 06:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-08-27 1667584]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2005-07-28 483328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-11-17 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-27 15360]

c:\documents and settings\Zecharia\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
ERUNT AutoBackup.lnk - e:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Netvision Cable Connect.url [2009-6-29 97]

c:\documents and settings\All Users\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-AF00-7760-100000000002}\SC_Acrobat.exe [2009-2-4 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-1-31 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 20:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LangOver"=c:\program files\LangOver\LangOver.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/01/2009 01:36 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/01/2009 01:36 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [30/01/2009 01:36 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30/01/2009 01:36 298776]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/02/2009 00:58 19616]
S2 gupdate1c9f43852980e14;שירות Google Update (gupdate1c9f43852980e14);c:\program files\Google\Update\GoogleUpdate.exe [23/06/2009 22:25 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-23 19:23]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 19:24]

2009-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-23 19:24]

2009-07-17 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-02 13:31]

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{990BAC38-7C00-4FB5-BBE6-BA6290288CBE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ynet.co.il/
uInternet Connection Wizard,ShellNext = iexplore
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 07:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1348)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\INTERV~1\WinDVR\WINSCH~1.EXE
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-22 7:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 04:40

Pre-Run: 6,819,102,720 bytes free
Post-Run: 6,939,074,560 bytes free

210 --- E O F --- 2009-02-04 04:48

**katana** · 2009-07-22, 12:15

I'm afraid I have unpleasant news for you. You have evidence of at least one Very Dangerous infection on this machine.

Files Infected:
C:\WINDOWS\system32\winjpg.jpg (Backdoor.Poison) -> Delete on reboot.
C:\winfile.jpg (Backdoor.Poison) -> Delete on reboot.
C:\WINDOWS\system32\wscript.exe (Backdoor.Poison) -> Delete on reboot.

http://www.threatexpert.com/report.a...4abd534648d661

A malicious backdoor trojan that runs in the background and allows remote access to the compromised system

It allow outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:

The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have the worst kind.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.

While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.

**ranjee** · 2009-07-22, 17:23

Hellow,
I have decided to reformat.

**katana** · 2009-07-22, 20:44

Wise move.

Here is a check list of items that you will need for a reformat.

1 - Backup Your Data
Copy all your data to a separate drive, CD, DVD, etc.
It may be a good idea to check the files that you backup with an online scanner, you don't want to be reinfected.
http://www.kaspersky.com/virusscanner

2 - Back Up Your Drivers
Particularly important if your computer was not delivered with driver CDs

Driver Genius Pro finds updates and backs up your drivers into an exe installer - very simple to re-install
Or there's the free DriverMax from http://www.innovative-sol.com

3 - Download Programs, Installers, and Updates
Make sure you have all the programs you will need to re-install such as an Antivirus, a Firewall, and, if not included on the installation disk, Microsoft's Service Pack 2 for Windows XP.
Take note of all the product keys and serial numbers. These may be on boxes, CDs, or in emails.

4 - Make Sure You Can Get Back Online
Check that you have modem drivers, set up instructions, and log-in details.

5 - Boot From The Windows CD and Install
Physically disconnect your internet cable between the computer and the modem/router
If your computer isn't set to boot from CD, look for the option to enter the BIOS setup during startup - usually Del, F1 or F2
In the BIOS, look for the option to change the order of boot devices
Select the CD drive as the first option
Save and exit

6 - Reload Drivers
Once the Windows installation is complete, re-load the drivers you save in 2 above

7 - Install Security Programs
Install your Antivirus, Firewall, and other security programs

8 - Install Any Microsoft Updates
Reconnect your computer to the internet and go to the Microsoft Updates site: http://update.microsoft.com/microsoftupdate
Download and install any required updates

9 - Install Any Programs
Finally, install any programs you need to run

If you have any questions, don't hesitate to ask.

**ranjee** · 2009-07-25, 07:12

While windows is updating , I have difficulties in downloading iexplorer 7 and updates of AVG. I recieve the note "file is currupt" .

**katana** · 2009-07-25, 09:00

That could be just connection problems on the net.

Try it again.

**ranjee** · 2009-07-26, 06:25

I managed with the Avira antivirus program.
I have also the Nvidea firewall that comes with the Asus motherboard.
Shall I continue to use it ?

Thanks for your help
Zac.

Thread: Multiple threat detection (Resolved)

Thread Tools

Display

Hybrid View

Back on the air..

Posting Permissions