Thanks, I’ll do this and reply later in the week. I have other commitments and won’t be able to scan my pc until then. Thanks so much for the quick response!!!
No problem - also aswMBR has been updated and now uses Avast to search for other bad boys, so if you get a chance after the TDSSkiller run could you download a new copy of aswMBR and run it please
Certainly I can do that. Could you give me a link to the updated copy? Thanks!!
Download aswMBR.exe ( 567KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the “Scan” button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
Here’s the log after running the new copy of aswMBR.exe that you linked me to. This log looks different and I’m not sure why. I haven’t run anything other than what you’ve suggested though I have NOT run the TDSSKiller yet.
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 11:40:08
11:40:08.140 OS Version: Windows 5.0.2195 Service Pack 4
11:40:08.140 Number of processors: 1 586 0x209
11:40:08.140 ComputerName: PAYROLLPC2008 UserName: 786
11:40:09.578 AVAST engine 6.0.1125 defs: 11061500
11:40:09.578 Initialize success
11:40:16.687 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-2
11:40:16.687 Disk 0 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 0MB BusType: 3
11:40:18.687 Disk 0 MBR read successfully
11:40:18.687 Disk 0 MBR scan
11:40:18.734 Disk 0 Win32:MBRoot-J [Trj]
11:40:18.734 Disk 0 MBR hidden
11:40:18.734 Disk 0 MBR [Win32:MBRoot] ROOTKIT
11:40:18.734 Disk 0 trace - called modules:
11:40:18.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81e5e1c8]<<
11:40:18.734 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x82046910]
11:40:18.734 3 CLASSPNP.SYS[eb420c60] → nt!IofCallDriver → \Device\0000001d[0x81e4ceb0]
11:40:18.734 5 ACPI.sys[bffde46b] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-2[0x81e35270]
11:40:18.734 AVAST engine scan C:\WINNT\system32
11:41:56.171 Scan finished successfully
11:42:20.250 Disk 0 MBR has been saved successfully to “Q:\tcom\Meg\System Error\MBR.dat”
11:42:20.265 The log file has been saved successfully to “Q:\tcom\Meg\System Error\aswMBR0615.txt”
Thanks
11:40:18.734 Disk 0 Win32:MBRoot-J [Trj] 11:40:18.734 Disk 0 MBR hidden 11:40:18.734 Disk 0 MBR [Win32:MBRoot] **ROOTKIT** 11:40:18.734 Disk 0 trace - called modules: 11:40:18.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81e5e1c8]<<There it is - lets see if TDSSKiller removes it first
I can’t get TDSSKiller to run/install on my system. I can extract it from the .zip file but when I click on TDSSKiller.exe it starts to install, it gets to about 40% then it blue-screens my system and I get a STOP error at the top, blah, blah, blah, and the verbiage on the next line is PAGE_FAULT_IN_NON PAGED_AREA.
I tried twice with it on my desktop then I tried a third time in a specially created folder on my C: drive which produced the same results.
Does this version of TDSSKiller maybe not work with Windows 2000?
Thanks
It should do - however, there are some variants around that do a double hit
So I will use another programme that will kill at least one of the elements and work from there
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
[*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
[*]Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
I ran the Combofix program from my desktop and it looked different from your graphics. It ran in a DOS window instead of a GUI interface. It also never asked me to load the Windows Recovery Console. Anyway, it seemed to do its thing then rebooted my pc. It looks like the Avast boot checker ran (which I did not intend to have happen) then it created the attached log.
I did disable Avast before starting ComboFix.
Here is the first half of the Log it created. I will post the second half in an additional post.
ComboFix 11-06-15.02 - 786 06/15/2011 14:19:47.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.503.316 [GMT -5:00]
Running from: c:\documents and settings\786\Desktop\ComboFix.exe
.
/wow section - STAGE 10
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\786\Local Settings\Temporary Internet Files\webex.ini
c:\winnt\Web\default.htt
.
.
.
.
((((((((((((((((((((((((( Files Created from 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))))
.
.
2011-06-15 17:48 . 2011-06-15 17:48 94512 ----a-w- c:\winnt\system32\drivers\05429877.sys
2011-06-15 17:41 . 2011-06-15 17:41 94512 ----a-w- c:\winnt\system32\drivers\32714536.sys
2011-06-15 17:38 . 2011-06-15 17:38 94512 ----a-w- c:\winnt\system32\drivers\17440392.sys
2011-06-10 14:10 . 2011-05-10 12:03 307928 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2011-06-10 14:10 . 2011-05-10 11:59 19544 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2011-06-10 14:10 . 2011-05-10 11:59 25432 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2011-06-10 14:10 . 2011-05-10 12:03 441176 ----a-w- c:\winnt\system32\drivers\aswSnx.sys
2011-06-10 14:10 . 2011-05-10 12:02 49240 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2011-06-10 14:10 . 2011-05-10 12:02 102616 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2011-06-10 14:10 . 2011-05-10 12:02 96344 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2011-06-10 14:10 . 2011-05-10 11:59 30808 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2011-06-10 14:10 . 2011-05-10 12:10 40112 ----a-w- c:\winnt\avastSS.scr
2011-06-10 14:10 . 2011-05-10 12:10 199304 ----a-w- c:\winnt\system32\aswBoot.exe
2011-06-10 14:10 . 2011-06-10 14:10 -------- d-----w- c:\program files\AVAST Software
2011-06-10 14:10 . 2011-06-10 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren’t necessarily malware.
.
.
[-] 2004-07-09 09:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
c:\winnt\System32\comres.dll … is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HRCAgent”=“c:\program files\Paychex\HRCAgent\HRCSync.exe” [2011-02-21 411136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Synchronization Manager”=“mobsync.exe” [2003-06-19 111376]
“igfxtray”=“c:\winnt\System32\igfxtray.exe” [2005-09-20 94208]
“igfxhkcmd”=“c:\winnt\System32\hkcmd.exe” [2005-09-20 77824]
“igfxpers”=“c:\winnt\System32\igfxpers.exe” [2005-09-20 114688]
“Smapp”=“c:\program files\Analog Devices\SoundMAX\SMTray.exe” [2003-01-31 98304]
“DrvLsnr”=“c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe” [2002-05-28 69632]
“NWTRAY”=“NWTRAY.EXE” [2001-12-18 28672]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2011-01-31 35760]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2010-09-21 932288]
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2011-05-10 3459712]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“^SetupICWDesktop”=“c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe” [2003-06-19 186640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
R1 aswSP;aswSP;c:\winnt\system32\drivers\aswSP.sys [6/10/2011 9:10 AM 307928]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [6/10/2011 9:10 AM 19544]
R2 aswMon;aswMon;c:\winnt\system32\drivers\aswmon.sys [6/10/2011 9:10 AM 96344]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [4/28/2008 3:21 PM 49776]
R3 xcpip;TCP/IP Protocol Driver;c:\winnt\system32\drivers\xcpip.sys → c:\winnt\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\winnt\system32\drivers\xpsec.sys → c:\winnt\system32\drivers\xpsec.sys [?]
S1 aswSnx;aswSnx;c:\winnt\system32\drivers\aswSnx.sys [6/10/2011 9:10 AM 441176]
S3 16971231;16971231;c:\winnt\system32\drivers\17440392.sys [6/15/2011 12:38 PM 94512]
S3 17650505;17650505;c:\winnt\system32\drivers\05429877.sys [6/15/2011 12:48 PM 94512]
S3 21394707;21394707;c:\winnt\system32\drivers\32714536.sys [6/15/2011 12:41 PM 94512]
.
— Other Services/Drivers In Memory —
.
NewlyCreated - IPNAT
NewlyCreated - RASAUTO
NewlyCreated - SHAREDACCESS
.
.
Here is the other half of the log…
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: webex.com
Trusted Zone: webex.com\paychexeservices
TCP: DhcpNameServer = 64.65.208.6 64.65.196.6 169.207.1.3
TCP: Interfaces{AB28806F-C80A-4258-8752-F191B40F520D}: NameServer = 64.65.208.6,64.65.196.6
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\786\Application Data\Mozilla\Firefox\Profiles\t8olmv10.default
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?r812=1230057674
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bcc7b74&v=6.010.006.004&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: yahoo.homepage.dontask - true
.
-
-
-
- ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-16971231.sys
SafeBoot-17650505.sys
SafeBoot-21394707.sys
.
.
.
- ORPHANS REMOVED - - - -
-
-
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-15 14:29
Windows 5.0.2195 Service Pack 4 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
-
-
-
-
-
-
-
‘winlogon.exe’(224)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
c:\winnt\system32\NOVNPNT.DLL
c:\winnt\system32\MAPBASE.dll
c:\winnt\system32\NWSHLXNT.dll
c:\winnt\system32\NLS\ENGLISH\MAPBASER.DLL
c:\winnt\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\winnt\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
-
-
-
-
-
-
-
-
-
-
-
-
-
‘Explorer.exe’(1524)
c:\winnt\system32\SHDOCVW.DLL
c:\winnt\system32\NOVNPNT.DLL
c:\winnt\system32\MAPBASE.dll
c:\winnt\system32\NWSHLXNT.dll
c:\winnt\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\winnt\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\NWTRAY.EXE
c:\program files\AVAST Software\Avast\setup\avast.setup
.
-
-
-
-
-
-
.
Completion time: 2011-06-15 14:33:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-15 19:33
.
Pre-Run: 34,594,770,944 bytes free
Post-Run: 35,241,209,856 bytes free
.
-
- End Of File - - 7A5A3726CAD79270C10CD439D8A0F900
End of log
Could you run aswMBR once more please if it detects the Disk 0 MBR [Win32:MBRoot] ROOTKIT
Click Scan
On completion of the scan
Click the FIXMBR Button
http://public.avast.com/~gmerek/aswMBR4.png
Save the log as before and post in your next reply
Okay, I did what you suggested but it doesn’t seem to have worked.
Here is the log.
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-15 17:02:27
17:02:27.484 OS Version: Windows 5.0.2195 Service Pack 4
17:02:27.484 Number of processors: 1 586 0x209
17:02:27.500 ComputerName: PAYROLLPC2008 UserName: 786
17:02:27.968 AVAST engine 6.0.1125 defs: 11061501
17:02:27.968 Initialize success
17:02:34.031 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-2
17:02:34.031 Disk 0 Vendor: Maxtor_6E040L0 NAR61EA0 Size: 0MB BusType: 3
17:02:36.031 Disk 0 MBR read successfully
17:02:36.031 Disk 0 MBR scan
17:02:36.031 Disk 0 Win32:MBRoot-J [Trj]
17:02:36.031 Disk 0 MBR [Win32:MBRoot] ROOTKIT
17:02:36.031 Disk 0 scanning C:\WINNT\system32\drivers
17:02:42.437 Service scanning
17:02:43.265 Disk 0 trace - called modules:
17:02:43.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:02:43.265 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x82080450]
17:02:43.265 3 CLASSPNP.SYS[eb420c60] → nt!IofCallDriver → \Device\0000001d[0x81e1df10]
17:02:43.265 5 ACPI.sys[bffde46b] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-2[0x82081db0]
17:02:43.765 AVAST engine scan C:\WINNT\system32
17:03:57.750 Scan finished successfully
17:04:22.468 Disk 0 MBR fix error
17:08:28.406 Disk 0 MBR fix error
17:08:48.265 Disk 0 MBR has been saved successfully to “Q:\tcom\Meg\System Error\MBR.dat”
17:08:48.281 The log file has been saved successfully to “Q:\tcom\Meg\System Error\aswMBR0615b.txt”
Thanks
I have a multitude of tools that will work -
Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.
*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.
mbr -f
Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.
**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
Thanks but this version of HelpAsst_mebroot_fix.exe is not compatible with my system. When I try to execute the program it opens a DOS window with a message that reads “This tool is not compatible with your system”… hit any key to continue.
Sorry
Do you have the win2000 recovery console installed ?
No, I do not.
Do you have the win 2K cd’s ? as we can install from there
Yes, I do have the Windows 2000 CD
Starting the Windows Recovery Console
To start the Windows Recovery Console, use any of the following methods:
Start your computer with the Windows Setup floppy disks, or with the Windows CD-ROM.
At the “Welcome to Setup” screen, press F10, or press R to repair, and then press C (Windows 2000 only) to start the Windows Recovery Console.
Select the appropriate number for the Windows installation that you want to repair, and then type the administrator password.
If the administrator password does not exist, just press ENTER.
At the command prompt type
Fixmbr
Press enter and then reboot
Add the Windows Recovery Console to the Windows Startup folder by using Winnt32.exe with the /cmdcons switch. This procedure requires approximately 7 MB of hard disk space on your system partition to hold the Cmdcons folder and files.
Why is it that nothing is ever easy or straight forward?
I can’t load the recovery console in a conventional manner because for whatever reason it tells me the OEM files can’t be loaded…
Anyway, I was able to access the Recovery console by booting from the Windows 2000 setup CD and choosing the Recovery option, then by choosing the “C” option. I selected the correct partition and ran FIXMBR. It then gives me the following message;
** Caution **
This computer appears to have a non-standard or invalid master boot record.
FIXMBR may damage your partition tables if you proceed.
This could cause all the partitions on the current hard disk to become inaccessible.
If you are not having problems accessing your drive, do not continue.
Are you sure you want to write a new MBR?
END OF WARNING ON SCREEN
Should I continue? If so, I am assuming I would just type Y and [enter]?
Please advise,