Unsolved
This post is more than 5 years old
66 Posts
0
2624
windows explorer fake security virus
i'm pretty sure i have a virus. it has hidden my files and also it has dissassociated .exe files. like when i would try to run my windows media player i couldn't. i have had to use the system restore frequently. but it even tries to keep me from using this. it also has a tendency to even not let me access the web (yahoo) because it says something to the effect that this site could place your computer at risk. this is a pretty bad virus i've been told. and not easily found and eliminated. but i thought i would try this fourm before i have to wipe the hard drive and try to re-install everything. that would be a BIG hassle. when it happens it uses that legitimate-looking windows explorer shield looking thing. then it starts trying to do all these scans and wants you to download some kind of security software or something. anyway, it's all bogus and it's driving me nuts. i sure hope you can help me isolate and eliminate it. i have no idea where it might be hiding but like i say i've heard it's a pretty tricky/difficult one to deal with. but if you could give it a shot i'de sure appreciate!
thank you for any help you might be able to render.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:59:21 PM, on 6/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301185823.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://www.adobe.com/shockwave/welcome/"
O4 - HKUS\S-1-5-21-4076396399-1108333388-2233356946-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-4076396399-1108333388-2233356946-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-4076396399-1108333388-2233356946-500\..\RunOnce: [AVG search provider] "C:\Program Files\AVG\AVG10\SearchProvider.exe" /AFTERINST (User 'Administrator')
O4 - HKUS\S-1-5-21-4076396399-1108333388-2233356946-501\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Guest')
O4 - HKUS\S-1-5-21-4076396399-1108333388-2233356946-501\..\RunOnce: [AVG search provider] "C:\Program Files\AVG\AVG10\SearchProvider.exe" /AFTERINST (User 'Guest')
O4 - S-1-5-21-4076396399-1108333388-2233356946-501 Startup: Seagate Product Registration.lnk = C:\Documents and Settings\Guest\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (User 'Guest')
O4 - S-1-5-21-4076396399-1108333388-2233356946-501 User Startup: Seagate Product Registration.lnk = C:\Documents and Settings\Guest\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (User 'Guest')
O4 - Startup: Seagate Product Registration.lnk = C:\Documents and Settings\Eric\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145241448016
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay118.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 11441 bytes
xttt
66 Posts
0
June 28th, 2011 19:00
the most recent security check log follows:
Results of screen317's Security Check version 0.99.16
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 20
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
please note however that i do not
think java is currently operating
on my system. it says it is installed
but i do not think it is working. i have received
the message no working java was detected
on my system. (from the java website)
help please.
gahixon1
62 Posts
0
June 30th, 2011 07:00
Hi xttt,
Could you please go into Add/Remove programs and uninstall
Java(TM) 6 Update 20
As well as any other instances of Java. After this, please go to HERE and download the latest version of Java.
This should allow Java to install successfully.
Let me know if that works.
George
xttt
66 Posts
0
June 30th, 2011 18:00
hi GAHIXON1,
the above is a screen shot (word document) of the error message i received when
trying to remove from the control panel. same error occurs.
i think it could be a registry key problem. but you would
think java would have a fix. i get the feeling this is not
an unusual error. however i certainly have no way of
fixing it. especially if it involves the registry. i've heard one
has to be extremely careful/knowledgeable when working in the registry.
sooooo, maybe i'll just have to get by without java?
anyway, any suggestions appreciated. i have no doubt
the computer is cleaner now.
i'm certainly open to any further suggestions as to
how to uninstall/reinstall java. so if you can come up
with something to try i'm certainly willing. (provided
of course you're certain there is no danger in doing so.)
would you like me to run and post another hijack this or mbam log?
thank you GAHIXON1!
(well, i thought i inserted the screen shot but i don't see
it. anyway, same error: Internal Error 2753.regutils.dll)
gahixon1
62 Posts
0
July 1st, 2011 15:00
Hi xttt,
Did you run JavaRa in my previous instructions? This will remove all previous versions of Java and produce a log. If you did please try this to uninstall Java instead.
George
xttt
66 Posts
0
July 1st, 2011 18:00
hi GAHIXON1,
say that worked!! yea!! the latest version of java
is installed. thanks!!!
below is the latest security check log:
Results of screen317's Security Check version 0.99.16
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 26
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
thanks soooooooo much for your help!!
please let me know if there's anything else i need to do.
will you let me know which of the tools i can delete. or should i just
leave them in place.
also was wondering what you recommend with regard to mse alert levels.
i have set mine at severe alert - delete, high alert - delete, medium - quarantine,
and low - quarantine. (or should i just put all them at delete?)
gahixon1
62 Posts
0
July 2nd, 2011 20:00
Hi xttt,
Those alert levels seem fine. With the lower alert levels, these can sometimes be FP (False Positives). So, it's always better to be able to drop back on a wrongly identified file in the quarantine. A luxury you do not have if the file is deleted.
These next steps will remove all the tools we have used and perform a few other important tasks. After these steps, if all goes well, I will post you some useful information to prevent reinfection in the future.
Step 1
ATF Cleaner
Please download ATF Cleaner by Atribune.
This program is for Windows 98/ME/2K/XP and Vista
If you use Firefox browser
If you use Opera browser
Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.
Step 2
Remove ComboFix, delete infected restore points, etc.
Please go to Start, then click on Run and copy and paste the following into the Run box:
combofix /uninstall
and tap . Wait until the process completes. This will delete ComboFix, all of the ComboFix backups, delete your infected restore points and create a new one, delete your tmp files, and your trash, etc. In other words it will clean up some of the leftover junk on your system that was either deleted or quarantined.
*ComboFix is a powerful tool that changes often and should not be used unless directed by someone trained in its use.*
Step 3
OTC
If you are using Vista, please right-click and choose run as administrator
In your reply
Let me know how your system is running
xttt
66 Posts
0
July 3rd, 2011 10:00
hi Gahixon1,
i think it's a lot better. there used to be
over 50 processes running. now there are
only about 40. the machine used to be
very, very slow. now it's much quicker.
so thank you sooooooo much!! now if
this machine could just stop such nasty malware and
viruses from getting in. that would really be great.
thanks again for this fourm and your assistance.
sincerely,
gahixon1
62 Posts
0
July 4th, 2011 07:00
I think we are all done. If you have any further questions, please do not hesitate to ask. Next will follow my standard end response. Please read through this, nas it contains a lot of information about preventing malware in the future.
Make proper use of your anti-virus and firewall
Anti-virus and Firewall programs are integral to your computer security. However, just having them installed isn't enough.
The definitions of these programs are frequently updated to detect the latest malware. If you don't keep up with these updates, you'll be vulnerable to infection. Many anti-virus and firewall programs have automatic update features. Turn the automatic updates on if your programs have them. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your anti-virus and firewall guard enabled at all times. NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
Antispyware programs:
I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
Web of Trust warns you about risky websites that try to scam
visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox, Internet Explorer and Google Chrome.
Green to go,
Yellow for caution, and
Red to stop.
Please remember to update MBAM every time before you run it.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection,and there are a few good free alternatives:
Firefox,
Opera
Chrome.
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It'sdefinitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer,it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
Here a couple of links by two security experts that will give some excellent tips and advice.
So how did I get infected in the first place by Tony Klein
How to prevent Malware by Miekiemoes
Finally this link HERE will give a comprehensive up-to-date list of free Security programs. To include - Anti-virus, Antispyware, Firewall, Anti-malware, Online scanners and rescue CD`s.
Thanks for using Dell Forums. I do not see any evidence of malware in any of your logs and if your computer is running well,
it appears we have solved the problem.
George