Help needed with about:blank

Hello, my homepage has been locked onto about:blank (which isn't actually blank - it seems to be a web site directory) and some truly disturbing web sites keep showing up on my bookmarks. I've also been seeing a dialogue box very like the one I use to dial up the internet, come up and ask to be connected. I've run both ad-aware and spybot, but one object continues to reappear.
Here it is from Ad-Aware:
CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

And here is:

Logfile of HijackThis v1.97.7
Scan saved at 10:23:59 PM, on 5/24/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP4 (5.51.3020.2100)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\cdplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\My Download Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {48CAE454-28E4-455B-A3EE-8A44B78FA7F5} - C:\WINNT\system32\gfnbcna.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\RealDownload\Realdownload.exe
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08b270e8c6037c010c06/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37949.8812037037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

I hope someone can help.
Thank you in advance.

 

Hi Ninox,

First make sure Windows and IE are fully updated.

Download and unzip: http://www.rokop-security.de/main/download.php?op=getit&lid=59
Then close as many programs as possible and click *Desinfektion starten*

Your computer wil reboot and start with the same program.
Close it and run HijackThis again. Post the new log.

Regards,

Pieter

 

Re: Help needed with about:blank (Just a question)

Hello Pieter,

No HijackThis log yet - I am at work and it's my home computer that has problems.

But am I correct in my understanding? There is a program/file on my computer that is hidden from spybot and other similar programs. It creates a visible file which can be removed, but it remains. Like a weed.

Would this work?

Download http://www.resplendence.com/download/reglite.exe
Open reglite and paste this value in the address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Windows\\AppInit_DLLs

Then double click:

AppInit_DLLs

You should be able to see a file with this address:

C:\Windows\System32\"Hidden".dll

Install the Windows Recovery Console Option.
Then in the Windows Recovery Console go to C:\Windows\System32, there modify the file by using the Attrib command, otherwise you won't be able to erase it, another way you could, is to change the name of the file.

C:\Winnt\System32: rename wdm.dll about_blank
C:\Winnt\System32: attrib -R about_blank

Reboot your system and open reglite again, go back to the same key:

AppInit_DLLs and delete the value.


So, what do you think?

And thank you again for your time and assistance

 

That is another way to tackle the problem. (or rather doing manually what the program does)

Whatever you prefer, Ninox.

Regards,

Pieter

 

Hello Pieter,

I'm sorry to say neither of the two options I tried worked.

You suggested that I try this:

Download and unzip: http://www.rokop-security.de/main/d...op=getit&lid=59
Then close as many programs as possible and click *Desinfektion starten*

Your computer wil reboot and start with the same program.
Close it and run HijackThis again. Post the new log.

However, when I clicked "start disinfection", the header bar read
"SP.html - Hijack Fixer --> not infected!" and nothing else happened.

I also tried:

Download http://www.resplendence.com/download/reglite.exe
Open reglite and paste this value in the address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Windows\\AppInit_DLLs

but nothing showed in the value.

Nonetheless, I ran HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 9:54:14 PM, on 5/25/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP4 (5.51.3020.2100)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\System32\cdplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\sphjfix107\SpHjfix.exe
C:\My Download Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {48CAE454-28E4-455B-A3EE-8A44B78FA7F5} - C:\WINNT\system32\gfnbcna.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\RealDownload\Realdownload.exe
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08b270e8c6037c010c06/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37949.8812037037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2ADB4D1-5860-472D-A8B2-5198ED742B42}: NameServer = 207.69.188.187 207.69.188.186

On the positive side of things, the disturbing web sites seem to have disappeared from my bookmarks. But my home page is still captive.

Can you help me?

Thanks bunches.

 

Hi Ninox,

I can help but you will need IE6 SP1. Select the correct language here: http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp
and visit Windows update after you finished the install

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\gfnbcna.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {48CAE454-28E4-455B-A3EE-8A44B78FA7F5} - C:\WINNT\system32\gfnbcna.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08b270e8c6037c010c06/netzip/RdxIE601.cab

Regards,

Pieter
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

Then reboot and scan with AdAware as described here:
https://www.wilderssecurity.com/showthread.php?t=15913

 

Hello Pieter,

I'm not sure if it worked. I do have my home page again . I ran Ad-aware as you recommended and came up with a number of things which I got rid of. I ran it again as a double-check. All clear.

However, when I ran Spybot (just in case), I came up with one item. I fixed it, but pasted the log here. I also ran HijackThis again. There is at least one more additional item than the last time I ran it (just before removing the items you listed). (I'm referring to the last item in the list. Where did it come from?)

Spybot
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-790525478-484763869-1957994488-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


HijackThis
Logfile of HijackThis v1.97.7
Scan saved at 1:51:20 AM, on 5/27/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETWOR~1\VIRUSS~1\AMGRSRVC.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\VIRUSS~1\VSTSKMGR.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\WINNT\System32\cdplayer.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\My Download Files\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\RealDownload\Realdownload.exe
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37949.8812037037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2ADB4D1-5860-472D-A8B2-5198ED742B42}: NameServer = 207.69.188.187 207.69.188.186

Is my computer close to being clean? (And these are just random questions in the off chance you feel like answering: What was this thing doing? Is some of my stuff now floating around in some other computer system somewhere? Assuming everything gets fixed/is already fixed, how much should I worry about what it did?)

Anyways, again, thank you very much for your help

 

Okay, maybe that last line was fine. But Spybot keeps finding the same object. I tell it to fix the problem, but it reappears again. Ad-aware, however, says everything is fine.

Thanks again

 

Hi Ninox,

I would ignore the Spybot warning since general consensus is it's a false positive.

CWS is obnoxious and hard to remove, but mostly a hijacker using trojan techniques. It does not copy and/or sell personal data as far as I know.

Your log looks clean.
Read here: https://www.wilderssecurity.com/showthread.php?t=27971
how to keep it that way.

Regards,

Pieter

 

Hello Pieter,

"I would ignore the Spybot warning since general consensus is it's a false positive."

General consensus?

Anyways, everything seems good. My computer behaves. I'm happy. You're absolutely wonderful. Thank you so very much!

 

My pleasure.

General consensus

Regards,

Pieter