[BonbonRose]

ComboFix 11-07-15.02 - aa 07/16/2011 2:05.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.503.220 [GMT 2:00]
Running from: c:\documents and settings\aa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\aa\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-11 15:27 . 2011-07-11 16:06 -------- dc----w- c:\documents and settings\aa\DoctorWeb
2011-07-02 19:08 . 2010-11-12 08:13 171344 -c----w- C:\SK.com
2011-06-23 22:18 . 2011-06-23 22:18 -------- dc----w- c:\windows\speech
2011-06-23 21:28 . 1996-11-05 14:19 247648 -c--a-w- c:\windows\UNINST16.EXE
2011-06-23 03:42 . 2011-06-23 03:42 -------- dc----w- c:\program files\Replay Converter
2011-06-23 03:40 . 2011-06-23 03:40 -------- dc----w- c:\documents and settings\aa\Local Settings\Application Data\{B734406A-61B5-4E1D-A964-81B07B93BB70}
2011-06-23 01:16 . 2011-06-23 01:16 -------- dc----w- c:\documents and settings\aa\Application Data\SumatraPDF
2011-06-21 03:33 . 2011-06-21 03:33 -------- dc----w- c:\program files\Photodex Presenter
2011-06-21 03:33 . 2011-06-21 03:33 -------- dc----w- c:\documents and settings\aa\Application Data\Netscape
2011-06-18 18:12 . 2011-06-18 18:12 -------- dcsh--w- c:\windows\ftpcache
2011-06-17 19:34 . 2011-06-17 19:34 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 14:29 . 2010-06-26 20:54 47104 -c--a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-11_12.22.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-15 23:59 . 2011-07-15 23:59 16384 c:\windows\Temp\Perflib_Perfdata_140.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-06-12 289088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-29 113664]
.
[HKLM\~\startupfolder\C:^Documents and Settings^aa^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\VIA\RAID\VIA RAID TOOL.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-07-04 09:31 148776 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2011-06-12 18:07 289088 -c--a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2001-08-22 12:01 35840 -c--a-w- c:\windows\system32\TaskSwitch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
2006-10-05 14:17 53248 -c----w- c:\windows\Ctregrun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 05:17 163840 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 05:17 131072 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 08:19 451872 -c--a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 14:20 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 09:50 161064 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 05:16 135168 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2010-12-11 12:22 2584384 -c--a-w- c:\program files\RFA 8\rfagent32.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\JetAudio\\JetAudio.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\aa\\Application Data\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/25/2010 12:32 AM 13608]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/1/2005 11:26 PM 1275584]
S2 CachemanService;Cacheman Service;c:\program files\Cacheman\CachemanServ.exe --> c:\program files\Cacheman\CachemanServ.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 8:28 AM 11336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 08:17 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]
.
2011-07-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\aa\Application Data\Mozilla\Firefox\Profiles\tbh86gz1.Completely plane\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS2&o=41648336&locale=en_US&apn_uid=E8882CD7-0663-40D5-B312-4294B8A53B98&apn_ptnrs=9H&apn_sauid=56CC7ED8-A7E6-48AE-8348-48C03DFD4EEA&apn_dtid=YYYYYYYYEG&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Categorize: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 02:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{50f43cec-e7a9-4ff1-9f66-9edc174040b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000141
"Therad"=dword:00000026
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ab,9e,50,1b,eb,77,d1,ab,df,61,9e,85,e7,1f,1b,8d,83,e0,8b,c5,07,bb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,85,dd,9d,ca,84,bf,cb,f1,23,cf,1d,d6,65,c7,15,75,63,09,89,d1,
35,25,36,8b,a8,7b,4d,da,71,20,31,da,00,fd,db,7c,bb,8b,e8,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8a,f4,16,82,0f,47,ef,ba,6c,46,1c,a0,bd,c5,e7,ed,1f,c7,b5,3b,73,
47,a0,74,f6,a3,54,f6,56,22,1c,2a,7f,47,22,aa,26,57,34,ee,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7e276be2-310d-4c68-94ea-2e3282b0edbb}]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-16 02:12:33
ComboFix-quarantined-files.txt 2011-07-16 00:12
ComboFix2.txt 2011-07-15 22:17
ComboFix3.txt 2011-07-11 12:26
.
Pre-Run: 1,976,242,176 bytes free
Post-Run: 1,981,087,744 bytes free
.
- - End Of File - - 387531B1D73651CAFEE7A926DCD17260

[Advertisements]

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[azarl]

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[BonbonRose]

aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-16 16:08:24
-----------------------------
16:08:24.281 OS Version: Windows 5.1.2600 Service Pack 3
16:08:24.281 Number of processors: 2 586 0x403
16:08:24.281 ComputerName: NOHA UserName: aa
16:08:24.468 Initialize success
16:10:06.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
16:10:06.750 Disk 0 Vendor: WDC_WD16 08.0 Size: 152626MB BusType: 1
16:10:06.750 Device \Driver\viamraid -> DriverStartIo SCSIPORT.SYS f845c40e
16:10:06.750 Disk 0 MBR read successfully
16:10:06.750 Disk 0 MBR scan
16:10:06.765 Disk 0 Windows XP default MBR code
16:10:06.765 Disk 0 scanning sectors +312576705
16:10:06.828 Disk 0 scanning C:\WINDOWS\system32\drivers
16:10:18.828 Service scanning
16:10:19.906 Disk 0 trace - called modules:
16:10:19.921 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll viamraid.sys
16:10:19.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82363030]
16:10:19.921 3 CLASSPNP.SYS[f8581fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x82392390]
16:10:19.921 Scan finished successfully
16:10:58.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\aa\Desktop\MBR.dat"
16:10:58.312 The log file has been saved successfully to "C:\Documents and Settings\aa\Desktop\aswMBR.txt"

[azarl]

How does it seem?

[BonbonRose]

What?

[azarl]

Your PC?

[BonbonRose]

Well, It's almost deserted now after I've finished backing-up except when you ask me to do something on it. Besides I didn't actually start any new projects since I'm going to reformat anyway. Therefore, I'm not sure how exactly the computer is behaving. I uninstalled all my security apps since they are useless due to Sality, also in order not to interfere with any of the scans performed. I have no internet connection.. One more thing, I don't know if it's important or not, after couple of tries to boot from the Windows Recovery Console independent bootable cd I created, which didn't work, I found all my files in the recycle bin were gone.

I'm very worried about the stuff I backed-up in case this didn't work and how I'm going to disinfect them. What do you think? From all the logs I posted, is the situation promising or is it early to say?

[Dakeyras]

My thanks to azarl for the cover and my apologies to you BonbonRose for not replying until now as I have only recently returned from a vacation.

--------------

Overall now I think it prudent you perform the reformat and reinstallation of the Windows Operating System then install all relivavet Service Packs and Critical Updates etc. The various issues you have mentioned should no longer be present afterwards. Now with regard to this you mentioned:-

I'm very worried about the stuff I backed-up in case this didn't work and how I'm going to disinfect them. What do you think? From all the logs I posted, is the situation promising or is it early to say?

What I advise you do here is before actually putting what was advised you could safely back up in prior posts is to install a Anti-Virus application on your machine after the reformat and reinstallation, use one only of the below...

• Avast Home Edition.
• Microsoft Security Essentials.

Then what ever form of removible storage media your backups are on, either attach to your machine if a USB Drive or insert in the CD Drive for example...

Got to Start >> My Computer >> right click on the relevant media and select scan with what ever Ant-Virus application you chose to install.

Any questions feel free to ask, if not stay safe!

[BonbonRose]

Welcome back Dakeyras,

I do understand what you are saying and I'm going to reformat, but I'm desperate and welling to try everything to save my files, before making that step. So I hope you would continue helping me with the infection-removal process that azarl and I were working on it.. Please.

[Dakeyras]

Hi and thanks.

OK fair play and going back to something you mentioned in a prior post:-

I have no internet connection

Do you mean you have no active ISP(Internet Service Provider) and or the actual connection on the infected machine is now not working?

[BonbonRose]

Hi and THANK YOU Dakeyras,

Well, I have ISP but it's not working on my machine

[Dakeyras]

Hi.

OK try the below first to restore the Internet Connection:-

Click on Start >> Control Panel >> Internet Options >> Connections Tab >> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. Now check if connectivity is restored.

If still not working download and transfer the following...WinSock XP Fix to your infected machine.

Double-click on winsockxpfix.exe >> Run program >> Fix

Let myself know the outcome of the above and we will go from there, thank you.

[BonbonRose]

Hi,

Neither way worked. I forgot to say that the connection icon in the icon tray is not red "X", it looks like it's trying to connect (this small ball going from one computer to another); the status is "acquiring network adress" and in the local area connection (support tab) invalid IP address.

[Dakeyras]

Hi.

Please reboot your machine then check if connectivity is restored.

If still not working create/run the below batch file please...

Custom Batch File:

• Open Notepad.
• Copy and Paste everything from the Quote Box(do not copy the word Quote) below into Notepad: <-- Start >> Run... type in notepad and select OK

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

• Go to File >> Save As
• Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
• Change Save as Type to All Files and save the file to your Desktop.
• It should look like this:

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: Your machine should automatically reboot. If it does not, reboot your machine manually.

[BonbonRose]

Hi,

Nothing changed this time either.