Hello, I recently had a problem with a VUNDO which with a little help from some friends have managed to get rid of. However I have the following symptoms which seem not to have been resolved. Everytime I connect to the net some GHOSTLY connection appears in a UDP port and sends data, in small doses to an IP address listed in the Ukraine. Attached find the port explorer log indicating the IP info.....it is the one remote address commencing with 85. on UDP port 1328. Subsequently in HJT logs this is removed have tried both in SAFE mode and normal however the problem continues. Pls help

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| NAME | CREATION | PID | PROTOCOL | LOCAL ADDRESS | LOCAL PORT | REMOTE ADDRESS | REMOTE PORT | PORT STATUS | SENT | RECVD |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1181 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1165 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1121 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1133 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1117 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1157 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1161 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1173 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1118 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1183 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1131 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1135 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1119 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1111 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1139 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1159 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1115 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1127 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1112 | 127.0.0.1 | 1110 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1108 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1120 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 0 | TCP | 127.0.0.1 | 1110 | 127.0.0.1 | 1124 | TIME_WAIT | --- | --- |
| SYSTEM | --- | 4 | TCP | 0.0.0.0 | 445 | 0.0.0.0 | 0 | LISTENING | --- | --- |
| SYSTEM | --- | 4 | UDP | 0.0.0.0 | 445 | *.*.*.* | * | LISTENING | --- | --- |
| alg.exe | 00:56 13/01/2008 | 560 | TCP | 127.0.0.1 | 1025 | 0.0.0.0 | 0 | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| lsass.exe | 00:56 13/01/2008 | 996 | UDP | 0.0.0.0 | 500 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| lsass.exe | 00:56 13/01/2008 | 996 | UDP | 0.0.0.0 | 4500 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| svchost.exe | 00:56 13/01/2008 | 1236 | TCP | 0.0.0.0 | 135 | 0.0.0.0 | 0 | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1276 | UDP | 41.241.208.123 | 123 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1276 | UDP | 127.0.0.1 | 123 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1328 | UDP | 0.0.0.0 | 1038 | 85.255.116.165 | 53 | LISTENING | 0.00KB/s (0.61KB Total) | 0.00KB/s (0.47KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1328 | UDP | 0.0.0.0 | 1051 | 85.255.112.122 | 53 | LISTENING | 0.00KB/s (0.43KB Total) | 0.00KB/s (0.09KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1328 | UDP | 0.0.0.0 | 1060 | 85.255.112.122 | 53 | LISTENING | 0.00KB/s (0.34KB Total) | 0.00KB/s (0.04KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1432 | UDP | 127.0.0.1 | 1900 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| svchost.exe | 01:01 13/01/2008 | 1432 | UDP | 41.241.208.123 | 1900 | *.*.*.* | * | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| applemobiledeviceservice.exe | 00:56 13/01/2008 | 1704 | TCP | 127.0.0.1 | 27015 | 0.0.0.0 | 0 | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| avp.exe | 00:56 13/01/2008 | 1724 | TCP | 0.0.0.0 | 1110 | 0.0.0.0 | 0 | LISTENING | 0.00KB/s (0.00KB Total) | 0.00KB/s (0.00KB Total) |
| iexplore.exe | 01:01 13/01/2008 | 2236 | UDP | 127.0.0.1 | 1030 | 127.0.0.1 | 1030 | LISTENING | 0.00KB/s (0.39KB Total) | 0.00KB/s (0.39KB Total) |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The culprit here is seen on position 17 of the HJT log


logfile of HijackThis v1.99.1
Scan saved at 08:03:32 PM, on 2008/01/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.axxess.co.za
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188484412796
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{290EC2A0-A818-4F70-81B6-EFA6AD88D9ED}: NameServer = 85.255.116.165 85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{290EC2A0-A818-4F70-81B6-EFA6AD88D9ED}: NameServer = 85.255.116.165 85.255.112.122
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


many thanks

ynotmoreira

I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows:

Logfile of Trend Micro HijackThis v2.0.2

Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff

Hello and thanks for the breakdown, had already done all the required bar for the lavasoft adware, as I prefer to use spywareblaster and spybot. I also have spyware guard active. The antivirus tool used in Kaspersky and I have executed a complete scan and done the same with Stinger, 3 times.

Herewith the latest HJT log with the newest version as recommended

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:43 PM, on 2008/01/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.axxess.co.za
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188484412796
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{290EC2A0-A818-4F70-81B6-EFA6AD88D9ED}: NameServer = 85.255.116.165 85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{290EC2A0-A818-4F70-81B6-EFA6AD88D9ED}: NameServer = 85.255.116.165 85.255.112.122
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

--
End of file - 4925 bytes


Line 17 is still the same

Look forward to your help.....

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working on logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.