Hi,

After installing a not so good piece of software obviously, my Norton Autoprotect started screaming about scanning outgoing emails - hundreds of them. I quickly pulled the LAN cable and realized that about 10-20 seconds after I reconnected the LAN cable, something started sending emails again. I have now created a blocking of port 25 in my internet router, so the problem is temporarily halted and I can use the internet so search for a solution.

Here are my log files as requested in the FAQ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:24, on 2008-05-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program\LANeye\sys\LANeyeSRV.exe
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program\NORTON~1\NORTON~2\NPROTECT.EXE
c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\PalmVNC\UltraVNC\winvnc.exe
C:\Program\Canon\CAL\CALMAIN.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\StatBar\StatBar.exe
C:\Program\Last.fm\LastFMHelper.exe
C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/webhp?sourceid=navclient&hl=sv&ie=UTF-8&oe=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {25920830-05FF-4C47-87E0-B09AF60953EB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PMCRemote] C:\Program\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Program\COPERN~1\COPERN~1.EXE" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe
O4 - Startup: MailWasherPro.lnk = C:\Program\MailWasher Pro\MailWasher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Azureus.lnk = C:\Program\Azureus\Azureus.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Pinnacle ShowCenter StreamServer.lnk = C:\Program\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: StatBar.lnk = C:\Program\StatBar\StatBar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Bengt\Application Data\Mozilla\Firefox\Profiles\2qae4f03.Bengt\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Bengt\Application Data\Mozilla\Firefox\Profiles\2qae4f03.Bengt\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Öppna klient på bildskärm &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Öppna klient på bildskärm &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/226b29cc6688a2bd3519/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100965436140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134940709765
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://eleg.trust.telia.com/vspta3.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB653DF-1F02-4792-9A36-43FE3D55182D}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A433B0A-529A-4F34-9F70-8EFE0C287701}: NameServer = 192.168.1.1,91.190.136.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB653DF-1F02-4792-9A36-43FE3D55182D}: NameServer = 192.168.0.1
O18 - Protocol: bw+0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E3296EBE-4616-499E-94E8-4B43104081BF} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\AirfoilInject.dll
O20 - Winlogon Notify: wvuvurs - wvuvurs.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LANeyeSRV (LANeyeSRV_NetworkService) - ProPrat - C:\Program\LANeye\sys\LANeyeSRV.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Npsecvicebr - Symantec Corporation - (no file)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program\Delade filer\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program\PalmVNC\UltraVNC\winvnc.exe

--
End of file - 29731 bytes


and the Kaspersky scan log:


:spider:

I hope someone will be able to help me with this. I've tried with Spybot Search & Destroy, AdAware and Norton Antivirus but they don't find anything worth fixing.

Sorry - it seems like the Kaspersky log didn't get into the post...


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 12:43:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 738770
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
O:\
S:\

Scan Statistics:
Total number of scanned objects: 381373
Number of viruses found: 26
Number of infected objects: 73
Number of suspicious objects: 4
Duration of the scan process: 09:30:28

Infected Object Name / Virus Name / Last Action
C:\dmdwj.exe Infected: Rootkit.Win32.Agent.aie skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip/id53.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/winDB6.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\17C1FAF1.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9E5901A2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\Bengt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\9A6D.tmp Infected: Trojan-Downloader.Win32.Agent.mgq skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\Perflib_Perfdata_c1c.dat Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\winDBC.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFB463.tmp Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFB484.tmp Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temp\~DFE745.tmp Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bengt\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bengt\ntuser.dat Object is locked skipped
C:\Documents and Settings\Bengt\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.c skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data Infected: not-a-virus:RemoteAdmin.Win32.CoolRemCon.a skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe/data Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip/setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.b skipped
C:\New Stuff\Cool PC Remote Control v1.12 remote.zip ZIP: infected - 6 skipped
C:\oexdh.exe Infected: Trojan-Downloader.Win32.Injecter.pl skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program\Delade filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program\Delade filer\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program\Delade filer\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\BWDocMap.pht Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\BWInfopakMap.pht Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chandir.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chandir.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chn.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\chn.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\D0000000.FCS Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\inuse.txt Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\L0000003.FCS Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\main.log Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_die.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_die.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_dnd.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_dnd.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_ext.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_ext.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_rcv.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\prs_rcv.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\storydb.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Bengt\Data\storydb.idx Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf Object is locked skipped
C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG Object is locked skipped
C:\Program\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Program\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program\Norton SystemWorks\Norton Antivirus\Quarantine\730378F2 Infected: Trojan-Downloader.Java.OpenStream.t skipped
C:\Program\PalmVNC\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Program\Pinnacle\Shared Files\Programs\MediaServer\Media\Temp\Thumbnails\Storage.bin Object is locked skipped
C:\Src\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Src\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Src\mirc62.exe NSIS: infected - 2 skipped
C:\Src\PalmVNC-UltraVNC.exe/data0018 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Src\PalmVNC-UltraVNC.exe Inno: infected - 1 skipped
C:\Src\PalmVNC-WinVNC.exe/data0005 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g skipped
C:\Src\PalmVNC-WinVNC.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
C:\Src\PalmVNC-WinVNC.exe Inno: infected - 2 skipped
C:\Src\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Src\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Src\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Src\UltraVnc-101-Setup.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP693\A0115251.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP694\A0115254.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.ged skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP694\A0115254.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121907.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121908.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121910.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP727\A0121911.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP729\A0121952.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP731\A0122119.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP731\A0122120.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP757\change.log Object is locked skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip/Deleted 2002.dbx/[From "Niels H. Nielsen" <nhn@bigfoot.com>][Date Sun, 15 Dec 2002 14:57:49 +0100 (CET)]/db1.mdb.scr Infected: Email-Worm.Win32.Tanatos.a skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip/Deleted 2002.dbx Infected: Email-Worm.Win32.Tanatos.a skipped
C:\WINDOWS\Application Data\Identities\{D83BAAAD-E3A6-4C44-8A4A-91CDABA94525}\Microsoft\Outlook Express\Deleted 2002.zip ZIP: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S9613A75E.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\crypts.dll Infected: Trojan-Downloader.Win32.Small.vea skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_814.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0001 Infected: Packed.Win32.Monder.gen skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0002 Infected: Trojan.Win32.Pakes.cgn skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe/data0003 Infected: Trojan-Downloader.Win32.Small.swa skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe EmbeddedEXE: infected - 3 skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe UPX: infected - 3 skipped
G:\System Volume Information\_restore{D01B1CF5-8348-4EB2-A7FC-8349B152A0FA}\RP747\A0123085.exe PE_Patch.UPX: infected - 3 skipped
J:\RECYCLED\NPROTECT\NPROTECT.LOG Object is locked skipped
K:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
O:\Jobbdatorn backup 2007\Src\UltraVnc-101-Setup.zip ZIP: infected - 3 skipped
O:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
O:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
S:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
S:\Src (backup)\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
S:\Src (backup)\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
S:\Src (backup)\mirc62.exe NSIS: infected - 2 skipped
S:\Src (backup)\PalmVNC-UltraVNC.exe/data0018 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
S:\Src (backup)\PalmVNC-UltraVNC.exe Inno: infected - 1 skipped
S:\Src (backup)\PalmVNC-WinVNC.exe/data0005 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g skipped
S:\Src (backup)\PalmVNC-WinVNC.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
S:\Src (backup)\PalmVNC-WinVNC.exe Inno: infected - 2 skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
S:\Src (backup)\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file130 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe/file131 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\Src (backup)\UltraVnc-101-Setup.zip/UltraVNC-101-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
S:\Src (backup)\UltraVnc-101-Setup.zip ZIP: infected - 3 skipped
S:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Hi

Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply (please don't use code box to make reading easier :))

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.