i am getting sick of all the advertisements. these guys should be hanged!

 

Logfile of HijackThis v1.97.7
Scan saved at 21:32:46, on 19-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\evtwatnt.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Snort\bin\snort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\rfufchnp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CSIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\ISDN Utilities\ccmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat70.exe
C:\winsoft\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.nl.int.atosorigin.com:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: timpc 192.168.1.3
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eMusicClient] C:\Program Files\Winamp\eMusic\eMusicClient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [garcfnioj] C:\WINDOWS\System32\rfufchnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CSIM] C:\Program Files\CSIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: CAPI Tray.lnk = C:\Program Files\ISDN Utilities\ccmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092687485718
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38171.2775578704
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{127C5C11-CE4A-4B1B-BD3E-8AE627B9A7A0}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EA754F2-3721-4B39-B9E2-8E5F2D8C5ECA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A9A187D-5CD9-43A5-BF0B-D25B55EDACD3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 161.90.123.123 161.90.126.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{127C5C11-CE4A-4B1B-BD3E-8AE627B9A7A0}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 161.90.123.123 161.90.126.112

 

Hey klokkie

Please update Hijackthis.

Scan with Hijackthis, close all other windows, put a checkmark to these, and fix:
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O4 - HKLM\..\Run: [garcfnioj] C:\WINDOWS\System32\rfufchnp.exe

Go to add/remove programs, if you have a program named- Twaintech- remove it.

Reboot to safe mode - F8
Find and delete these files:
C:\WINDOWS\twaintec.dll
C:\WINDOWS\System32\rfufchnp.exe

Reboot to normal mode.

And do a housecleaning

Run this scanner: http://www.mwti.net/antivirus/free_utilities.asp
Take one of the first seven links, activate all, in settings

Spybot: http://www.safer-networking.org/en/download/index.html
Install, update, immunize and run. Fix all, marked with red

Adware: http://www.lavasoftusa.com/support/download/#free

 Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

 Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list

 Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

 In the "General" window make sure the following are selected:
 Automatically save log-file
 Automatically quarantine objects prior to removal
 Safe Mode (always request confirmation)

 Click on the "Scanning" button on the left and select :
 Scan Within Archives
 Scan Active Processes
 Scan Registry
 Deep Scan Registry
 Scan my IE favorites for banned URL’s
 Scan my Hosts file
 Under ‘Click here to select drives + folders, choose:
 All of your hard drives

 Click on the "Advanced" button on the left and select:
 Include additional process information
 Include additional file information
 Include environment information
 Include additional object details

 Click the "Tweak" button and select:
 Under the "Scanning Engine":
 Unload recognized processes during scanning
 Include basic Ad-aware settings in logfile
 Include additional Ad-aware settings in logfile
 Under the ‘Cleaning Engine’:
 Let Windows remove files in use at next reboot

 Click on "Proceed" to save the settings.

 Click -Start- and on the next screen choose "Activate in-depth Scan" at the bottom of the page and then choose:
 Use Custom Scanning Options

Click -Next- and AdAware will scan your hard drive(s) with the options you have selected.
After scan,put a checkmark to all what it find, then click "finish"

Run Ccleaner: http://www.ccleaner.com/ 

Reboot, and tell if you still have problems?

Isuggest you install these, for protection on the net: