Jump to content


Photo

twaintec help


  • Please log in to reply
3 replies to this topic

#1 mickey112960

mickey112960

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 July 2004 - 05:50 PM

I have tried following the directions to get rid of this but I have not had much success. When I delete the file twaintec.dll in safe mode and reboot, the HJT log still shows the related BHO but does say "file missing". However, next time I reboot its back and the file is no longer missing so I am not really getting rid of it. I am getting tons of pop-ups, most of which are actually expired ads. I just get black IE windows popping up all the time. Here is the HJT log, I am desparate so I would appreciate any help.

Logfile of HijackThis v1.98.0
Scan saved at 6:43:36 PM, on 7/18/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\hmumnbfe.exe
C:\WINDOWS\bokja.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\WINDOWS\system32\automove.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\mlivingston.sassani\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\system32\SWin32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ntbuptkgaxzw] C:\WINDOWS\system32\hmumnbfe.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\system32\automove.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfami...oads/MrSIDI.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sassani.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sassani.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sassani.local

#2 mickey112960

mickey112960

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 July 2004 - 06:21 PM

bump aaaarrrrggghhhhhhh

#3 mickey112960

mickey112960

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 July 2004 - 08:23 PM

No, really, heeelllllllpppppp pleeeeez

#4 mickey112960

mickey112960

    Member

  • New Member
  • Pip
  • 4 posts

Posted 19 July 2004 - 10:40 AM

I finally got rid of this using Ad-Aware, making sure that I checked for updates. Apparently I had a variant of this twaintec.dll pest that wasn't covered. Although nobody responded specifically to my post with any help, I was able to get rid of it based on what I learned reading other posts so I want to thank those of you who have helped people here with this piece of crapware.

I had some files that were related to this that weren't mentioned in some of the other posts I read: bokja.exe and hnmunbfe.exe (I'm not sure of the spelling of that second one). If those files are in your list of processes, you are headed for trouble.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button