• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gretchen

need to remove vx2.betterinternet & twaintec.dll

8 posts in this topic

Hi, I've read the faq and I've run both spybot and adaware. They've both found vx2.betterinternet and twaintec.dll files but they can't remove them. I've tried removing the twaintec by hand but I can't get rid of it. I don't even know where to find the vx2 files. lol Any advice would be much appreciated. Thanks so much for your time. :)

 

Here's a copy of my hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:50:47 PM, on 5/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\GM SPO\SI\TRANSBASE\SITBKWSO.EXE

C:\WINDOWS\SYSTEM\KHOOKER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\NDKIHY.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\PROGRAM FILES\GM SPO\SI\APACHE GROUP\APACHE\APACHE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\JAVASOFT\JRE\1.3.1_02\BIN\JAVA.EXE

C:\PROGRAM FILES\GM SPO\SI\APACHE GROUP\APACHE\APACHE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\REFLECTION\R2WIN.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\4H6ZGDMF\HIJACKTHIS[1].EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gm-dealerworld.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GM ACCESS

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [sITBKwso] C:\PROGRA~1\GMSPO~1\SI\TRANSB~1\SITBKWSO.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\SYSTEM\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [seknbsvb] C:\WINDOWS\SYSTEM\ndkihy.exe

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE

O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServices: [Reflection TimeSync] C:\Program Files\Reflection\rtsserv.exe

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Start Apache.lnk = C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4plus.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8125.2314467593

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.141.192.60,65.43.19.26

Share this post


Link to post
Share on other sites

I just realized that I was running hijackthis from a temp. internet file. Here's a new log:

 

Logfile of HijackThis v1.97.7

Scan saved at 2:44:07 PM, on 5/26/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\MDM.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\GM SPO\SI\TRANSBASE\SITBKWSO.EXE

C:\WINDOWS\SYSTEM\KHOOKER.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\ptsnoop.exe

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\NDKIHY.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\PROGRAM FILES\GM SPO\SI\APACHE GROUP\APACHE\APACHE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\JAVASOFT\JRE\1.3.1_02\BIN\JAVA.EXE

C:\PROGRAM FILES\GM SPO\SI\APACHE GROUP\APACHE\APACHE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\REFLECTION\R2WIN.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS[1].EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gm-dealerworld.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GM ACCESS

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [sITBKwso] C:\PROGRA~1\GMSPO~1\SI\TRANSB~1\SITBKWSO.EXE

O4 - HKLM\..\Run: [siS KHooker] C:\WINDOWS\SYSTEM\khooker.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [seknbsvb] C:\WINDOWS\SYSTEM\ndkihy.exe

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE

O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKCU\..\RunServices: [Reflection TimeSync] C:\Program Files\Reflection\rtsserv.exe

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Startup: Start Apache.lnk = C:\Program Files\GM SPO\SI\Apache Group\Apache\Apache.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/ac4plus.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wo...jo/wordmojo.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8125.2314467593

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.141.192.60,65.43.19.26

Share this post


Link to post
Share on other sites

Go to add/remove programs and try to uninstall "twain-tec" or '"twaintec"

 

Check and fix these to get access to your control panel panels again:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

I, or someone else will get to you on the rest of your log.

 

If you find twaintec uninstall in add/remove, post a new log after uninstall. If not, just wait for someone to examine your log fully.

 

Thanks.

Share this post


Link to post
Share on other sites

The complete removal procedure for Twain-Tec is as follows:

 

We need to remove a program called "Twain-Tec". To do this, first you need to disable System restore as per the instructions at here . Twiantec.dll is a transponder. HijackThis will detect it as a BHO but it must not be removed using HijackThis. This is because of the remaining registry entries and files which can be dangerous. Instead the following method of removal is preferable and complete:

Go to "Add/Remove Programs" => Uninstall "Twain-Tech". Reboot the computer to SAFE mode - How do I boot into "Safe" mode?. Delete twaintech.dll and twaintec.ini If twaintech.dll is in use, then you would need to rename it, reboot the computer, and then delete it.

Share this post


Link to post
Share on other sites

Hi, I followed the directions for disabling system restore but it wasn't an option. Could it be because I'm using windows 98? (I'm on a crappy work computer) lol The twain-tec also isn't listed under the add/remove programs...

Edited by gretchen

Share this post


Link to post
Share on other sites

I was expecting Kevin to continue helping but it looks as if he is not? Please give me a few minutes to analyze the log and I'll get back to you with a solution.

Share this post


Link to post
Share on other sites

Close all programs and windows.

 

Run HijackThis and delete the following entries:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [sITBKwso] C:\PROGRA~1\GMSPO~1\SI\TRANSB~1\SITBKWSO.EXE <= I cannot find any matches on this, do you know what it is?

O4 - HKLM\..\Run: [seknbsvb] C:\WINDOWS\SYSTEM\ndkihy.exe

O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O4 - HKLM\..\RunServices: [installer] C:\WINDOWS\SYSTEM\INSTALLER.EXE

O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab

 

The following are optional to delete as they are resource hogs:

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Please cleanup temporary files etc. Browse to and select all contents in the following folders (Windows may be WINNT or WIN98 etc.), and delete (Make sure to delete the sub-folders, but not the Temp folders themselves!):

  • C:\Windows\Temp (all contents)
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents) <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files(all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
  • Empty your "Recycle Bin".
  • C:\WINDOWS\SYSTEM\ndkihy.exe
  • C:\TV MEDIA <= Delete this folder
  • C:\WINDOWS\SYSTEM\INSTALLER.EXE

Reboot again and log in normally, repost a new HijackThis log into this message for further review.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0