Twain-Tech is a software development company. We have developed a series of ad
targeting applications such as Twain-Tech.dll that help advertisers deliver targeted
ads. In addition to our software development, we also provide certain support services
to the distributors of our software.

Third party companies license and distribute our software, typically as part of their
sponsorship of free software or free content. As part of any licensing of our software,
Twain-Tech contractually requires all distributors to give notice concerning the
presence of our software and to provide consumers access to a Twain-Tech supplied

If the twaintech.dll is detected in a hijackthis log DO NOT FIX IT! Do the following:

This is the manual way to remove the twaintech.dll transponder variant manually when detected in a hijackthis log

Using their removal instructions:
http://www.twain-tech.com/uninstall.htm


After getting the twaintech.dll installed, hijackthis will detect it as a BHO but must not be removed using hijackthis because of the registery entries and files left over. Instead use the following method:

1. Add/Remove Programs
2. Uninstall Twain-Tech
3. Reboot the computer
4. in windows explorer
5. winnt or windows
6. Delete twaintech.dll and twaintec.ini
If twaintech.dll is in use, then you would need to rename it and reboot the computer, then delete it.
This will remove all 9 registry entries (3 which is detected by AAW scan)

Using Add/Remove for the Twaintech.dll

If not removed immediately when the twaintech.dll transmits its check to the ad sever, it can create multiple folders that will drop the twain twaintec.cab into.

Files before Add/Remove:
Temp Folder:
dummy.htm
twaintec.ini
twtini.cab

Temp\ THI23C8.tmp (files removed using Add/Remove)
preInsTT.exe (This prepares and installs the Twaintech.dll)
twaintec.cab ( contains: preInsTT.exe, twaintech.dll, twaintech.inf)
twaintec.dll
twaintec.inf

Temp\THI75A1.tmp (Files not removed)
preInsTT.exe (This prepares and installs the Twaintech.dll)
twaintec.cab ( contains: preInsTT.exe, twaintech.dll, twaintech.inf)
twaintec.dll
twaintec.inf

Last night I had 2 temp folders for the Twain that came down during their ad sever checks. One was emptied with the add/remove but the other was left intact.

Remaining files:
Temp\THI75A1.tmp
preInsTT.exe (This prepares and installs the Twaintech.dll)
twaintec.cab ( contains: preInsTT.exe, twaintech.dll, twaintech.inf)
twaintec.dll
twaintec.inf

winnt\
twaintec.dll (This is what transmits the data to the ad server)
twaintec.ini

winnt\inf
twtini.inf

Registry Entries:
[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}]
@="TwaintecObj Class"

[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\InprocServer32]
@="C:\\WINDOWS\\twaintec.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\ProgID]
@="Twaintec.TwaintecObj.1"

[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\TypeLib]
@="{11CC62B2-65F2-4A82-B332-5DE4E8384422}"

[HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\VersionIndependentProgID]
@="twaintec.twaintecObj"

[HKEY_CLASSES_ROOT\TwaintecDll.TwaintecDllObj.1]
@="twaintecObj Class"

[HKEY_CLASSES_ROOT\TwaintecDll.TwaintecDllObj.1\CLSID]
@="{000020DD-C72E-4113-AF77-DD56626C6C42}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}]
@="TwaintecObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\InprocServer32]
@="C:\\WINDOWS\\twaintec.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\ProgID]
@="Twaintec.TwaintecObj.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\TypeLib]
@="{11CC62B2-65F2-4A82-B332-5DE4E8384422}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\VersionIndependentProgID]
@="twaintec.twaintecObj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1]
@="twaintecObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1\CLSID]
@="{000020DD-C72E-4113-AF77-DD56626C6C42}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\twaintec]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec]
"DisplayName"="twain-tech"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\twaintec.inf, Uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\twaintec]
"TTI4d5OfSInst"="{38E3D641-0593-4630-8262-964D08CE983D}"
"TTI4d5OfSDist"="BADBI4101"
"TTT4o5pListSPos"=dword:00002d80
"TTI4n5ProgSCab"=dword:00000000
"TTI4n5ProgSEx"=dword:00000000
"TTI4n5ProgSLstest"=dword:00000000
"TTC4n5trSEvnt"=dword:00000048
"TTC4n5trMsgSDisp"=dword:000003de
"TTC4S5Insur"=dword:00000000
"TTT4h5rshSCheckSIn"=dword:00000001
"TT4C5ntrSTransac"=dword:00000002
"TTC4u5rrentSMode"=dword:00000001
"TTC4n5tFyl"=dword:00000000
"TTM4o5deSSync"=dword:00000007
"TTT4h5rshSBath"=dword:00002710
"TTT4h5rshSysSInf"=dword:000007d0
"TTT4h5rshSMots"=dword:00000064
"TTI4g5noreS"="™ƒ‹™‰Á�€�“ƒ???Ÿ�——›Á��—“†���Ž—™ƒ‹‘‘ÁŒ—Ž“Ž›”???‘š›�‡Ü™€�Ž™€�Ÿ“œ‹�”…—œ™›‹�”Á��—“???žƒŒƒ�ŽÁ��—“”ŠÈÁ�‘†•‡–•Á��—“ƒ–ŒŠ�†“œ‹œ�Á��—“�˜ÔŒ�Ÿ†€???”Ÿ��???Ž†�›€Š�ÜŒ�Ÿ"
"TTs4t5i6cky1S"="lflshdt%3D1073153434%26lupgid%3D114%26lstlogdt%3D20040103%26capcntdy%3D1%26lupgdt%3D1073169398433%26cntp%3D%26lupgtry%3D1%26capcnt%3D1%26"
"TTs4t5icky2S"="lastlstdt%3D1073169398434%26fstcidt%3D1073153434873%26"
"TT4N5a6tionSCode"="US"
"TTD4s5tSSEnd"="’›–???ÀÀÍ‘ŽƒÌ†�Ž‹œ×›‡‘’Á��—À–…›†ŒÝ‰Š�???–Š–Ý®˜ƒ›œ"
"TTD4s5tSCHost"="‰Ÿ—†”†‰ÜŒ—ÐÜ�‘"
"TTD4s5tSCPath"="Õ™šÀÕœ‡€Œƒ‡†Õª”—”›ª“”‹Ž—€"
"TTS4t5atusOfSInst"="roger"
"TTL3a4stMotsSDay"=dword:00000003
"TTL3a4stSSChckin"=dword:00000141
"TTC1o4d5eOfSFinalAd"="5"
"TTT4i5m6eOfSFinalAd"="0|0|0|0|1073169398|0|"

[HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem26.inf"=dword:00000001
"INF/oem26.PNF"=dword:00000001
"INF/twaintec.inf"=dword:00000001
"INF/twaintec.PNF"=dword:00000001
"INF/twtini.inf"=dword:00000001
"INF/twtini.PNF"=dword:00000001

Restart computer:

All Registry Entries Removed.

Remaining files:
Temp\THI75A1.tmp
preInsTT.exe (This prepares and installs the Twaintech.dll)
twaintec.cab ( contains: preInsTT.exe, twaintech.dll, twaintech.inf)
twaintec.dll
twaintec.inf

winnt\
twaintec.dll (This is what transmits the data to the ad server) NEED to DELETE
twaintec.ini NEED to DELETE

winnt\inf
twtini.inf NEED to DELETE

Twain-Tech Variant

From abetterinternet.com
Date: 1/10/2004
Updated:11 January 2004  

Overview:
At the moment the abetterinternet twaintech.dll transponder variant is installed by one of the transponder gangs thin installer prototypes that will drop into a users computer if the win32 bi transponder variant is already present.  The file bi_pro.exe will automatically transmit a signal to the abetterinternet server and drop two cab files into the active temp folder and immediatelly extract and install the associated files and register the twaintech.dll.  Another file is also created in the windows or winnt(windows2000) folder called wininit.ini.  Any of the thin installers that install the twaintech.dll variant is deleted upon rebooting of the computer per the code in the wininit.ini file.
REMOVAL:
Using Add/Remove Programs in the Control Panel will remove all registry entries but you must reboot the computer and remove the twaintech.dll and all other files listed below manually to insure you are not re-infested by the transponder.

Hijackthis will only remove the twaintech.dll.  You would need to manually delete all the registry entries and files listed below. (Not for the those who do not know how to edit the registery)
  
Files: 
bi_prob.exe - thin installer prototype from abetterinternet
dummy.htm - 0kb file created in the active temp folder
twaintec.cab - Cab file containing the first of the files to install
preInsTT.exe - Prepares and installs the transponder variant files
twaintec.dll - The transponder file that does the transmissions
twaintec.inf - This contains the install and uninstall code and is used when uninstalling using the Add/Remove Programs in the control Panel.  Note: This does not get rid of the twaintech.dll.  After rebooting the computer you must delete the file from the windows or winnt folder or it will reactivate itself and can reinstall all the other components that were removed from the registery.

Rebooting the Computer: 
twtini.cab - installed in the active temp folder and has the following files:
twaintec.ini - enrypted code that is probably used by the twaintech.dll.
twtini.inf - Creates a registry entry 
Typical Install of Bi_Pro.exe 
When the bi_pro.exe is run the following happens:
A 0 kb dummy.htm is created in the active temp folder (I will be using the Windows2000 Documents and Settings\Local Settings\Temp)
C:\winnt\wininit.ini is created with the following code:
[Rename]
NUL=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bi_prob.exe
Information is transmitted to the abetterinternet server and the following happens:
hxxp://thinstall.abetterinternet.com/bi/servlet/ThinstallPre
hxxp://download2.abetterinternet.com/download/cabs/TWTDLL/twaintec.cab
hxxp://thinstall.abetterinternet.com/bi/servlet/ThinstallPost
A folder in the Temp is created: THI4192.tmp and the twaintec.cab is
then dropped the following files are extracted:
twaintec.cab
preInsTT.exe - This is the pre installation file that prepares for the installation.
Code found in it:
Found and deleted 6939 GUID {000006B1-19B5-414A-849F-2A3C64AE6939}
Found and deleted DBiMS key Dbi  (CLSID for bi.dll)copied BI InstId data  
SoftWare\twaintec   TTI4d5OfSInst
{00000273-8230-4DD4-BE4F-6889D1E74167}  DHost   SoftWare\DBi  
BII1d2OfSInst
Found and deleted 0580 GUID {00000580-C637-11D5-831C-00105AD6ACF0}
Found and deleted MSView key    MSView  copied MSView InstId data   SoftWare\MSView MidofSInst 

Found and deleted 5eb9 GUID {00000000-5eb9-11d5-9d45-009027c14662}
Found and deleted RespondMiter key  RespondMiter    SOFTWARE   
copied RespondMiter InstId data SoftWare\RespondMiter   InstID   (VX2.dll) 

Found and deleted 0000026A GUID {0000026A-8230-4DD4-BE4F-6889D1E74167}  SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects 

Found and deleted TPS108 key    TPS108  copied TPS108 InstId data   Info 
SoftWare\TPS108 IdOfInst    SoftWare\DHost  HI1d2OfSInst    yes log
SOFTWARE\Microsoft\Windows\CurrentVersion\stbdbg 

twaintec.inf - The inf  is dropped into the windows or winnt\inf folder
and contains the install and uninstall code:
[version]
signature="$CHICAGO$"
AdvancedINF=2.0

[DefaultInstall]
CopyFiles=CopySystemFiles,INFFile
RegisterOCXs=RegisterOCXSection
AddReg=RegUninstall
RunPostSetupCommands=RunPostInstall

[CopySystemFiles]
twaintec.dll,,,34
preInsTT.exe,,,34

[INFFile]
twaintec.inf,,,34

[DestinationDirs]
CopySystemFiles=10
INFFile=17

[RegisterOCXSection]
"%10%\twaintec.dll"

[DelRegEntries]
HKLM,Software\twaintec
HKLM,Software\Microsoft\Windows\CurrentVersion\Uninstall\twaintec

[RegUninstall]
HKLM,Software\Microsoft\Windows\CurrentVersion\Uninstall\
twaintec,"DisplayName",,"twain-tech"
HKLM,Software\Microsoft\Windows\CurrentVersion\Uninstall
\twaintec,"UninstallString",,"RunDll32 advpack.dll,LaunchINFSection %17%\
twaintec.inf, Uninstall"

[SourceDisksNames]
1="CAB File",,,

[RunPostInstall]
"%10%\preInsTT.exe"

; the following two sections are called during the uninstallation process
[Uninstall]
BeginPrompt=UninstBeginPromptSection
EndPrompt=UninstEndPromptSection
UnRegisterOCXs=RegisterOCXSection
DelReg=DelRegEntries
DelFiles=CopySystemFiles,INFFile

[UninstBeginPromptSection]
Prompt="Are you sure you want to remove this program?"
ButtonType=YESNO
Title="Uninstall"

[UninstEndPromptSection]
Prompt="Successfully Uninstalled"
twaintec.dll - This is installed into the C:\windows or winnt folder and
is loaded into memory and immediatlly transmitts information about the
computer and user.

twaintech.dll - This contains the code to gather and transmit the user data
to the controlling ad servers.  Code found inside links both VX2 and
Stop-popup-ads-now.com transponders:
h t t p : / / w w w . s t o p - p o p u p - a d s - n o w . c o m "
HKCR
TwaintecDll.TwaintecDllObj.1 = s 'twaintecObj Class'
CLSID = s '{000020DD-C72E-4113-AF77-DD56626C6C42}'
VX2.VX2Obj = s 'twaintec Functional Class'
CLSID = s '{000020DD-C72E-4113-AF77-DD56626C6C42}'
CurVer = s 'TwaintecDll.TwaintecDllObj.1' NoRemove CLSID
ForceRemove {000020DD-C72E-4113-AF77-DD56626C6C42} = s
'TwaintecObj Class'{
ProgID = s 'Twaintec.TwaintecObj.1'
VersionIndependentProgID = s 'twaintec.twaintecObj'
ForceRemove 'Programmable'
InprocServer32 = s '%MODULE%'
val ThreadingModel = s 'Apartment'
'TypeLib' = s '{11CC62B2-65F2-4A82-B332-5DE4E8384422}'
HKLM SOFTWARE Microsoft Windows CurrentVersion Explorer
'Browser Helper Objects' {000020DD-C72E-4113-AF77-DD56626C6C42}


This is the data transmitted to the Server:
URL:hxxp://ctl.twain-tech.com/twain/servlet/Twain?
adcontext=MOTS_CHECKIN&contextpeak=0
&contextcount=0
&countrycodein=US  This sends what the country code is
&cookie1=lflshdt%3D1073835803%26lstlogdt%3D20040111%26cntp%3Dcable%26
&cookie2=lastlstdt%3D1073835803618%26fstcidt%3D1073832796602%26
&InstID={4D1213D7-AF31-4ABC-9CF3-597B10F70CB6}This is the unique ID assigned
&DistID=BADBI4101
&status=1
&smode=7
&bho=twaintec.dll
&NumWindows=7
Data: {4D1213D7-AF31-4ABC-9CF3-597B10F70CB6}|0.1.4.19 
Next data is then transmitted to the offeroptimizer ad
server that generates the targeted popup ads:
hxxp://xlime.offeroptimizer.com/creat/tds/anti-inc2.html?
distID=BADBI4101
&country=US

After Rebooting the Computer:
After rebooting the computer if the twaintech.dll transponder variant is not removed the second install phase takes place:
The following is installed from:
hxxp://download.abetterinternet.com/download/cabs/TWTINI1/twtini.cab
The twtini.cab is dropped into the active temp folder and extracted.  The following are the files and where they are installed to:
twaintec.ini - windows or winnt folder
twtini.inf - windows or winnt\INF folder.  Its code is as follows:
[version]
signature="$CHICAGO$"
AdvancedINF=2.0

[DefaultInstall]
CopyFiles=CopySystemFiles,INFFile
AddReg=RegistryEntries

[CopySystemFiles]
twaintec.ini,,,34

[INFFile]
twtini.inf,,,34

[DestinationDirs]
CopySystemFiles=10
INFFile=17

[RegistryEntries]
HKLM,Software\twaintec,"TTT4o5pListSPos",,"11648"

[SourceDisksNames]
1="CAB File",,, 
General Information:
Web Site: Twain-Tech.com (Just a front to advertise and post its privacy policies)
  
About Info:
Twain-Tech is a software development company. We have developed a series of ad
targeting applications such as Twain-Tech.dll that help advertisers deliver targeted
ads. In addition to our software development, we also provide certain support services
to the distributors of our software.

Third party companies license and distribute our software, typically as part of their
sponsorship of free software or free content. As part of any licensing of our software,
Twain-Tech contractually requires all distributors to give notice concerning the
presence of our software and to provide consumers access to a Twain-Tech supplied
  
Whois Information:
  Twain-Tech LLC
      Jessie Dayan
      1347 3rd avenue, #22a
      new york, ny 10021
      US
      Phone: 646-213-4415
      Email: jessie@twain-tech.com

  Registrar Name....: Register.com
  Registrar Whois...: whois.register.com
  Registrar Homepage: hxxp://www.register.com

  Domain Name: TWAIN-TECH.COM

      Created on..............: Fri, Sep 05, 2003
      Expires on..............: Sun, Sep 05, 2004
      Record last updated on..: Mon, Dec 01, 2003

  Administrative Contact:
      Twain-Tech LLC
      Jessie Dayan
      1347 3rd avenue, #22a
      new york, ny 10021
      US
      Phone: 646-213-4415
      Email: jessie@twain-tech.com

  Technical Contact:
      Twain-Tech LLC
      Jessie Dayan
      1347 3rd avenue, #22a
      new york, ny 10021
      US
      Phone: 646-213-4415
      Email: jessie@twain-tech.com

  Zone Contact:
      Twain-Tech LLC
      Jessie Dayan
      1347 3rd avenue, #22a
      new york, ny 10021
      US
      Phone: 646-213-4415
      Email: jessie@twain-tech.com

  Domain servers in listed order:

  NS5.READYHOSTING.COM        63.99.209.103  
  NS6.READYHOSTING.COM        63.99.209.104
    
Registry Entries:
[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}]
@="TwaintecObj Class"

[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\InprocServer32]
@="C:\\WINDOWS\\twaintec.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\ProgID]
@="Twaintec.TwaintecObj.1"

[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\TypeLib]
@="{11CC62B2-65F2-4A82-B332-5DE4E8384422}"

[HKEY_CLASSES_ROOT\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\VersionIndependentProgID]
@="twaintec.twaintecObj"

[HKEY_CLASSES_ROOT\TwaintecDll.TwaintecDllObj.1]
@="twaintecObj Class"

[HKEY_CLASSES_ROOT\TwaintecDll.TwaintecDllObj.1\CLSID]
@="{000020DD-C72E-4113-AF77-DD56626C6C42}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}]
@="TwaintecObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\InprocServer32]
@="C:\\WINDOWS\\twaintec.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\ProgID]
@="Twaintec.TwaintecObj.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\TypeLib]
@="{11CC62B2-65F2-4A82-B332-5DE4E8384422}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{000020DD-C72E-4113-AF77-DD56626C6C42}\VersionIndependentProgID]
@="twaintec.twaintecObj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1]
@="twaintecObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1\
CLSID]
@="{000020DD-C72E-4113-AF77-DD56626C6C42}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
App Management\ARPCache\twaintec]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
  00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\twaintec]"DisplayName"="twain-tech"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection
C:\\WINDOWS\\INF\\twaintec.inf, Uninstall"


[HKEY_LOCAL_MACHINE\SOFTWARE\twaintec]
"TTI4d5OfSInst"="{38E3D641-0593-4630-8262-964D08CE983D}"
"TTI4d5OfSDist"="BADBI4101"
"TTT4o5pListSPos"=dword:00002d80
"TTI4n5ProgSCab"=dword:00000000
"TTI4n5ProgSEx"=dword:00000000
"TTI4n5ProgSLstest"=dword:00000000
"TTC4n5trSEvnt"=dword:00000048
"TTC4n5trMsgSDisp"=dword:000003de
"TTC4S5Insur"=dword:00000000
"TTT4h5rshSCheckSIn"=dword:00000001
"TT4C5ntrSTransac"=dword:00000002
"TTC4u5rrentSMode"=dword:00000001
"TTC4n5tFyl"=dword:00000000
"TTM4o5deSSync"=dword:00000007
"TTT4h5rshSBath"=dword:00002710
"TTT4h5rshSysSInf"=dword:000007d0
"TTT4h5rshSMots"=dword:00000064
"TTI4g5noreS"="™ƒ‹™‰Á�€�“ƒ???Ÿ�——›Á��—“†���Ž—™
     ƒ‹‘‘ÁŒ—Ž“Ž›”???‘š›�‡Ü™€�Ž™€�Ÿ“œ‹�”…—œ™›‹�”Á��— 
     ???žƒŒƒ�ŽÁ��—“”ŠÈÁ�‘†•‡–•Á��—“ƒ–ŒŠ�†“œ‹œ�Á��—
     “�˜ÔŒ�Ÿ†€???”Ÿ��???Ž†�›€Š�ÜŒ�Ÿ"
     "TTs4t5i6cky1S"="lflshdt%3D1073153434%
    26lupgid%3D114%26lstlogdt%3D20040103%26capcntdy%3D1%26lupgdt
    %3D1073169398433%26cntp%3D%26lupgtry%3D1%26capcnt%3D1%26"
"TTs4t5icky2S"="lastlstdt%3D1073169398434%26fstcidt%3D1073153434873%26"
"TT4N5a6tionSCode"="US"
"TTD4s5tSSEnd"="’›–???ÀÀÍ‘ŽƒÌ†�Ž‹œ×›‡‘’Á��—À–…›†ŒÝ‰Š�???–Š–Ý®˜ƒ›œ"
"TTD4s5tSCHost"="‰Ÿ—†”†‰ÜŒ—ÐÜ�‘"
"TTD4s5tSCPath"="Õ™šÀÕœ‡€Œƒ‡†Õª”—”›ª“”‹Ž—€"
"TTS4t5atusOfSInst"="roger"
"TTL3a4stMotsSDay"=dword:00000003
"TTL3a4stSSChckin"=dword:00000141
"TTC1o4d5eOfSFinalAd"="5"
"TTT4i5m6eOfSFinalAd"="0|0|0|0|1073169398|0|"


[HKEY_LOCAL_MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem26.inf"=dword:00000001
"INF/oem26.PNF"=dword:00000001
"INF/twaintec.inf"=dword:00000001
"INF/twaintec.PNF"=dword:00000001
"INF/twtini.inf"=dword:00000001
"INF/twtini.PNF"=dword:00000001

Webhelper: Updated Transponder listing

Webhelper