Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 11.12.2024 / 16:08
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > diemwin problem
Show topics
 
Forums
Forums
DieMWin problem
  Jump to:
 
Posted Message
adaddict
Junior Member
_ 		16. January 2006 @ 10:11 _ Link to this message    Send private message to this user   
Hi all. When I go to turn my computer off, I get a screen that says program not responding. You know the screen where you get an option to end task and whatnot. Well, lately my computer has been getting a program that is called DieMWin. If it was explorer or something else I would not be worried, but this file doesn't sound good. DieMWIN (could it possibly mean die microsoft windows?) Well, I have scanned with adaware, spybot, and norton. I found nothing with these programs. I don't see any negative effects kon my computer yet, but you never know. So here is my hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 3:03:43 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Help - {381FB8C3-9A3C-47D4-80B7-6CDBBBBFFE5D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {40D619BB-77E5-4049-8E6F-D3CE7281C058} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {7BA86763-5F7C-444D-B3EA-4E039BEB7780} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/m...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[ + quote]
Advertisement
_ 		__
spertti
Senior Member
_ 		16. January 2006 @ 10:55 _ Link to this message    Send private message to this user   
The log is clean. Try scanning with Ewido. It finds more spy/adware than Spybot and Ad-Awae together. Here´s a link for a 14 day trial version. After that period it still works, but it doesn´t have realtime protection or automatic updates anymore. http://www.ewido.net/en/download/

Save report and post it here
[ + quote]

This message has been edited since posting. Last time this message was edited on 16. January 2006 @ 10:56
adaddict
Junior Member
_ 		16. January 2006 @ 11:31 _ Link to this message    Send private message to this user   
Here is my ewido report. It seems to have gotten a few things, but I don't see a dieMWin in it. But it certainly did find some Chitika spyware thing!

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:27:36 PM, 1/16/2006
+ Report-Checksum: 1504207A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[4].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[4].js -> Spyware.Chitika : Cleaned with backup


::Report End
[ + quote]
spertti
Senior Member
_ 		16. January 2006 @ 11:41 _ Link to this message    Send private message to this user   
Are you sure that you made "Complete system scan?"

Nothing critical on that report but you should empty that folder.

C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\

Next we´ll try eScan


eScan > http://www.spywareinfo.dk/download/mwav.exe
And also > http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

First install eScan by doubleclicking mwav.exe
Then just doubleclick Mwav.bat, and it´ll start updating the program. After that it opens a window where you should make the marks like this > http://koti.mbnet.fi/pattaya1/eScan6.jpg

After the scan is completed post the log from the lower box > http://koti.mbnet.fi/pattaya1/eScan10.jpg
[ + quote]

This message has been edited since posting. Last time this message was edited on 16. January 2006 @ 12:11
adaddict
Junior Member
_ 		16. January 2006 @ 13:05 _ Link to this message    Send private message to this user   
Ok. I did the new escan thing. It did not find anything and thus there is nothing to post. If you want me to post the regular log that it produces, I can do that. However, the log is VERY long.
[ + quote]

This message has been edited since posting. Last time this message was edited on 16. January 2006 @ 13:06
spertti
Senior Member
_ 		16. January 2006 @ 13:14 _ Link to this message    Send private message to this user   
Ok then. It didn´t find anything which is good. dieMWin seems to be a process that "shutsdown" your graphic card so nothing to be worried. You´re 100% virus free. So the problem must be somewhere else.... A hardware failure maybe?

You should try updating your graphic card drivers if that solves the problem.
[ + quote]
adaddict
Junior Member
_ 		16. January 2006 @ 13:40 _ Link to this message    Send private message to this user   
I went to device manager and went to display adaptors. I clicked on update drivers for the two things that were listed: Intel 82945G Express Chipset Family, same thing again. I assume that this is my graphic card drivers. If not, can you tell me where it would be located. No update found.
Thanks.
[ + quote]
spertti
Senior Member
_ 		16. January 2006 @ 13:42 _ Link to this message    Send private message to this user   
Download some diagnostic program. For example Sisoft Sandra and check the model of your graphic card and post it here.

Download link for Sisoft Sandra > http://download.guru3d.com/sandra/
[ + quote]
Advertisement
_ 		__
 
_
ozzy214
Senior Member
_ 		16. January 2006 @ 18:59 _ Link to this message    Send private message to this user   
Here ya go for the drivers for ya integrated graphics card

http://downloadfinder.intel.com/scripts-df-external/filter_result...
[ + quote]
epox mobo EP-9NPAJ
amd 3700+ san diego core oc to 2.50
antec true power 430 watt dual +12 volt rails @ 18 amps each
bfg geforce 6800 gt oc edition
dragon case
2 x 512 DUAL CHANNEL ELIXOR RAM
Ibm P260 dvi & vga 21 inch crt monitor 1600 x 1200 @ 85 htz Oh yeah!!
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > diemwin problem
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork