Hi all. When I go to turn my computer off, I get a screen that says program not responding. You know the screen where you get an option to end task and whatnot. Well, lately my computer has been getting a program that is called DieMWin. If it was explorer or something else I would not be worried, but this file doesn't sound good. DieMWIN (could it possibly mean die microsoft windows?) Well, I have scanned with adaware, spybot, and norton. I found nothing with these programs. I don't see any negative effects kon my computer yet, but you never know. So here is my hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 3:03:43 PM, on 1/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\All\Desktop\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Help - {381FB8C3-9A3C-47D4-80B7-6CDBBBBFFE5D} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: ComcastHSI - {40D619BB-77E5-4049-8E6F-D3CE7281C058} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Support - {7BA86763-5F7C-444D-B3EA-4E039BEB7780} - http://www.comcastsupport.com (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132263449765 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
The log is clean. Try scanning with Ewido. It finds more spy/adware than Spybot and Ad-Awae together. Here´s a link for a 14 day trial version. After that period it still works, but it doesn´t have realtime protection or automatic updates anymore. http://www.ewido.net/en/download/ Save report and post it here
Here is my ewido report. It seems to have gotten a few things, but I don't see a dieMWin in it. But it certainly did find some Chitika spyware thing! --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 4:27:36 PM, 1/16/2006 + Report-Checksum: 1504207A + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[3].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[4].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[3].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[3].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[1].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[3].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[4].js -> Spyware.Chitika : Cleaned with backup ::Report End
Are you sure that you made "Complete system scan?" Nothing critical on that report but you should empty that folder. C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\ Next we´ll try eScan eScan > http://www.spywareinfo.dk/download/mwav.exe And also > http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat First install eScan by doubleclicking mwav.exe Then just doubleclick Mwav.bat, and it´ll start updating the program. After that it opens a window where you should make the marks like this > http://koti.mbnet.fi/pattaya1/eScan6.jpg After the scan is completed post the log from the lower box > http://koti.mbnet.fi/pattaya1/eScan10.jpg
Ok. I did the new escan thing. It did not find anything and thus there is nothing to post. If you want me to post the regular log that it produces, I can do that. However, the log is VERY long.
Ok then. It didn´t find anything which is good. dieMWin seems to be a process that "shutsdown" your graphic card so nothing to be worried. You´re 100% virus free. So the problem must be somewhere else.... A hardware failure maybe? You should try updating your graphic card drivers if that solves the problem.
I went to device manager and went to display adaptors. I clicked on update drivers for the two things that were listed: Intel 82945G Express Chipset Family, same thing again. I assume that this is my graphic card drivers. If not, can you tell me where it would be located. No update found. Thanks.
Download some diagnostic program. For example Sisoft Sandra and check the model of your graphic card and post it here. Download link for Sisoft Sandra > http://download.guru3d.com/sandra/
Here ya go for the drivers for ya integrated graphics card http://downloadfinder.intel.com/scr...XP+Home+Edition&lang=eng&strOSs=45&submit=Go!
