1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DieMWin problem

Discussion in 'Windows - Virus and spyware problems' started by adaddict, Jan 16, 2006.

  1. adaddict

    adaddict Member

    Joined:
    Jun 24, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    16
    Hi all. When I go to turn my computer off, I get a screen that says program not responding. You know the screen where you get an option to end task and whatnot. Well, lately my computer has been getting a program that is called DieMWin. If it was explorer or something else I would not be worried, but this file doesn't sound good. DieMWIN (could it possibly mean die microsoft windows?) Well, I have scanned with adaware, spybot, and norton. I found nothing with these programs. I don't see any negative effects kon my computer yet, but you never know. So here is my hijack this log:


    Logfile of HijackThis v1.99.1
    Scan saved at 3:03:43 PM, on 1/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\All\Desktop\hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Help - {381FB8C3-9A3C-47D4-80B7-6CDBBBBFFE5D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {40D619BB-77E5-4049-8E6F-D3CE7281C058} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Support - {7BA86763-5F7C-444D-B3EA-4E039BEB7780} - http://www.comcastsupport.com (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132263449765
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    The log is clean. Try scanning with Ewido. It finds more spy/adware than Spybot and Ad-Awae together. Here´s a link for a 14 day trial version. After that period it still works, but it doesn´t have realtime protection or automatic updates anymore. http://www.ewido.net/en/download/

    Save report and post it here
     
    Last edited: Jan 16, 2006
  3. adaddict

    adaddict Member

    Joined:
    Jun 24, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    16
    Here is my ewido report. It seems to have gotten a few things, but I don't see a dieMWin in it. But it certainly did find some Chitika spyware thing!

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 4:27:36 PM, 1/16/2006
    + Report-Checksum: 1504207A

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Cookies\all@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[3].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\FUNSGZMQ\mm[4].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\PVMECVIX\mm[3].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\RFUEM5EW\mm[3].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[3].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\Content.IE5\T341OZSC\mm[4].js -> Spyware.Chitika : Cleaned with backup


    ::Report End
     
  4. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Are you sure that you made "Complete system scan?"

    Nothing critical on that report but you should empty that folder.

    C:\Documents and Settings\All\Local Settings\Temp\Temporary Internet Files\

    Next we´ll try eScan


    eScan > http://www.spywareinfo.dk/download/mwav.exe
    And also > http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

    First install eScan by doubleclicking mwav.exe
    Then just doubleclick Mwav.bat, and it´ll start updating the program. After that it opens a window where you should make the marks like this > http://koti.mbnet.fi/pattaya1/eScan6.jpg

    After the scan is completed post the log from the lower box > http://koti.mbnet.fi/pattaya1/eScan10.jpg
     
    Last edited: Jan 16, 2006
  5. adaddict

    adaddict Member

    Joined:
    Jun 24, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    16
    Ok. I did the new escan thing. It did not find anything and thus there is nothing to post. If you want me to post the regular log that it produces, I can do that. However, the log is VERY long.
     
    Last edited: Jan 16, 2006
  6. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Ok then. It didn´t find anything which is good. dieMWin seems to be a process that "shutsdown" your graphic card so nothing to be worried. You´re 100% virus free. So the problem must be somewhere else.... A hardware failure maybe?

    You should try updating your graphic card drivers if that solves the problem.
     
  7. adaddict

    adaddict Member

    Joined:
    Jun 24, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    16
    I went to device manager and went to display adaptors. I clicked on update drivers for the two things that were listed: Intel 82945G Express Chipset Family, same thing again. I assume that this is my graphic card drivers. If not, can you tell me where it would be located. No update found.
    Thanks.
     
  8. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Download some diagnostic program. For example Sisoft Sandra and check the model of your graphic card and post it here.

    Download link for Sisoft Sandra > http://download.guru3d.com/sandra/
     
  9. ozzy214

    ozzy214 Regular member

    Joined:
    Jul 28, 2005
    Messages:
    918
    Likes Received:
    0
    Trophy Points:
    26

Share This Page