dwi.exe error

  • Thread starter Thread starter sheila4typing
  • Start date Start date
S

sheila4typing

Sorry if I am in the incorrect area, however I have also posted this message
in the General area and thought that maybe that was the incorrect place to
post.
I am having a problem when I shut off or restart my computer. A message
flashes about dwin.exe and dll initialization error. It does not stop my
computer from shutting down it only flashes real fast and then shuts down or
restarts. It is a brand new Vostro 1500 with Windows XP home edition. The
only programs on there so far are PC tools, AVG, Ad-aware, Spybot, and some
windows updates which is up to SP3. I have went into the startup and
unchecked everything one at a time to see if one of the programs in startup
was doing it but I guess not because I still get this message. Can you tell
me how to stop getting this message?
Thank you
 
The dwin.exe is not an XP file and I suspect it is malware or a virus. Do
you regularly scan your PC with up-to-date anti virus and malware (i.e.,
SpyBot) programs?
 
thank you for your feedback Ron.
This is a brand new computer and I have only installed the programs I listed
outside of MS Office. However, I do run all those program once a week and I
have run them on this computer but found nothing. If this is malware or
virus why did spybot, ad-aware or AVG pick this up. I have now install
regscrub and ran that too. It found a lot of items and I fixed them but I
still get the message. Do you know what else I can do?
 
Sheila,

I was just guessing that it might be malware as that is usually the case
when there is very little information on the internet about a given file.
It still might be malware and maybe the programs don't pick up on it because
it isn't included in their definitions. Or, I may be all wet :-)

What I would do is run a search on dwin.exe and if found, try to rename it
to something like: dwin.bak. If it allows you to rename it (probably
won't), reboot and see what happens.

If a message says the file is in use, run msconfig.exe and look for dwin on
the startup tab. If it is there, remove the mark from the box, click OK and
reboot. After booting, go back dwin.exe and see if you can rename it.

If it is not on the startup tab, do a ctrl-alt-del and see if dwin is listed
under applications or processes. If it is, highlight it and do an end task
or end process. Then go back and try renaming it.

What you will be attempting to do is to find the file, keep it from starting
at boot and renaming it. If it is not running in the background, you should
not get an error message when shutting down or rebooting.
 
Ron
Thank you for your help with this issue.

I did a search on dwin.exe and nothing was found. I also went into msconfig
and looked at the startup tab and there is nothing there for dwin at all. I
did the ctrl-alt-delete and there is also no dwin in processes or
applications. As a matter a fact there was nothing in applications and the
only item in processes that started with a d is DLG.

Someone else told me that Dwin was related to MS error reporting and
supposedly was fixed with SP2; however I have SP3 and then I heard this was
from Doctor Watson?

Sheila
 
Hi Sheila,

I read that it was related to error reporting; however, dwin.exe was not in
my system (XP MCE, SP2 with updates) and it was not mentioned in the MS
knowledge base so I initially discounted that idea. However, after looking
at several dozen posts, I found one person spelled the file name:
dwwin.exe--could that be the name of your file? If so, it is part of error
reporting and again, there is little about it in the MS knowledge base and
nothing about your situation. Unless someone else can help you out, I think
this may be one of those irritating but harmless events that you have to
live with.
 
sheila4typing said:
Sorry if I am in the incorrect area, however I have also posted this message
in the General area and thought that maybe that was the incorrect place to
post.
I am having a problem when I shut off or restart my computer. A message
flashes about dwin.exe and dll initialization error. It does not stop my
computer from shutting down it only flashes real fast and then shuts down or
restarts. It is a brand new Vostro 1500 with Windows XP home edition. The
only programs on there so far are PC tools, AVG, Ad-aware, Spybot, and some
windows updates which is up to SP3. I have went into the startup and
unchecked everything one at a time to see if one of the programs in startup
was doing it but I guess not because I still get this message. Can you tell
me how to stop getting this message?
Thank you
Click to expand...

Hi,
We need the exact error message to be able to pin point if it an operating
system file/process running or malware renamed itself to appear as Operating
system core file.
What happen if you Restore your system to an earlier point, does it help rid
of the error?

Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

How to perform a clean boot in Windows XP
http://support.microsoft.com/?id=310353
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222/en-us

RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

HTH.
nass
 
Ron,

I believe you are correct. The message flashes so fast when I shutdown or
restart it is hard to tell, but I did do this many times and I am pretty sure
it is dwwin.exe. I did a search for this file and below is what I found.
dwwin.exe - C:\i386 - Application
DWWIN - C:\i386/DRW - Application
DWWIN.EXE-2C373FB7.pf - C:\WINDOWS\Prefetch - PF File
dwwin - C:\WINDOWS\system32 - Application
dwwin - C:\WINDOWS\ServicePackFiles\i386 - Application
dwwin -
C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67do49a438275fd7b87f25 -
Application
 
Hello,
As I posted to Ron, I am pretty sure the error message is dwwin.exe. The
message is really fast. Is there a way to freeze the screen?
I will try the restore point when I get home from work. I could restore it
to 7-4-08; which is when I received the computer new. If I use this restore
point all the windows updates and software I have installed are removed,
correct? What I do know is the computer is brand new as of 7-4-08 and when I
received this computer in the mail it did not give this error message;
however as I started getting Windows updates and installing spyware and
adware it appeared. If the restore does not work I will do the rest of your
instructions.
Thank you for you help.

Is there a way to post attached to this discussion group?
Sheila


nass said:
sheila4typing said:
Sorry if I am in the incorrect area, however I have also posted this message
in the General area and thought that maybe that was the incorrect place to
post.
I am having a problem when I shut off or restart my computer. A message
flashes about dwin.exe and dll initialization error. It does not stop my
computer from shutting down it only flashes real fast and then shuts down or
restarts. It is a brand new Vostro 1500 with Windows XP home edition. The
only programs on there so far are PC tools, AVG, Ad-aware, Spybot, and some
windows updates which is up to SP3. I have went into the startup and
unchecked everything one at a time to see if one of the programs in startup
was doing it but I guess not because I still get this message. Can you tell
me how to stop getting this message?
Thank you
Click to expand...

Hi,
We need the exact error message to be able to pin point if it an operating
system file/process running or malware renamed itself to appear as Operating
system core file.
What happen if you Restore your system to an earlier point, does it help rid
of the error?

Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

How to perform a clean boot in Windows XP
http://support.microsoft.com/?id=310353
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222/en-us

RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

HTH.
nass
Click to expand...
 
Thank you again for the help.
I restored the system to 7-4 and rebooted and received the error message.
It did take off the programs that I install and I am not sure how much it
took off of Windows update but SP3 is gone.

I then ran the event view like you suggest and here are the results.
APPLICATION

Windows saved user SABRILAP1\Elaheh registry while an application or service
was still using the registry during log off. The memory used by the user's
registry has not been freed. The registry will be unloaded when it is no
longer in use.

This is often caused by services running as a user account, try configuring
the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_________

Windows cannot unload your classes registry file - it is still in use by
other applications or services. The file will be unloaded when it is no
longer in use.



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
____________

A provider, HiPerfCooker_v1, has been registered in the WMI namespace,
Root\WMI, to use the LocalSystem account. This account is privileged and the
provider may cause a security violation if it does not correctly impersonate
user requests.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
__________

Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_________

A provider, OffProv10, has been registered in the WMI namespace,
Root\MSAPPS10, but did not specify the HostingModel property. This provider
will be run using the LocalSystem account. This account is privileged and
the provider may cause a security violation if it does not correctly
impersonate user requests. Ensure that provider has been reviewed for
security behavior and update the HostingModel property of the provider
registration to an account with the least privileges possible for the
required functionality.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_______

Failed auto update retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
________

Faulting application kadxmain.exe, version 2.1.0.12, faulting module
kadxctl.dll, version 2.0.1.10, fault address 0x00001e0a.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
______

The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 62 of
d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact
Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

SECURITY
nO Xs or exclamations
_______

SYSTEM
Your computer has detected that the IP address 192.168.1.2 for the Network
Card with network address 001FE15E3794 is already in use on the network. Your
computer will automatically attempt to obtain a different address.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

Timed out sending notification of device interface change to window of "Dell
Network Assistant"

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The name "SHEILA :0" could not be registered on the Interface with
IP address 192.168.1.2. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
__________

The server could not bind to the transport
\Device\NetBT_Tcpip_{397A6BCB-E9F3-4218-B43F-FD1C3FB2506B}.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The BITS job list is not in a recognized format. It may have been created
by a different version of BITS. The job list has been cleared.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The ThreatFire service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_______

The IP address lease 192.168.1.2 for the Network Card with network address
001FE15E3794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent
a DHCPNACK message).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The name "SEANBRODERICK :0" could not be registered on the Interface with
IP address 192.168.1.2. The machine with the IP address 192.168.1.7 did not
allow the name to be claimed by this machine.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
______

The IP address lease 192.168.1.4 for the Network Card with network address
001FE15E3794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent
a DHCPNACK message).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_______

Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001FE15E3794. The
following error occurred:
The operation was canceled by the user. . Your computer will continue to try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The name "AZ18LT37QTCD1 :0" could not be registered on the Interface with
IP address 192.168.1.4. The machine with the IP address 192.168.1.3 did not
allow the name to be claimed by this machine.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

Installation Failure: Windows failed to install the following update with
error 0x80070643: Windows Internet Explorer 7 for Windows XP.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The IP address lease 192.168.1.5 for the Network Card with network address
001FE15E3794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent
a DHCPNACK message).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM
within the required timeout.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____

Installation Failure: Windows failed to install the following update with
error 0x80070643: Windows Internet Explorer 7 for Windows XP.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
_____



nass said:
sheila4typing said:
Sorry if I am in the incorrect area, however I have also posted this message
in the General area and thought that maybe that was the incorrect place to
post.
I am having a problem when I shut off or restart my computer. A message
flashes about dwin.exe and dll initialization error. It does not stop my
computer from shutting down it only flashes real fast and then shuts down or
restarts. It is a brand new Vostro 1500 with Windows XP home edition. The
only programs on there so far are PC tools, AVG, Ad-aware, Spybot, and some
windows updates which is up to SP3. I have went into the startup and
unchecked everything one at a time to see if one of the programs in startup
was doing it but I guess not because I still get this message. Can you tell
me how to stop getting this message?
Thank you
Click to expand...

Hi,
We need the exact error message to be able to pin point if it an operating
system file/process running or malware renamed itself to appear as Operating
system core file.
What happen if you Restore your system to an earlier point, does it help rid
of the error?

Open a Notepad, customize or minimize to the taskbar as you will need it
later for this step to copy the error message on it.
Open a run command and type in:
eventvwr.msc click [OK] you will get the Event viewer control Panel.
click on each of these:
Application
System
Security
Look in the right Pane/window for error message with red (X) or Yellow
exclamation mark /!\ , double click each one to get more info about the
causer.
On the Event error properties message you will see:
Up Arrow
Down arrow
Two pages
Click on the two pages to copy the error message then bring up the Notepad
you opened earlier and right click on the first line and select Paste from
the list, this will paste the error message on a Notepad.
Please don't duplicate the error message one of each kind will be sufficient.
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Please we need just the error messages with Red (X) and don't repeat the
error, just one of each kind and post them back in your next post.

How to perform a clean boot in Windows XP
http://support.microsoft.com/?id=310353
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/kb/315222/en-us

RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

HTH.
nass
Click to expand...
 
sheila4typing said:
Thank you again for the help.
I restored the system to 7-4 and rebooted and received the error message.
It did take off the programs that I install and I am not sure how much it
took off of Windows update but SP3 is gone.
Click to expand...


Hi Sheila,
This a new machine as you stated in your first post, which mean still under
warranty!
Take the machine back to the vendor who sold you the machine, either for
repair or best for replacement.
Also when you set up the network make sure the machine getting or assigned
Auto IP address and your wireless Network is secured by using WPA SP2
encryption method.
4 steps to set up your home wireless network
http://www.microsoft.com/athome/moredone/wirelesssetup.mspx
http://www.microsoft.com/windowsxp/using/networking/setup/wireless.mspx
Set Up a Wireless Network in a Small Offic
http://www.microsoft.com/malaysia/smallbusiness/products/howto/setupwireless.mspx
Set up a secure wireless network using Windows Connect No
http://www.microsoft.com/windowsxp/using/networking/learnmore/bowman_05june13.mspx

Networking 101: Basics of Connecting and Setting Up a Wireless Home Networ
http://www.microsoft.com/windows/products/winfamily/mobility/articles/homenetworking.mspx
Barb Bowman’s video on how to set up Wireless network:
http://support.microsoft.com/kb/895616

About Anti-virus, try either Avast, AVG, BitDefender, Avira for free
Anti-virus:
http://www.avast.com/eng/download-avast-home.html

Anti-malware try these Oncare, windows defender, Spuerantispyware,,
Ad-aware2007, malwarebytes, spybot..etc.
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Or windows onecare:
http://onecare.live.com/standard/en-gb/default.htm

If you don't have a warranty to this machine then let us know, so we can
start troubleshooting and help you out in solving these issues.
HTH.
nass
 
I called Dell and spent 2 hours with them on the phone and a 1 hour session
on their chat and they could not figure it out and told me the computer
needed to be mailed to them and I would be out of commission for a month;
which I really cannot do. Is it very time consuming for you to help me, I
could always use the operating system CD that came with the Dell if that is
faster. What do you think?
Sheila
 
sheila4typing said:
I called Dell and spent 2 hours with them on the phone and a 1 hour session
on their chat and they could not figure it out and told me the computer
needed to be mailed to them and I would be out of commission for a month;
which I really cannot do. Is it very time consuming for you to help me, I
could always use the operating system CD that came with the Dell if that is
faster. What do you think?
Sheila
Click to expand...

Sheila, not because it is time consuming but really for your own sake. The
machine still under warranty and you don't need tojeoperdise this warranty!
Best if you mail to them and let them know you want it as quick as they can
and I'm sure they will do their best.
It is for you best interest to send it to them and everyone esle here will
share me the same opinion.
Or take it for your Local reapir shop to sort it out for you.
In either cases save your Docs to a removal storage like USB srtick, CD/DVD.
Best of luck.
nass
 
Back
Top