My computer is infected

Status
Not open for further replies.
well so far it only found "ashcap" in :
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regUsers.reg
but thats spybots so i dont think it has much to do with that...
my comp havent restarted it self the whole day, sence i reinstoled version 169 of the video driver ( i had 77!! its a version from 2005 xD) but i dotn wonna get happy too soon its only the first day, and i wonna be sure that that spysure thing is off my comp for good.
p.s.
i opened that reg file and that ashcap is a part of an html adress in the reg file and its written "...._DashCap.html" so i wouldnt worry at all about this one.
 
my comp havent restarted it self the whole day, sence i reinstoled version 169 of the video driver
We are waiting for you!

Has there been any crashes?
Any more signs of Spyware?

By the way, I don't think you should have opened Spybots back-up of removed bugs.
As this may re-infect your system!
 
i had no crashes sence that update ima so happy! ^^
some thing i ddi notice is that sometimes when i start my comp my fire wall (ashampoo) says it failed to intialte and i need to start it manualy, and another thing i noticed is that when i play in online games my latency (how good i conect to the server may be reffered as ping also) is very high its suppose to be around 10-100 to be good but because i leave preatyy far it usualy moved between 200-350 and thats ok to play that way but lately after running all the fixes it became around 1500 - 9000 latency ! ive been told i should difragmatize my drivers so i did
but it says some files(including the files of this game) in D (where all my games are instaled) could not be difragmatized and i tryed to make some more free space but that didnt help what can i do?
 
O.O
it happened again!!!! i just cant belive it! after more than a week that no restarts has accured came 10000ce right now :( its not the regular one (50 and 0a) but it happened some times before =/ please help?
 
Download and Install SDFix
  • Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

Afterwards Please run Hijackthis again and post a fresh log to look at
 
well it happened again once today ... its not as freaquntliy as it used to be and it seems to be only the "ce" error , i hope you guys can help me fix it threw the end cause youve been realy realy helpfull so far :X
 
yes it is, hebrew isnt codec right some places so it writes it like gibrish. thats why it didnt remove it before. is my computer ok now? =/
 
When you crash you have 2 options for us to figure out what it is.

1) Go to start -> Control Panel -> Administrative Tools -> event viewer -> look in the error column for the error that fits the time frame of your last crash. Right click it and select show all instances. Then look in the details (may have to right click and select properties or details) We need the Event Id and Source

2) We need a new minidump showing the new error code. Now that the other crashes are gone. Attach here
 
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 15/03/2008
Time: 01:02:34
User: N/A
Computer: PC-TAL
Description:
Error code 100000ce, parameter1 a60f0cdf, parameter2 00000000, parameter3 a60f0cdf, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 63 100000c
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 61 36 eters a6
0030: 30 66 30 63 64 66 2c 20 0f0cdf,
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 61 36 30 66 30 63 , a60f0c
0048: 64 66 2c 20 30 30 30 30 df, 0000
0050: 30 30 30 30 0000


Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 13/03/2008
Time: 00:19:47
User: N/A
Computer: PC-TAL
Description:
Error code 100000ce, parameter1 f7c8149d, parameter2 00000000, parameter3 f7c8149d, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 63 100000c
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 66 37 eters f7
0030: 63 38 31 34 39 64 2c 20 c8149d,
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 66 37 63 38 31 34 , f7c814
0048: 39 64 2c 20 30 30 30 30 9d, 0000
0050: 30 30 30 30 0000
 
Look through the event viewer, do you see a matching event with Event ID 1001. If you do this matching event will display information about the specific error that occurred.

I would also try ATF cleaner

Clean temp files

  • Download and Run AFT Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:

    • Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:

    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:

    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program
 
Btw it jsut happened again :X same error....
this is the 1001 file matching yea restart from yesterday the 15th
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 15/03/2008
Time: 00:06:22
User: N/A
Computer: PC-TAL
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000ce (0xa60f0cdf, 0x00000000, 0xa60f0cdf, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini031508-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Im not 100% on this one, and running out of ideas. There are honestly so many possibilities for these errors that it is hard to even suggest where to start besides the obvious.

Memory -> That could be RAM, or Video Memory, your pagefile.

Have you ran System file checker yet. There is a possibility that it is from corrupt files
------------------------------------------------------------------------------------------------------------
#1 If you have more than 1 stick of ram I would try removing 1 module and see if the system crashes. If it does then insert the other stick and see if that crashes. One stick of RAM may have went bad.
------------------------------------------------------------------------------------------------------------

#2 Run SFC
To do this simply go to the Run box on the Start Menu and type in:

sfc /scannow

Note: You may need your XP CD if the cache on your computer has become corrupt. If the files are correctly cached on your computer then you should be able to replace from there.
 
ops ? :X
sfc says i need to insert my windows service pack 2 CD and it doesnt seem to accept the one i insert =/
and about idea #1 , the restarts arent as ergent as they used it only happen 3 times in 2 weeks so im not sure if thats a good idea :X
 
Status
Not open for further replies.
Back