Jump to content

Unknown DbgagD registry corruption - here is my log


extent

Recommended Posts

Hi, I think I have done everything necessary. The reason for this post is due to a "hidden" registry entry that cannot be viewed or modified in any way from my admin account, at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1

Its properties cannot be changed either. When clicking on "1" item in the registry, I am told 'an error is preventing this key in being opened: the system cannot find the file specified'. Along with this I cannot repair the system on bootup using F8, as I get a blue screen for a split second (possibly unrelated). I have included my 'attach.txt' file, and my DDS log is also below. With Defogger, HKCU and HKLM run values were retrieved. With malwarebytes after an update, I had no suspicious files whatsoever, but with avira I still got this one hidden item, the registry entry above. I could not attach the ark.txt as the GMER Rootkit Scanner gave me a blue screen. I have tried to view the registry value with other registry programs, but they also have issues (regmagik and regscanner). Someone told me to use combofix, which I probably shouldnt have used-it lists the registry entry above as being locked, as did Hijackthis, although through google it seems combofix can cause problems of its own-corrupt the 'desktop.ini' and remove files you want kept (windows icons etc). Thanks for any help if possible-although a reinstall of vista might be the best option, I would still like to find out the reason for the locked registry entry, and if its malware or corruption caused by files that dont work well with vista, just incase it happened again. Here is my attachment, Rootkit bluescreen log and DDS log:

DDS:-

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 2057

Additional information about the problem:

BCCode: 50

BCP1: E1600008

BCP2: 00000000

BCP3: 885D63CB

BCP4: 00000000

OS Version: 6_0_6002

Service Pack: 2_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\Mini101311-01.dmp

C:\Users\Norma\AppData\Local\temp\WER-68219-0.sysdata.xml

C:\Users\Norma\AppData\Local\temp\WER5A01.tmp.version.txt

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

----------

DDS log:-

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Norma at 2:28:53 on 2011-10-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1028 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Internet\COMODO Internet Security\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Internet\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Internet\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Internet\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\WerFault.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Internet\COMODO Internet Security\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Internet\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Trend Micro\Browser Guard\BGUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Stardock\CursorFX\CursorFX.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Trend Micro\Browser Guard\tmiegsrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard\TMAMS.dll

BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\internet\dap\DAPIEL~1.DLL

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard\tmieg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [COMODO Internet Security] "c:\program files\internet\comodo internet security\comodo\comodo internet security\cfp.exe" -h

mRun: [avgnt] "c:\program files\internet\avira\antivir desktop\avgnt.exe" /min

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Trend Micro Browser Guard] "c:\program files\trend micro\browser guard\BGUI.EXE"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Clean Traces - c:\program files\internet\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\internet\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\internet\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75B320FC-AAC1-4603-A1AA-30FAC777BA53} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\internet\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\internet\dap\dapie.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\norma\appdata\roaming\mozilla\firefox\profiles\utekc1lh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\internet\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\internet\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-18 64288]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-6-11 38400]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-6-11 35968]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 36568]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\internet\avira\antivir desktop\sched.exe [2010-7-29 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\internet\avira\antivir desktop\avguard.exe [2010-7-29 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-29 66616]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-18 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]

S3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\drivers\Emsusb2.sys [2011-3-4 9728]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-6-11 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-6-11 8456]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-9-29 38976]

S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-9-29 53312]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 tbbLoaderService;tbbLoaderService;c:\program files\internet\tbbmeter\tbbLoaderService.exe [2010-8-13 20536]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-10-12 19:12:20 -------- d-----w- c:\program files\RegmagiK

2011-10-12 18:55:39 -------- d-----w- c:\program files\regscanner

2011-10-12 15:55:13 -------- d-----w- c:\windows\Icons

2011-10-12 15:25:49 -------- d-----w- c:\users\norma\appdata\local\temp

2011-10-12 15:21:59 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-12 15:04:29 98816 ----a-w- c:\windows\sed.exe

2011-10-12 15:04:29 518144 ----a-w- c:\windows\SWREG.exe

2011-10-12 15:04:29 256000 ----a-w- c:\windows\PEV.exe

2011-10-12 15:04:29 208896 ----a-w- c:\windows\MBR.exe

2011-10-12 10:49:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-12 10:49:45 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 10:49:45 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 10:49:45 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 10:49:44 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 10:49:40 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-12 10:49:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-12 10:49:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-12 10:49:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-12 10:49:35 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-11 21:50:53 -------- d-----w- c:\program files\WinASO

2011-10-11 03:17:50 30544 ----a-w- c:\windows\system\DIB.DRV

2011-10-11 03:17:50 21648 ----a-w- c:\windows\system\CTL3DV2.DLL

2011-10-11 03:17:49 -------- d-----w- C:\TOPDRAW

2011-10-10 11:57:12 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-10-08 18:55:14 -------- d-----w- c:\program files\NbuExplorer_v2.3

2011-10-07 20:42:54 -------- d-----w- c:\program files\Wavosaur

2011-10-07 19:54:52 -------- d-----w- c:\program files\mp3DirectCut

2011-10-07 16:12:11 -------- d-----w- c:\program files\RAR Password Recovery Magic

2011-10-05 23:03:41 -------- d-----w- c:\users\norma\appdata\roaming\X-Wave MP3 Cutter Joiner

2011-10-05 23:03:37 -------- d-----w- c:\program files\X-Wave MP3 Cutter Joiner

2011-10-03 23:47:01 -------- d-----w- c:\program files\agv92d

2011-10-03 12:41:15 -------- d-----w- c:\users\norma\appdata\roaming\Meda MP3 Joiner 1.2

2011-10-03 12:41:12 -------- d-----w- c:\program files\Meda MP3 Joiner

2011-10-01 15:06:52 -------- d-----w- c:\programdata\Ableton

2011-10-01 15:06:49 -------- d-----w- c:\users\norma\appdata\roaming\Ableton

2011-10-01 15:04:49 233472 ----a-w- c:\windows\system32\REX Shared Library.dll

2011-10-01 15:02:28 -------- d-----w- c:\program files\ALive804

2011-09-27 15:32:42 -------- d-----w- c:\users\norma\appdata\local\Stardock

2011-09-27 15:32:36 -------- dc-h--w- c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}

2011-09-27 15:32:31 -------- d-----w- c:\program files\Stardock

2011-09-25 11:56:13 40960 ----a-r- c:\users\norma\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2011-09-25 11:56:12 40960 ----a-r- c:\users\norma\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe

2011-09-24 11:56:05 -------- d-----w- c:\users\norma\.swt

2011-09-24 00:49:39 -------- d-----w- c:\windows\G2Runner

2011-09-22 15:33:20 -------- d-----w- C:\ULTRASND

2011-09-22 14:28:09 -------- d-----w- c:\users\norma\appdata\local\DOSBox

2011-09-22 00:37:47 -------- d-----w- c:\users\norma\D-Fend Reloaded

2011-09-21 22:52:24 -------- d-----w- c:\users\norma\appdata\roaming\CorsixTH

2011-09-21 22:40:42 -------- d-----w- C:\ThemeHospital

2011-09-21 19:04:31 168960 ----a-w- c:\windows\system32\XCDZIP35.OCX

2011-09-21 18:45:41 118832 ----a-w- c:\windows\system32\SHW32.DLL

2011-09-21 18:18:00 -------- d--h--w- c:\windows\PIF

2011-09-21 15:17:59 565760 ----a-r- c:\windows\system32\MSVCP50.DLL

2011-09-21 15:17:59 33792 ----a-r- c:\windows\NPSExec.exe

2011-09-21 14:13:03 442368 ----a-r- c:\windows\system32\vp6vfw.dll

2011-09-19 10:44:54 -------- d-----w- c:\program files\Games Utilities

2011-09-18 18:17:20 -------- d-----w- c:\windows\pss

2011-09-18 13:19:09 -------- d-----w- c:\users\norma\appdata\local\Freelancer

2011-09-16 16:24:52 -------- d-----w- c:\program files\Defraggler

2011-09-16 15:01:33 299520 ----a-w- c:\windows\uninst.exe

2011-09-16 12:10:51 -------- d-----w- c:\users\norma\appdata\local\Spotify

2011-09-16 12:10:47 -------- d-----w- c:\users\norma\appdata\roaming\Spotify

2011-09-14 11:09:26 -------- d-----r- c:\users\norma\Saved Documents

.

==================== Find3M ====================

.

2011-10-05 11:21:36 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys

2011-10-05 11:21:35 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys

2011-09-23 10:23:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 2:31:16.57 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...

Hi, sorry about the delay-I eventually used combofix, which found and removed a trojan on ntfs.sys. After it 'repaired' the file, the system restarted and would no longer boot or even repair itself from a windows disc-so it looks like it may have found a false positive and deleted the file, and a much needed one too-nice tool.

Whats worse is that I have reinstalled my system, and in another scan, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1

is back once again, in the registry stating "an error is preventing this key being opened:cannot find the file specified" yet again :( ?!

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.