Debugger detected [97]

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Attach these logs to your post.
 
Hi,


Download & extract this file to it's own folder - Registry Search

Launch Registry Search
In the search box, enter (on separate lines)

certstore.dat


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.
& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.

Locate if present the following file & delete it:

C:\windows\ntbtlog.txt

Restart the computer
Just before the OS loading screen starts hit F8 as if going to safe mode.
From the advanced boot menu choose enable boot logging then hit enter.
Post the following file:

C:\windows\ntbtlog.txt
 
Hi,

Reg search log:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 9/21/2009 1:15:34 PM for strings:
; 'certstore.dat'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
;


; End Of The Log...


C:\windows\ntbtlog.txt log:


Service Pack 1 9 21 2009 13:19:29.375
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\System32\Drivers\sptd.sys
Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelide.sys
Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\iastorv.sys
Loaded driver \SystemRoot\system32\drivers\iastor.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\PxHelp20.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETw4v32.sys
Loaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ohci1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\Apfiltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\a245o4lt.SYS
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Loaded driver \SystemRoot\System32\Drivers\RootMdm.sys
Loaded driver \SystemRoot\system32\drivers\modem.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\pctnullport.sys
Loaded driver \SystemRoot\system32\DRIVERS\RimSerial.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\NWADIenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\stwrt.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
Loaded driver \SystemRoot\system32\DRIVERS\mozy.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipfltdrv.sys
Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Did not load driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Did not load driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\drivers\mfehidk.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\BTHUSB.sys
Loaded driver \SystemRoot\system32\DRIVERS\rfcomm.sys
Loaded driver \SystemRoot\system32\DRIVERS\BthEnum.sys
Loaded driver \SystemRoot\system32\DRIVERS\bthpan.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidbth.sys
Loaded driver \SystemRoot\system32\drivers\btwavdt.sys
Loaded driver \SystemRoot\system32\drivers\btwaudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\btwrchid.sys
Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\drivers\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\drivers\parport.sys
Loaded driver \SystemRoot\System32\Drivers\adfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\atksgt.sys
Loaded driver \SystemRoot\system32\DRIVERS\lirsgt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\Drivers\fastfat.SYS
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\system32\DRIVERS\xaudio.sys
Loaded driver \SystemRoot\system32\drivers\tdtcp.sys
Loaded driver \SystemRoot\System32\DRIVERS\tssecsrv.sys
Loaded driver \SystemRoot\System32\Drivers\RDPWD.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
 
Hi,


Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Upload following files to http://www.virustotal.com, if found (re-scan if the file has been scanned earlier) and post back links to the results:
c:\windows\System32\Drivers\a245o4lt.SYS
c:\windows\System32\Drivers\Beep.SYS
 
Hi,

Unfortunately, these weren't much help. I'll need to ask my colleagues' opinion on this. Shall get back asap.
 
Hi,

Haven't heard any opinions but we can attempt one more thing.

  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Code: 
    Files to replace with dummy:
c:\windows\system32\certstore.dat
  • In the avenger window, click the Paste Script from Clipboard,
    pastets4.png
    button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
 
Here you go


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\certstore.dat" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.
 
That part went successfully. Now I have to know if the problem still returns.
 
The file was replace and I rebooted. The file has not changed since the reboot about 6 hours ago. So I think the rename has stuck.
 
Good. Let's uninstall ComboFix and OTL at this point :)

Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /u in the runbox and click OK

Next we remove some other used tools.

  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

How's the system running?
 
Everything seems to be working like it should. I had to uninstall McAfee then reinstall it to get it to work. The .dat file still hasn't changed, so that is good. I don't see any errors when I restart, that is good, as well.

Just a few follow up questions, if you can.

I am going to use Spywarebot and Malwarebytes.

I am going to use McAfee for an antivirus and PC Tools for my firewall. I will turn off all other firewalls.

I have also installed SpywareBlaster; I think this is for Java.

Can you recommend anything else or do you know if there are any compatibility issues with any of these products?

Thanks again for your help
 
I am going to use Spywarebot and Malwarebytes.
Click to expand...
Hopefully you meant Spybot there :)

I am going to use McAfee for an antivirus and PC Tools for my firewall. I will turn off all other firewalls.
Click to expand...
Ok.

I have also installed SpywareBlaster; I think this is for Java.
Click to expand...
SpywareBlaster is designed to block malicious ActiveX controls from installing. SpywareBlaster tutorial can be found here.

Can you recommend anything else or do you know if there are any compatibility issues with any of these products?
Click to expand...
Those should work well together :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top