none
unknown uneditable registry entry at 'microsoft\DbgagD\1' address-is the registry corrupt?

    Question

  • I am using vista 32-bit. My computer is working with no issues, but I am trying to find the reason for one registry entry:- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1

    Its value is set to "1" and the key is in the "1" folder at the above address.
    What microsoft program or action is related to the above entry-what use is DbgagD?

    I have been told that its either an important file or an infection-the key entry cannot even be looked at or edited, as 'an error is preventing this key in being opened: the system cannot find the file specified', even though it is set to "1". Could the registry be corrupt? I need to find out what this key is for as its the only file thats detected in avira and malwarebytes as hidden. This may be more technical than most general users are used to, but I cant just ignore it, so thought Id try here (although Im not sure if this is the correct forum or a recommended website to use-sorry if not). Thanks for any help
    Wednesday, October 12, 2011 11:51 AM

All replies

  • Download Process Monitor from
    http://technet.microsoft.com/en-us/sysinternals/bb896645
     
    Start the program as an administrator (right click and choose Run As
    Administrator). Set the filter to (the 4 drop down boxes along the top)
     
    Path Contains DbgagD Include
     
    then click Add.
    then set a second filter
     
    Event Class Is Registry Include
     
    then click Add then Ok.
     
    Leave it running. It will list the program using that key if or when
    accessed.
     
    To see if it's accessed during boot click Options menu then Enable Boot
    Logging. It will log the next boot until you run Process Monitor again.
     
    Also check security permissions. Right click the key in regedit and choose
    Permissions - Advanced and check Owner and Permissions tabs.
    --
    ..
    --
    "xtent" wrote in message news:dabec0f5-2d0c-4d4f-8b39-5d1be1b35f10...
    >I am using vista 32-bit. My computer is working with no issues, but I am
    >trying to find the reason for one registry entry:-
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1
    >
    > Its value is set to "1" and the key is in the "1" folder at the above
    > address.
    > What microsoft program or action is related to the above entry-what use is
    > DbgagD?
    >
    > I have been told that its either an important file or an infection-the key
    > entry cannot even be looked at or edited, as 'an error is preventing this
    > key in being opened: the system cannot find the file specified', even
    > though it is set to "1". Could the registry be corrupt? I need to find out
    > what this key is for as its the only file thats detected in avira and
    > malwarebytes as hidden. This may be more technical than most general users
    > are used to, but I cant just ignore it, so thought Id try here (although
    > Im not sure if this is the correct forum or a recommended website to
    > use-sorry if not). Thanks for any help
     
     
    Wednesday, October 12, 2011 12:35 PM
  • Thanks for that-I forgot all about process monitoring. Hopefully I can find out the related program(s) that may be using it and highlight the entry-cheers. As a last resort, I attempted to use combofix the other day, which I probably shouldnt have used (it deleted my default icons and I have been told it can change/corrupt the desktop.ini), but it gave further information away on the key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\09\06\18\0b73Y" Im not sure if the "?" may determine what could be causing the problem or not of not being able to read certain values. Other than all this, the system is working as normal, comodo firewall is installed with avira antivirus, malwarebytes, spywareblaster and trend micro.
    Thursday, October 13, 2011 2:50 PM
  • Did you check the permissions.
     
    --
    ..
    --
    "xtent" wrote in message news:60fb4e83-5ee4-4114-8486-4d91bd0e63cb...
    > Thanks for that-I forgot all about process monitoring. Hopefully I can
    > find out the related program(s) that may be using it and highlight the
    > entry-cheers. As a last resort, I attempted to use combofix the other day,
    > which I probably shouldnt have used (it deleted my default icons and I
    > have been told it can change/corrupt the desktop.ini), but it gave further
    > information away on the key:
    > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
    > "value"="?\09\06\18\0b73Y" Im not sure if the "?" may determine what could
    > be causing the problem or not of not being able to read certain values.
    > Other than all this, the system is working as normal, comodo firewall is
    > installed with avira antivirus, malwarebytes, spywareblaster and trend
    > micro.
     
     
    Sunday, October 16, 2011 8:27 PM
  • Do you mean the permissions shown for the registry key within windows, or those listed for the key within process monitor?

     

    In the registry there are 4 users set:

    for CREATOR OWNER >> only 'special permissions' is ticked (to allow and deny). I cannot add new permissions.

    for SYSTEM >> 'full control' and 'read' are ticked to allow, and cannot be unchosen. 'Special permissions' to allow is unticked and cannot be changed. The 'full control' and 'read' options for deny can both be changed/ticked.

    for ADMIN >> 'full control', 'read' and 'special permissions' to allow are ticked, cannot be changed. Only full control and read can be changed to deny, which are currently unticked.

    for USERS >> 'full control' and 'read' are ticked for allow, but 'special permissions' cannot. The deny options for 'full control' and 'read' can be ticked, but 'special permissions' cannot.

     

    I hope the above isnt too confusing :) I eventually reinstalled the system, as I found out that combofix ruined alot of installations, but now.. with little installed aside from windows updates, the registry entry has interestingly appeared again in the exact same location, uneditable as before. All I have done (that I can think of) is update vista and office 2007. Running Office does not show anything in process monitor, so I dont know what it could be from. I cant use system restore, the system tells me it had a problem restoring (obviously due to the same corrupt unreadable registry key).

    Friday, November 04, 2011 6:57 PM
  • The permissions look ok.
    --
    ..
    --
    "xtent" wrote in message news:b4af4658-91cd-4a6b-9f85-6b545f90eb7b...
    > Do you mean the permissions shown for the registry key within windows, or
    > those listed for the key within process monitor?
    >
    >
    >
    > In the registry there are 4 users set:
    >
    > for CREATOR OWNER >> only 'special permissions' is ticked (to allow and
    > deny). I cannot add new permissions.
    >
    > for SYSTEM >> 'full control' and 'read' are ticked to allow, and cannot be
    > unchosen. 'Special permissions' to allow is unticked and cannot be
    > changed. The 'full control' and 'read' options for deny can both be
    > changed/ticked.
    >
    > for ADMIN >> 'full control', 'read' and 'special permissions' to allow are
    > ticked, cannot be changed. Only full control and read can be changed to
    > deny, which are currently unticked.
    >
    > for USERS >> 'full control' and 'read' are ticked for allow, but 'special
    > permissions' cannot. The deny options for 'full control' and 'read' can be
    > ticked, but 'special permissions' cannot.
    >
    >
    >
    > I hope the above isnt too confusing :) I eventually reinstalled the
    > system, as I found out that combofix ruined alot of installations, but
    > now.. with little installed aside from windows updates, the registry entry
    > has interestingly appeared again in the exact same location, uneditable as
    > before. All I have done (that I can think of) is update vista and office
    > 2007. Running Office does not show anything in process monitor, so I dont
    > know what it could be from. I cant use system restore, the system tells me
    > it had a problem restoring (obviously due to the same corrupt unreadable
    > registry key).
    >
     
     
    Monday, November 07, 2011 8:21 AM