• Content count

  • Joined

  • Last visited

About oao

  • Rank
    New Member

Contact Methods

  • ICQ
  1. I just want to know to ascertain that that particular DLL is part of the graphics driver and therefore a false positive.
  2. My earlier thread asking for help on this subject was locked because I supposedly got help in the Avira forum. While they suggested some testing, I was given a different suggestion here -- to run GMER and post the result. So here is the result. I forgot to disconnect from wireless connection to router to the Net when I first scanned and got a longer log, if you need it I have it. I then disconnected from the network and scanned again and got only the following: .text c:\windows\system 32\drivers\nvlddmkm.sys which seems to be a NVidia video driver (Incidentally, I ran GMER on another, XP64 laptop, and except for Services, Registry and Files all other options were greyed out and uncheckable. Any idea why? On the potentially infected computer with Vista all the options were active and checked.) Thanks. ========================================================
  3. We have a lptop running vista and Avira's AntiVir. Today an AntiVir scan claimed it found a RTKT/Agent.aag. It offered to clean after next boot, but then it said it could not due to locking. I rebooted, installed your program and ran a scan which found nothing. I tried to rescan with AntiVir and the system crashed during the scan. Avira instructed me to run a scan in Safe Mode after turning off System Restore. But when I tried the computer would not boot after 2 attempts at Windows repair. The reason was: Boot critical file c:\windows\system32\drivers\wvnmdsng.sys file is corrupt. This is the file that Avira identified as infection. Pls advise. Thanks.
  4. Ran a scan and got the following. Can you pls confirm they are false positives? Thanks ================================================= 12/31/2009 12:05:33 PM mbam-log-2009-12-31 (12-05-25).txt Scan type: Quick Scan Objects scanned: 96915 Time elapsed: 3 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)