TechSpot

Advertisements and dissappearence of start bar/desktop items

By Brotherhood619
Apr 12, 2008
  1. This problem seems to have started last night when norton blocked a trojan horse virus, the next day i found my computer was sluggish (more than normal) and i kept getting advertiesments popping up. Then more to my surprise the start bar dissapeared and when i minimized the windows there was no desktop items (i left this for about 10 minitues thinking it was just a glitch. i have tried using both nortons system restore and windows system restore but for some reason niether can go back further than 7 hours (normally they can go back about a day or two)

    I have included a .log file from hijack this if someone could check it over it would be most helpfull.

    thanks again
    brotherhood619
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Broken Internet access because of LSP provider

    These are Winsock Hijackers. You can use LSPFix from Cess,org:
    http://www.cexx.org/lspfix.htm

    Or Spybot Search & Destroy:
    http://www.safer-networking.org/en/index.html

    The 'unknown' files in the LSP stack will not be fixed by HijackThis for safety issues.

    O17 - HKLM\System\CCS\Services\Tcpip\ is a lop.com Domain hijacker. If the Domain is not from your ISP or company network, have HijackThis fix it.

    There may be others. This is a head start.
     
  3. kritius

    kritius TS Guru Posts: 2,084

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    this is genuine.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    kritius, thank you again. Is there any other entry in the log that links this to the Novell NetWare, making if valid, or do we just go by the nwprovau.dll?
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Actually, I saw that Blind Dragon. I was just wondering how you distinguish the "010". The "010" entries are described as 'Winsock Hijackers' and I only wondered how to determine the legitimate entries over the other. I guess is just going by the .dll file,

    Found the CastleCops "020" listing. Thank you. This log only has one "020" entry and I can't ID it: urqNHWqp.dll
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I meant 010 entries
     
  8. kritius

    kritius TS Guru Posts: 2,084

    This is the best way of determining,

    http://www.castlecops.com/LSPs.html

    The O20 entry is a randomly generated file and can more than likely be fixed and deleted.

    EDIT, same link woops.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks both of you. I now have access to the full CastleCops database.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...