TechSpot

HJT log (after SHeur trojan scare)

By abanerji
Sep 17, 2007
Topic Status:
Not open for further replies.
  1. Shall be grateful if you please take a look at this log. Thanks.

    Especially, is this line ok?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll This is the Client Service for NetWare Provider and Authentication Package DLL 5.1.2600.3015, this file is part of the Windows operating system and should NOT be deleted.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O15 - Trusted IP range: http://10.240.240.195

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE0BCB6-383E-4851-B2FF-CB5A75B8EB70}: NameServer = 218.248.255.145,61.1.96.71<Only fix this if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT and reboot your system.


    Other than the above, your HJT log is clean.

    Having said that, you need to rename HijackThis.exe as per these instructions.

    That`s because some malware can hide from HijackThis.exe.

    Regards Howard :)

    This thread is for the use of abanerji only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. abanerji

    abanerji TS Rookie Topic Starter Posts: 52

    Thank you, Howard.

    Re O15 and O17, all the three IPs belong to my ISP.

    Regards,
    Ananda
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.