HJT log (after SHeur trojan scare)

[abanerji]

Shall be grateful if you please take a look at this log. Thanks.

Especially, is this line ok?
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

 

[howard_hopkinso]

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll This is the Client Service for NetWare Provider and Authentication Package DLL 5.1.2600.3015, this file is part of the Windows operating system and should NOT be deleted.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O15 - Trusted IP range: http://10.240.240.195

O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE0BCB6-383E-4851-B2FF-CB5A75B8EB70}: NameServer = 218.248.255.145,61.1.96.71<Only fix this if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT and reboot your system.


Other than the above, your HJT log is clean.

Having said that, you need to rename HijackThis.exe as per these instructions.

That`s because some malware can hide from HijackThis.exe.

Regards Howard

This thread is for the use of abanerji only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[abanerji]

Thank you, Howard.

Re O15 and O17, all the three IPs belong to my ISP.

Regards,
Ananda