HJT log (after SHeur trojan scare)

By abanerji
Sep 17, 2007
  1. Shall be grateful if you please take a look at this log. Thanks.

    Especially, is this line ok?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll This is the Client Service for NetWare Provider and Authentication Package DLL 5.1.2600.3015, this file is part of the Windows operating system and should NOT be deleted.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O15 - Trusted IP range:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE0BCB6-383E-4851-B2FF-CB5A75B8EB70}: NameServer =,<Only fix this if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT and reboot your system.

    Other than the above, your HJT log is clean.

    Having said that, you need to rename HijackThis.exe as per these instructions.

    That`s because some malware can hide from HijackThis.exe.

    Regards Howard :)

    This thread is for the use of abanerji only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. abanerji

    abanerji TS Rookie Topic Starter Posts: 43

    Thank you, Howard.

    Re O15 and O17, all the three IPs belong to my ISP.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...