It is however not possible to fix the item directly in HijackThis. A portable software program called LSP-Fix comes to the rescue. It has been primarily designed to fix Winsock errors.

The program is interesting in this case as it can be used to remove the nwprovau.dll dynamic link library from the computer system. The box “I know what I’m doing” has to be checked before that option becomes available. The program lists the currently installed dll files in the left column, nwprovau.dll should be one of them. All that needs to be done is to select this dll and click on the arrow that is pointing to the right to move it to the Remove column. Keep in mind that this will remove the dll permanently from the computer system (creating a backup before proceeding might be a good idea)

A click on the Finish button will complete the process and remove all files that are listed in the Remove column from the computer system.

Related posts

• HijackReader analyse HijackThis results (6)
• Zip Repair (3)
• Zen Key An All Purpose Application Manager (3)
• Youtube Batch Downloader (13)
• Yahoo Widget Position Restorer (1)

Most users tend to post their logs in forums so that experienced users can take a look at them and recommend actions. There are actually several forums that can be used.

If you would like fast results you could also use the software HijackReader which analyzes an HijackThis logfile and tries to make the distinction between good and bad results automatically. The HijackReader uses mainly two lists to analyze the logfile.

Those two lists are the CLSID list by Tony Klein and the Startup info list by Paul Collins. A single html file is created after the analysis has finished displaying information and recommendations about the found elements. Attributes can either be OK (no fix needed), FIX IF UNKNOWN (check for more information if you do not know the element), FIX (CHECK NOTES!) (read the description and fix the issue because it is indeed malicious) and UNDETERMINED (find out for yourself).

The HijackReader application can be of help especially if items are found that are marked as Fix (Check Notes). The user can fix those without having to wait for someone else to analyze his logfile and tell him the exact same thing. It does not help that much for elements that are undetermined or marked as fix if unknown and users will still have to get professional help or do extensive research before they can be sure if the item is malicious or not.

Related posts

• Unknown File in Winsock LSP NWPROVAU.DLL (3)
• True Crypt 6 released (3)
• Protect Files in Windows by locking them (6)
• Open Ports 1.0 (2)
• Norton Antibot Free 1 Year License (15)

It is aimed at novice users who suspect that something is wrong with their computer but do not have the knowledge to interpretate and fix the issues by themselves. The Classic Mode is giving the user more information and a way to quickly fix common problems. It does not provide full information like the Expert Mode that displays lots of information.

Users of all three modes can always use a service called Online Malware Analysis which can be of great help. It compares the MD5 hash of the scanned files on the user’s system with those in the Runscanner database. MD5 hashes have to be the same if the same unaltered program version is used.

The Online Malware Analysis uses green, purple and red icons to rate the item. Green items are checked and safe, purple items are not yet checked and red items are not safe.

This is a great way of getting more information about current services, programs and processes on your system without having to consult another person.

Runscanner has several features that make it stand out even more. It offers right-click options to compare the MD5 hash with authority websites like Castle Cops and File Advisor, perform a Google search on the item, upload the file to Virus Total and open the file folder and Registry location.

Another aspect that is worth mentioning are so called Run files. As I said earlier novice users can create a log file that they can send to experts who analyze it. These experts can create a so called Fun file specifically designed to be run in Runscanner. The novice user can load the run file and execute the fixes that the expert has authorized.

Oh, it is free of course and portable. You can run it from any location on your computer.

Related posts

• Use Returnil to create a Virtual System in Memory (2)
• Secure Windows Services Configuration (2)
• Prevent that unknown executables are started in Windows (2)
• HijackReader analyse HijackThis results (6)
• Hijack This 2.0 beta (8)

It is no security software for beginners but excellent for advanced users and users who know someone who is able to draw the right conclusions from the security logs that have been generated. Another way to receive fast results would be to use the online script Hijack This logfile analysis. You can paste the logfile into the form field or upload the log from your computer and the script analyzes the logfile of Hijack This automatically.

It uses user input to determine whether something is a potential threat or not. This works most of the time but leads sometimes to unjustified ratings. I installed AV Antivir in a custom directory and the analyzer used this to indicate a possible problem. I think the best way to cope with this situation would be to briefly analyze the elements that could be malicious and decided if that is really the case. To use the above example: I knew that I did install it in that directory and therefor decided that the warning was not justified in this case.

If you are insecure about a certain setting ask in the well frequented support forum or search the internet for clues on the subject. Hijack This has a similar analyze this button build in which takes you to the website of the developer of Hijack This. They display information about everything that was found on your computer and how frequent it was found in other computers.

This could be an indicator for safeness but I would suggest that you perform additional searches to be on the safe side. You can download the newest version of Hijack This from TrendSecure by following the link in the first paragraph.

Related posts

• HijackReader analyse HijackThis results (6)
• Gernova Keylock (2)
• Windows Worms Door Cleaner (2)
• Windows Registry Watcher (5)
• What is connecting to the Internet (4)