Firewall/ICS is unable to start after scan!!!

  • Thread starter Thread starter Russ
  • Start date Start date
R

Russ

I just installed the MS Adware scanner and after removing
the spyware detected have an error that does not allow my
firewall to start!

Windows cannot start the Firewall/ICS service.

and if you run sc query sharedaccess, you get a stop error

C:\>sc query sharedaccess

SERVICE_NAME: sharedaccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 10047 (0x273f)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

I have removed the spyware scanner and reinstalled SP2
but cannot get the Firewall to run again. Has anyone had
this problem as well???
 
Apply the fix from the first KB artile JohnF quotes--netsh winsock reset

After doing this, re-run the network setup wizard to reestablish ICS.
 
Cheers Guys,

Worked a treat! my firewall is now back in order. I
couldn't find that KB when I was searching. Thanks again
for the help its much appreciated.

I'm off to the pub now, I'll have a drink for you as well.

Russ.
 
At the command prompt try the following

netsh winsock show catalog

If it finds a helluva lot, its most likely spyware along
the lines of NewDotNet, if so, do this:

netsh winsock reset catalog

Then reset TCP/IP

netsh int ip reset 1

reboot and recreate your network connections. Everything
should be fine. (I got this info from a google search,
when I was struck by newdotnet and faced the same
difficulty with ICS and win firewall. Now it is working
fine)
 
Hmm - I think you should define this a bit more closely.

1) Use Microsoft Antispyware to clear up Newdot.net, or use the vendors
tool which has been posted here a number of times.

2) If you do use Microsoft Antispyware, there may be two issues:

a) broken winsock LSP chain
Use either netsh winsock reset
(On XP, sp2 only) to fix this, or this KB reference
and/or third-party utility:

KB showing why this happens, and with fixes
http://support.microsoft.com/kb/892350
3rd party utility--somewhat simpler for older
Windows versions
http://www.iup.edu/house/resnet/winfix.shtm
I'm not disagreeing with your advice, but see below for the output of netsh
winsock catalog on my entirely spyware free, and pretty simple--no
third-party LSP's for example--system.
This looks like "a lot of stuff" to most, I suspect.
---------------------------
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1032
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1033
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1034
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1035
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1036
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{F686FE1C-59EE-4F8F-B446-9E99E4117A9E}] SEQPACKET 12
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1189
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -12
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{F686FE1C-59EE-4F8F-B446-9E99E4117A9E}] DATAGRAM 12
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1190
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -12
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{C40ADD87-E7D3-46B2-A495-E8C7DB45EA1F}] SEQPACKET 11
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1191
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -11
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{C40ADD87-E7D3-46B2-A495-E8C7DB45EA1F}] DATAGRAM 11
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1192
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -11
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{BAD57A97-11DC-4576-B108-7C5433D29356}] SEQPACKET 8
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1193
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -8
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{BAD57A97-11DC-4576-B108-7C5433D29356}] DATAGRAM 8
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1194
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -8
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{C361FA0D-2FB6-45FC-8659-A3EE76C81971}] SEQPACKET 13
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1195
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -13
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{C361FA0D-2FB6-45FC-8659-A3EE76C81971}] DATAGRAM 13
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1196
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -13
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{46E8996C-8DE8-40A2-AAE8-6490027663C5}] SEQPACKET 6
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1197
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{46E8996C-8DE8-40A2-AAE8-6490027663C5}] DATAGRAM 6
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1198
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{00611F1E-A0BC-48C1-885F-D03B20868584}] SEQPACKET 15
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1199
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -15
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip6_{00611F1E-A0BC-48C1-885F-D03B20868584}] DATAGRAM 15
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1200
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -15
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{46E8996C-8DE8-40A2-AAE8-6490027663C5}] SEQPACKET 7
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1201
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -7
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{46E8996C-8DE8-40A2-AAE8-6490027663C5}] DATAGRAM 7
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1202
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -7
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{C361FA0D-2FB6-45FC-8659-A3EE76C81971}] SEQPACKET 3
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1203
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -3
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{C361FA0D-2FB6-45FC-8659-A3EE76C81971}] DATAGRAM 3
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1204
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -3
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BAD57A97-11DC-4576-B108-7C5433D29356}] SEQPACKET 10
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1205
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -10
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{BAD57A97-11DC-4576-B108-7C5433D29356}] DATAGRAM 10
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1206
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -10
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F686FE1C-59EE-4F8F-B446-9E99E4117A9E}] SEQPACKET 14
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1207
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -14
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F686FE1C-59EE-4F8F-B446-9E99E4117A9E}] DATAGRAM 14
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1208
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -14
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{C40ADD87-E7D3-46B2-A495-E8C7DB45EA1F}] SEQPACKET 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1209
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{C40ADD87-E7D3-46B2-A495-E8C7DB45EA1F}] DATAGRAM 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1210
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F1E7C9A2-760C-4DA9-B89D-72E807D613CC}] SEQPACKET 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1211
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F1E7C9A2-760C-4DA9-B89D-72E807D613CC}] DATAGRAM 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1212
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{75C29FDA-59B7-4ECA-89DF-0684D17DA505}] SEQPACKET 4
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1213
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -4
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{75C29FDA-59B7-4ECA-89DF-0684D17DA505}] DATAGRAM 4
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1214
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -4
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{158DA3F8-A532-4665-A591-FB6A885EEAB5}] SEQPACKET 9
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1215
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -9
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{158DA3F8-A532-4665-A591-FB6A885EEAB5}] DATAGRAM 9
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1216
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -9
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA)
Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: PNRP Cloud Namespace Provider
Provider ID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 39
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: PNRP Name Namespace Provider
Provider ID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 38
Active: 1
Version: 0
 
Back
Top