Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP Pro possible virus 5

Status
Not open for further replies.
judgehopkins

judgehopkins

Technical User
Joined
Mar 23, 2003
Messages
780
Location
US
I am running PC Tools Antivirus which is not reporting any infections.

Every time I shut off the machine, Microsoft asks me if I want to update and I say yes. This happens two and three times a day.

Also, when I tried to run a Trend Micro Online Scan and also a Kapersky Online Scan, when I start it, the browser (Firefox and IE) shut down.

How can I get rid of this virus?

If you need any other info, please let me know. Thanks.

There are two guaranteed rules of success: First, never tell everything you know.
 
Sort by date Sort by votes
You might want to start with HijackThis and post the results.

FYI - there is a dedicated Virus Spyware forum here that may be a better place for this, but post the HijackThis log and we can have a look.

Since TrendMicro sites seem to be at issue I'll give you alternate links
Trend Micro: MajorGeeks:

Twist

===========================================
Everything will be OK in the end.
If it's not OK, then it's not the end
 
Upvote 0 Downvote
Logfile of HijackThis v1.99.1
Scan saved at 10:58:40 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Final Draft 7\Final Draft.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = R3 - URLSearchHook: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O16 - DPF: {49B2E974-9516-11D7-8979-00902785FF27} (SearchManager Control) - O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe



There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
Try starting in safe mode - with networking and go to trend or kapersky.

PC Decrappifier might not be a bad idea to get rid of all of the dell bloatware.

Twist

===========================================
Everything will be OK in the end.
If it's not OK, then it's not the end
 
Upvote 0 Downvote
According to your log, you are clean...!

but I did notice the following:

You should update JAVA to the latest...
turn off S&D's TeaTimer, causes more headaches than it is worth (used to be a great little prog but with good Firewalls out there these days, which are better at detecting anyways, e.g. Comodo)...

The following is not needed (there are more that I would throw out, like GOOGLE and YAHOO, etc.):

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

about the updates:
What does it say in the EVENT VIEWER? there might be an indication that some system files are damaged...

run from a command prompt (or the RUN box) the command: SFC /SCANNOW
and have your XP CD ready...

also do a CHKDSK /F to check the integrity of the drive and the filesystem first...

Automatic Updates stops working after a repair install of Windows XP
Windows Update Not Working.



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Thanks, Ben.

I understand everything but these two:

1. about the updates:
What does it say in the EVENT VIEWER? there might be an indication that some system files are damaged...

Where is the event viewer?



2. run from a command prompt (or the RUN box) the command: SFC /SCANNOW
and have your XP CD ready...

What will this do?



I appreciate your time....


There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
I'm certainly not well versed in HJT but I use to analyze my HJT logs and when I entered yours it found 7 errors marked as "Bad"

A question for BigBadBen if I may. Do you know the best way to analyze HJT logs and is your way more reliable than mine?

I don't have a clue how to analyze the logs by myself and rely on the above link for answers but would like to know definatively what the logs mean.

Thanks in advance.

sam
 
Upvote 0 Downvote
judgehopkins

The event viewer shows any recorded errors that may have bearing on your problem.

Click:
Start > Control Center > Admin Tools > Event Viewer

in event viewer you will see 4 tabs; Applications, Security, System and Internet Explorer.

Start with the system tab and look for any errors, warnings or information that may be helpful.


SFC is a program that scans your system looking for important files that may be corrupted. You may need your original Operating System CD to reload any bad files.

click
Start > run > then type in "sfc /scannow" without the quotes then monitor the progress and do what it asks.

NB the sfc window may be sent to your "task bar" (minimized); if so click it to restore the window so you can monitor the progress that may take 10 to 20 minutes.



 
Upvote 0 Downvote
Another auto Hijack This log analyzer can be found here.

HijackThis log file analysis

All these auto analyzers are only guides and should not be taken as gospel.

If you want to become an "expert" in the matter of malware diagnosing, then a course similar to this is recommended. Otherwise practice safe surfing and stay away from the stuff in the first place. Easier said than done, but lots of people practice safe surfing habits.

Malware Removal University
 
Upvote 0 Downvote
Thanks linney I'll have a look at those links.

sam

 
Upvote 0 Downvote
@mscallisto -

about the question about the HJT analyzing, it is a combination between a log analyzer (the one Linney mentioned), common sense (just because an analyzer tells me it is bad, that one program starts in, e.g. C:/Programme and not in C:/Program Files, does not make it bad as both locations are just different language settings), experience (not as active anymore as I used to be in forum760 )...

e.g. your analyzer deems this one as BAD, on the sole reasoning that it updates...
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
in fact it is an auto updater for the Install Shield Installer used by the Macrovision Company, it is unnecessary but not BAD as per definition...

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
alcmtr
belongs to the RealTek Audio Software, but it is not a piece of Spyware it does not PHONE HOME, what it does monitor though, are the Audio Jacks and other events concerning the driver...

04 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
this one gets wrongly identified as "CoolWebSearch Ctfmon32 parasite variant", in fact it is a part of Office, it is a pain to get rid off, but can be ignored...

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
this gets injected by the PC Tools AntiVirus software, and monitors eMail and file transfer from and to the Internet...
I agree that a AntiViral solution should not inject anything in the Winsocks, but it is not BAD as per definition...

Also, if I am not familiar with a certain program file, I paste it (e.g. isuspm.exe) into Google, then research a few sites that explain the functioning of said file, e.g. is a decent site about information on EXE's and DLL's...

thanks for answering where the Event Viewer is to be found, so that judgehopkins can answer the question...

PS: if I seem to be condescending, then I apologize, it's not meant to be...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Ben...You are not one bit condescending. I don't know squat about this stuff.

I'm so ignorant, you can start anywhere!

(If you need to know about the rule against perpetuities or exceptions to the hearsay rule, then I'm your man. But malware is way beyond me!)

Thanks to Sam and Linney; this thread has been extremely helpful!

There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
PS: if I seem to be condescending, then I apologize, it's not meant to be...
Click to expand...

Quite the contrary, we asked you gave great answers have a splat!

sam

 
Upvote 0 Downvote
That is what we are here for, to help those with less skills in fixing their problems...

so judgehopkins, what did the Event Viewer have to say?


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
Q: What does it say in the EVENT VIEWER? there might be an indication that some system files are damaged...

A: There is no indication that some system files are damaged in the event viewer.

Thanks for following up...

There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
So it does not mention any ERROR codes, or errors in either System or Application...

this does seem strange...

Let see if PC TOOLS (the winsock entries) is to blame and have you updated the Java to the latest version (Version 6 Update 7) if not go to and do so...

now for the winsock entries, in a CMD window (or START >> RUN ) type the following:

netsh winsock reset catalog

and then reboot for the changes to take effect...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
This is what was in the applications part of the event viewer for today:

Windows saved user NAMEOFCOMPUTER\Name of User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at

The description for Event ID ( 0 ) in Source ( AlbumCore9 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.


The description for Event ID ( 0 ) in Source ( PCTAVSvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

The Windows Security Center Service has started.

For more information, see Help and Support Center at

The description for Event ID ( 0 ) in Source ( RoxSniffer9 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
This is from the security part of the event viewer (there are several like this today):

User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0xA69F06)
Logon Type: 3


For more information, see Help and Support Center at
There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
If I run netsh winsock reset catalog, then I will have to reinstall these LSPs (per Microsoft Knowledge Base).

I have no idea what that means.

Thanks again, Ben.



Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS>netsh winsock show catalog

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Layered Chain Entry
Description: PCTOOLS over [MSAFD Tcpip [TCP/IP]]
Provider ID: {EF56FCCB-15A7-455E-95D7-6C4A3B34FB1A}
Provider Path: C:\Program Files\Common Files\PC Tools\Lsp\P
CTLsp.dll
Catalog Entry ID: 1033
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 2
Protocol Chain: 1032 : 1001


Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Layered Chain Entry
Description: PCTOOLS over [MSAFD Tcpip [UDP/IP]]
Provider ID: {EF56FCCB-15A7-455E-95D7-6C4A3B34FB1A}
Provider Path: C:\Program Files\Common Files\PC Tools\Lsp\P
CTLsp.dll
Catalog Entry ID: 1034
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 2
Protocol Chain: 1032 : 1002


Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Layered Chain Entry
Description: PCTOOLS over [MSAFD Tcpip [RAW/IP]]
Provider ID: {EF56FCCB-15A7-455E-95D7-6C4A3B34FB1A}
Provider Path: C:\Program Files\Common Files\PC Tools\Lsp\P
CTLsp.dll
Catalog Entry ID: 1035
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 2
Protocol Chain: 1032 : 1003


Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1004
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1005
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB10D21C
-1F6C-4417-9B0E-DAE431C975BB}] SEQPACKET 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1026
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BB10D21C
-1F6C-4417-9B0E-DAE431C975BB}] DATAGRAM 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1027
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22
-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1028
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22
-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1029
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38
-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1030
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38
-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1031
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Layered Service Provider
Description: PCTOOLS CONTENT FILTER PROVIDER
Provider ID: {7F9EB0B5-7444-4497-AEEF-D0E2C76F9FAD}
Provider Path: C:\Program Files\Common Files\PC Tools\Lsp\P
CTLsp.dll
Catalog Entry ID: 1032
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 0

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0



C:\WINDOWS>

There are two guaranteed rules of success: First, never tell everything you know.
 
Upvote 0 Downvote
This is just my opinion about the errors you mention.

Some of the errors can be corrected by installing the UphClean program.

To download and install UPHClean, visit the following Microsoft Web site:

A few you mention seem to reference your Antivirus and Roxio. Perhaps they are caused by your configuration for those programs.

Event Viewer Errors


I don't think the Security log entry is more than an indication of Sharing on a Network at work?
Logon Type Codes Revealed

I wouldn't know what to do about the /AUXSOURCE, I think that is more of a use on a Domain for diagnosing problems?

312216 - Detailed Usage of the Event Viewer /AUXSOURCE Switch Option



Event Viewer messages that are of more concern are the ones in the System folder that have big red X's associated with them. Warnings are just that, and while annoying, are not too serious.

This is the site that I use to research Event Viewer errors.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question Question
Virus
Replies
15
Views
1K
dik
dik
Flinx
  • Locked
  • Question Question
backup fails with error code 0x81000019 and possible fix
Replies
5
Views
2K
Flinx
Flinx
DTGMI
  • Locked
  • Question Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
1K
pjw001
pjw001
Sebastian42
  • Locked
  • Question Question
Possibly a timing problem
Replies
3
Views
2K
Rick998
Rick998
pmonett
  • Locked
  • Question Question
Is it possible to replace Windows Explorer when using Win+E ?
Replies
2
Views
567
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top