True, Thanx... You will need to reinstall firewall client after this command. Regards DavidFFFF P.S.: regarding that new spyware I was talking about I ran it via DS on our ISA after I got to work and only McAfee found it... "StartPage-DU found in 1.zip/1.bin" -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 3:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Be VERY careful with that command. It'll also trash the ISA FWC registration, and may leave your system unable to remove / reinstall the FWC. ..oh, yeh; it'll also break the FW clinet as well. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 14 Sep 2004 09:19:56 +0200 "David Farinic" <davidf@xxxxxxx> wrote: http://www.ISAserver.org If you have XP SP2 you can clean winsock wrappers on XP to its fresh in stall state by this command: netsh winsock reset catalog Regards David|F BTW yesterday I was removing spywares from friends computer and I found 1 which was not detected by www.lavasoft.com Ad-aware nor Norton Antivirus And it was blocking SP2 to be downloaded :) I installed it from cd hoping new IE feature "manage add-ons" will show me this spyware by nothing... its pitty that SP doest show all IE addons... I had to removed manually from registry and from HD. More info about new netsh commands from http://www.tech-recipes.com/windows_tips560.html: Two new commands for netsh have been created in Windows XP Service Pack 2. These commands deal with Layered Service Providers or LSPs. An LSP is software that is inserted into the Windows TCP/IP handler. As you might imagine, any error in the LSP can prevent your network connections from working properly. netsh winsock reset catalog This command resets the Winsock catalog to the default configuration. While doing this, it removes any LSPs. This is excellent if some spyware or other piece of software has placed the LSP and is now causing your network connection not to work correctly. Obviously, any needed LSP software will need to be reinstalled after this command so use it with caution. netsh winsock show catalog This new command will list all the installed Winsock LSPs on your computer -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 13, 2004 9:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Sounds like you have some Winsock LSP-style spyware. This will definitely "bugger" your client-to-ISA connectivity. www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you find junk like this. Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will help you ferret out nasties like this. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! This mail was checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection, threats analysis and anti-virus for Exchange & SMTP servers. Viruses, Trojans, dangerous attachments and offensive content are removed automatically. Key features include: multiple virus engines; email content and attachment checking; an exploit shield; an HTML threats engine; a Trojan & Executable Scanner; and more. In addition to GFI MailSecurity, GFI also produces the GFI MailEssentials anti-spam software, the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.