Dave
Wed Mar 28 09:25:18 CDT 2007
Comments inserted into message below: (I will continue to be cautious)
Thanks for your interest and suggestions.
--
Dave
"Norman" <nthums1@comcast.net> wrote in message
news:eJBt4GnbHHA.4476@TK2MSFTNGP03.phx.gbl...
> That only means that at some time the url was typed into the address bar
of
> IE. Not a problem.
> I checked port 80 and it used for HTTP server. But found that it was often
> used for an attack.
>
http://www.cgisecurity.com/papers/fingerprinting-2.shtml
> Maybe wading through this link will help, but if it is above you, then may
I
> suggest that you go to dslreports.com and look for the forum on firewalls.
> They have some very knowledgeable people there and unless your firewall is
> some strange animal, they likely have experience with it. Or maybe the
> manufacturer has a forum.
> But I would not let my guard down.
> Yes the call is coming from your machine as you indicated by outbound.
> Looking within your firewall may indicate whether your machine is trying
to
> just access or act as a server to the connection. Server would be a double
> red flag I suspect.
> Since you have not said which firewall, is it part of the AVG, and most
> importantly if I am not familiar with it, its capabilities. I just looked
at
> their site and very little details are available for the firewall.
The Firewall is a part of AVG Software - this is NOT the FREE version.
> Right now it sounds very much like something altered a file in such a way
> that it trys to make this connection.
> Have you installed any software about the time this started happening that
> might be trying force registration or autoupdate?
No software has been installed recently. This problem has been recurring for
some time. I will see the warning for two or three days and then will not
see again it for three or four weeks. I have always denied access and
continue to search for answers. I continue to run my Anit-Virus scans,
Adaware, Spybot and, on occasion HiJack This. I don't find any problems
there. Below is my HijackThis log: (I am not very knowledgeable about these
things but don't see any problem Here)
Logfile of HijackThis v1.97.7
Scan saved at 12:30:51 PM, on 3/27/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGFWSRV.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\WPWIN9.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\PS90.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COREL\WORDPERFECT OFFICE 2000\PROGRAMS\POP90.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MAINT\09 - HIJACKTHIS.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38941.8102662037
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish.com/SnapfishActivia.cab
> How long, and hopefully in maximum security, did you install the firewall
> before this started happening.
The Firewall was installed, in maximum security, at least a year ago. This
problem has been occuring for three or four months.
> Norman
>
> "Dave" <xqzme.leedave@otelco.net> wrote in message
> news:%23jMewwlbHHA.3584@TK2MSFTNGP02.phx.gbl...
> > After your last message I decided to take a look in my Registry to see
if
> > there were any references to Deltacom. Here is what I found:
> >
> > HKEY_CURRENT_USER
> > Software\Microsoft\Internet Explorer\TypedURLS
> > Url1
> >
http://www.deltacom.com/internet.asp
> >
> > Does it seem reasonable that it would be safe to delete this entry?
> > Being a 79 year old novice user these kind of things scare me a little
> bit.
> >
> > --
> > Dave
> >
> > "MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message
> > news:Oo7Q3RkbHHA.4552@TK2MSFTNGP05.phx.gbl...
> > > Is Deltacom your internet provider ?
> > >
http://www.deltacom.com/internet.asp
> > >
> > > MG
> > >
> > >
> > > Dave wrote:
> > >
> > > > You're right, of course, and that's what I do. I was just trying to
> > figure
> > > > out who or what was trying to be connected to my computer.
> > > >
> > > > Thank you
> > > >
> > > > Dave
> > > >
> > > > "MowGreen [MVP]" wrote
> > > >
> > > >>If you have no idea why the SYSTEM is attempting to connect to the
DNS
> > > >>listed, then deny it. ;)
> > > >>
> > > >>MG
> >
> > Dave wrote:
> >
> > I don't recognize anything in these two pages. And . . . I don't have
> > any connection to the companies or the cities mentioned. It's still a
> > mystery as to why my SYSTEM would try to connect . . .
> >
> >
> > > >
> > > >
> >
> >
>
>