Hey I just noticed my Sygate Firewall blocking alot of traffic coming through, I uncheck the "hide broadcast traffic" and it shows that it's blocking a lot of stuff. The Incoming Traffic History chart shows the meter on the side here (http://webpages.charter.net/mikedjunior/sygate.JPG) . Does anyone know if this is happening to them too indicating that its normal or is this odd period? And its doing this every other second.

From the pic, you have Firefox & AIM running...so you would see Web Traffic from FF...in AIM you would see the Ads & any IM/Files you have coming through.

Yeah your right I was running those applications at the time but this is happening all the time when im just on my desktop and I found the Whois that Sygate keeps on blocking. Does anyone know what this is and how can I get rid of it? Click the images.

Image One (http://webpages.charter.net/mikedjunior/sygate2.JPG) - This one shows sygate's traffic screen
Image Two (http://webpages.charter.net/mikedjunior/sygate3.JPG) - This one shows the Whois

Pic 1 has NDIS User Mode connected...you can tell by the Blue Dot: http://www.experts-exchange.com/Security/Q_20306681.html

alright is there anyway to see what application are using ndisuio.sys?

alright is there anyway to see what application are using ndisuio.sys?



It should be safe.


http://www.liutilities.com/products/wintaskspro/processlibrary/ndisuio/


There is some interesting info here.


http://www.iceteks.com/articles.php/ndisuio/1

StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate:
Updated: 2002-09-12

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2005-05-25 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Sygate constantly blocking this, what is it? Why is it try to connect? And how do i stop this?

I fully scanned my computer with Symantec anti-virus found nothing
I fully scanned my computer with panda online anti-virus, found 4 adware files, one included in the Windows directory. The other two were registry keys which I searched and cannot find.
I scanned with Adaware, Search and destroy, Counterspy, and found nothing. Im clean here. I used CWshredder and found 1 but got rid of it. I do not know what this is. Someone please help. Is this happening to your Sygate if you have one?

In the link I found this :


To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

In the link I found this :


To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

I dont have anything wireless here, and theres no such thing on my computer with administration tools, services, Wireless Zero Configuration.


PLEASE SOMEONE, ANYONE? Does anyone know how to get rid of this??

I dont have anything wireless here, and theres no such thing on my computer with administration tools, services, Wireless Zero Configuration.

It might just be something from your ISP..packet sending, there might not be anything you can do about it.
Sygate is just one of those Firewalls that shows everything...
where as ZoneAlarm probabley would show it at all...unless you had all options checked.

I think there is something you can do about it because why would sygate block it? unless you mean, there isnt a way to do anything about it. Wow, this isnt cool at all. May I mention that I have the "Hide Broadcast Traffic" checked off therefore it shows everything. Someone try this and tell me if they get this, otherwise something is wrong here

You might just be making a mountain out of a mole hill . I did notice its just spygate mentioned in the links I posted. Try highjakthis and if it comes back normal, say la vee . :)

Logfile of HijackThis v1.99.1
Scan saved at 6:02:11 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: DNSKong.lnk = C:\Program Files\Pyrenean\DNSKong\DNSKong.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Just a lot of those yellow ?'s that has nothing to do with it.

Alot of the yellow ones are counterspy exe. thats normal. Have you tryed a sheilds up type of program ?


https://www.grc.com/x/ne.dll?bh0bkyd2

whats a shiel up type program, i went to the link that you provided peat moss and seems my computer is in stealth mode from everything. I used countless scanners of all sorts and found mere cookies and some registry entries. Someone please help with the halt of this address trying to connect to my computer, there are even times where sygate blocks OUTGOing traffic. Please please please...

just check mark the "hide broadcast traffic" and you will see sygate is idle again, Broadcast traffic is bascially in my understanding is just your isp communicating w/ your modem to maintain your connection.

With out trying to be funny kurse .But spygate sounds like it's doing it's job. You might want to disable the logging features . Or click the don't bother me option. I don't use spygate but has me interesed . You know I hate a post that goes unanswered tho. I'm an old ZA pro user so I 'm thinking your missing a settiiig mabye ? Your the type that reads every thing right ? Good luck tho , you'll figure it out If I could suggest a firewall its look "n" stop . But I don't like to argue with people about one 's choice .

whats a shiel up type program, i went to the link that you provided peat moss and seems my computer is in stealth mode from everything. I used countless scanners of all sorts and found mere cookies and some registry entries. Someone please help with the halt of this address trying to connect to my computer, there are even times where sygate blocks OUTGOing traffic. Please please please...


Sheildsup is a site that tests your firewall . Its interesting in that you see were one stands in port securiy . :)

yeah its really good to know where you stand, but I still need to know about this and why know one else here seems to experience this problem. I can't find the cause and seems like nobody can either. I never saw this happening to my computer before, Ive been using sygate for years now and never once did I notice this becuase it never happened. Why is Sygate blocking it and why is it trying to connect constantly? Someone help please

Problem still exists, please help.

Have you tryed looking here ?


http://forums.sygate.com/vb/

yeah a lot of the same problems but no solution and they end up talking about something else. Its wierd.

Found this on C:\Windows\System32\etc\ Click here (http://webpages.charter.net/mikedjunior/IANA.JPG)????

take a look at this, nothing is running on my computer and Im getting a lot of movement here! (http://webpages.charter.net/mikedjunior/process.JPG) you can tell in the Incoming Traffic. All its blocking is the same IANA!!!

Problem REMAINING UNSOLVED. HELP?