I have windows xp home edition, cable connection, linksys firewall router befsx41, moved in with a roommate a month ago. I hooked the router and computer up right away. Only sharing the internet connection.
Everything has worked fine until a few days ago. Now my connection is very slow if at all. I keep getting DNS error page can not display several times before being able to connect to some sites. This seems to happen randomly but quite often.
I do have zone alarm and have tried with it on and off. I do not have sp2. I do have all the other updates and have Norton AV, Ad-aware, and Amust registry cleaner. I have run them all. I have even done an fdisk and complete reinstall which worked fine for about a day. Now the same thing again. I reboot often and wash with window washer. I did have SpywareBlaster and Spybot S&D before the reinstall and ran them. I have defragged.
The other pc is getting an excellent connection. I even tried switching ports from 2 to 1 when other person was not here. That worked fine for a little while. Now same thing again. Is it possible that I am being hacked or cracked and if so, What can I do about it until I get moved? What else could be causing such a slow connection and sending me to the error page?
Zone Alarm just sent a message as I am writing, high alert firewall blocked packet sent from address of the other computer (according to the port 2 of the router when I checked on the router site). Is this a normal operation or could something be configuered wrong?
Thanks to anyone who can help!:cool:

I have heard that Norton AV has caused many different problems (I'm not sure whether it has anything to do with this though). It must be something to do with your computer, because your roommate is getting an excellent connection. I would try a program called TCP/IP repair, which I think can be found on this website. This program will restore your TCP/IP settings back to factiry settings and it can repair your Winsock. The only thing is that you may have to reconfigure your ICS.

Duplicate reply

Also In the system event logs there are several errors reported and warnings if this helps?
Event Id 4321 Source NetBT The "MSHOME :1d" could not be registered on the interface with the IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.

Event ID 8009 Source Browser The browser was unable to promote itself to the master browser. The computer that currently believes itself to be the master browser is (gives other persons name and computer ID)

Another several events is a warning from an earlier time. Event ID 1073 source Browser The attempt to reboot (gives my computer name) failed.

Do you get an error message when your computer boots up?

It sounds like you and your roommates computers may have a naming conflict. They should both be in the workgroup MSHOME, but what are the names. Right click my computer, and click properties. Then click the Computer Name tab and check the name of the computer, also tell me the domain name.

Here's a couple of things to look at.
http://support.microsoft.com/?KBID=143153
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308007

My computer appears to boot up and shut down properly. No error messages but I do have error reporting disabled except to inform me of critical errors and not microsoft. I do disconnect the ethernet cable and wash my pc for optimal performance before rebooting. The two computers have seperate names. I'm not sure of the domain name I will have to check. I will also check out the websites Rainbow32 posted.

This might be a stupid question, but is it possible for two computers to share the same internet connection and not be considered a network or sharing resources? Two seperate stand alone systems just connecting to the same ISP? I haven't run any network setup wizard or made any changes. Both computers work fine and fast for nearly a month. Now within the last week mine is very slow and takes me to the error page quite often. Has even froze a time or two.

Event ID 8003, 8009 and 8019 Appear If Subnet Mask Incorrect
View products that this article applies to.
Article ID : 143153
Last Review : May 7, 2003
Revision : 2.0
This article was previously published under Q143153
SYMPTOMS
A Windows NT primary domain controller (PDC) and a Windows NT client computer reside on the same physical subnet and the same domain. The client computer can connect to a network share on the PDC. In the Windows NT PDC, the following system event appears in Event Viewer:

Event ID: 8003
Description: The master browser has received a server announcement from the computer <Windows NT client> that believes that it is the master browser for the domain on transport <NetBT>. The master browser is stopping or an election is being forced.

In the Windows NT client computer, the following system events appear in Event Viewer:

Event ID: 8009
Description: The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is <PDC>.


Event ID: 8019
Description: The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in Event Viewer.
Back to the top

CAUSE
This problem occurs if the subnet mask of the Windows NT client computer is incorrect or different from the PDC. The client computer attempts to promote itself to the master browser of the subnet and fails.
Back to the top

RESOLUTION
To correct this problem, change the TCP/IP protocol configuration to the correct subnet mask.
Back to the top


--------------------------------------------------------------------------------

APPLIES TO
• Microsoft Windows NT Workstation 3.5
• Microsoft Windows NT Workstation 3.51
• Microsoft Windows NT Workstation 4.0 Developer Edition
• Microsoft Windows NT Server 3.5
• Microsoft Windows NT Server 3.51
• Microsoft Windows NT Server 4.0 Standard Edition

Back to the top

Keywords: kbnetwork KB143153

Back to the top

Outstanding Rainbow32!!! Much thanks, I did try to find these articles before from microsoft but couldn't find them. This is exactly what has been happening.

Question now is can and how do I set myself as (PDC)? And how do I change the TCP/IP protocal configuration to the correct subnet mask?

Ugh, I don't network. I thought I was in the XP forum when I posted here. Came across the 2 MSKB's doing a search on the info you gave.
I'm sure one of the networking chaps will be along shortly.

Did you try the TCP/IP repair program? Another option would be to try deleting your current connection. Create a new one and buy a router, so you don't need internet connections sharing anymore.

I hope so. I would like to get back up to normal speed. It does appear that my computer is having to force itself for a connection. This also explains why the two PCs were conflicting on which one was the master browser and maybe why I was getting my firewall messages that the two pc's were trying to send packets to each other.

It only leaves me with one more other question, Why did this arrangement work well for the first several weeks and just now in the last week slow me down?

What firewall are you running?

Nevermind. I see that you have Zonealarm. Hmm... I would just try a new configuration (make a new connection) and try that.

I haven't tried to do any repairs yet. I do have a firewall router and am plugged in to port 1, hers is port 2. I also use zone alarm as the software firewall and have used this combo for a few years and has always given me fantastic protection! As I said it worked fine until this past week. Unless I'm getting hacked or the ISP is trying to force the issue, I'm lost?

I'm not much on networking either, thats why I wondered if you could have two stand alone computers on the same internet connection ?

When you said "same internet connection" I thought you had ICS enabled. Like I said I suggest starting a fresh connection through the Microsoft connection wizard. I have no idea what could have caused this problem, but there are many general ways that we can try to fix it.

One more thing. Try removing your roomates computer from the router. See if your connection speeds up any then.

I guess you answered my question on whether I had to network or not with a router. I really don't want to network. I'd rather be a stand alone computer. She is on the internet herself right now so I can't try unplugging her connection at this moment.

Is it possible for someone to have hacked into her computer and made changes to her configurations and maybe trying to force a network to get to my computer?
Her computer is very vulnerable... Not many updates, No antispyware that I know of, Definately no firewalls other than my router now which should give her pretty good protection unless one of her friends (and she has many in and out of here) may have gotten the router number and went in and made some configuration changes on it.

If this helps these are the bad events over the last week. I did change my name and computer name and passwords after the re-install for security purposes. I learned to do that a few years ago and it has never given a problem before if any of these events pertain to that. I also run window washer most of the time at startup and shutdown to clear the page file swap and never had any problems before. That's why I think it is a networking issue.

Application error events:
1000
1524
and event 3
Security failure audits: (these I have experienced before with no browsing trouble)
680
529
615
System Events:
7009
8021
8032
8019
8009
4321

I'm still getting the DNS Error page about 2 or 3 times until my computer forces connection. Thanks to anyone who can help!

Well, it is probably possible for her to get hacked by a trojan or something, but if you have a firewall and anti-virus I doubt that you would be hacked yourself. Try plugging yourself directly into the modem, which would bypass the router. also goto start, run, and type cmd. This will bring up the command prompt. Type ipconfig /all and post the results back here.

Hey, all. From maxim's post I believe he doesn't want to file share or anything with his roommate, so I'd say disable change your workgroup name and disable the computer browser service on your machine. Don't worry about PDC and that stuff as that is related to window's domains and you don't want to go there. ;)

Can you go to the properties of your network connection and post back all the protocals you have installed. If you want, while your there you can uncheck 'file and print sharing', this will eliminate some network traffic and help secure your PC.

Also, if you are running ZA make sure that the windows firewall is disabled. Having 2 firewalls runnings at the same time will cause problems.

Hey all, I did already have file and printer sharing and the windows firewall disabled. I also had QoS packet schedular unchecked on a reccomendation.
I have no idea what was wrong, but everything is working fine now. All I did was unplug the router and modem and reset the router and plugged them back up. Then went to the routers web site and saved the settings. But I had already tried that before and it didn't work with the exception of saving the settings on the router web site.
Linksys said something about data clog when they replied to me and to unplug and reset the router.
When I only had one computer hooked to the firewall router before, I could power it off at the surge protector, and when I powered back up everything still worked fine. Maybe this doesn't work with two computers and the router got powered off somehow and I had to go to the web site and save the detected settings. I am still puzzled as to what the problem was? Anyone have an Idea? Thanks for all the response!

Hey z1p, should I still disable the change your work group name and the computer browser service? Or at this point should I say if it ain't broke don't fix it! LOL. Since I am happy to have my speed back.

Oh, BTW Linksys also told me to enable and clone the mac address. This did not work. It knocked the other computer off line as soon as I did that. So I had to disable that. Also connecting directly to the modem did not work, that's another reason I was confused. I think it was an ISP problem with the two computers connecting!

I believe the saying is "If it ain't broke, fix it till' it is." :D

Ha ha ha, I do the same thing! I have tweaked myself into trouble sometimes though!
I still don't know how to put the emoticons or icon for my name on here yet though. Can you help me and tell me how to do that blademaster?

I olny know a few such as (colon parentheses), (colon D), and stuff like that. If you have an instant messanging program such as Aim usually next to the picture of the smiley is a translation for it in text. When you enter that, it will appear as a smiley in your text.

I know we are getting off the subject but I am still waitng to hear from z1p on disableing the other sevices? I think I know how to do the emoticons ( :) ) if that worked, but how did you get the icon or pic for your name?

What services did z1p ask you to disable? To disable a service you would go to Start/Run in the run box type services.msc that will bring up a window listing all the services. Scroll down the list of services on the right finding the ones you want to disable. When you find one that you want to turn off just highlight it and right click. Go to Properties click it. Now look halfway down the diag box that pops up for Status in the pull-down to the right of it click and pull it down to disable then click apply at the bottom and move on. When done just close the services window and its a good idea to reboot. From that point on the services shouldn't start again.

As far as setting an avatar "pic" beside your name goes. You need to click the link "My Control Panel" at the top of a page. Once in there look for "Edit My Avatar" in the list of options on the left=hand side of the page and click it. Once there you will see a few pre-defined avatars for use. There are pages of then to pick from. Once you find one you like click the circle under it and then save and exit. Now you will see that avie next to your user name on posts you make. If you want to use a custom avie you need to become a CTH suscriber. Its only like 5 US bucks and well worth it too! Not only do you get to use custom avie's but you can also use a custom member status. Example uder my Avie it says Mod because I'm a mod but you could put anything within reason of course. On top of both those things you will help keep CTH free to use and free of adds. Thats right when you become a CTH suscriber even those little google adds that you normally see go bye bye!

Hey z1p, should I still disable the change your work group name and the computer browser service? Or at this point should I say if it ain't broke don't fix it! LOL. Since I am happy to have my speed back.
Sorry, just saw your post. I'm in class this week and my time on line is limited. Also, I see my earlier post was confusing. Thats what I get for just 'popping in'.

What i meant to say was 'change your workgroup name' and 'disable the computer browser service'. If you are concerned about security on your LAN, then you should make those changes. Otherwise, just leave it alone, it will be fine.

Making these changes shouldn't impact your network speed and internet access at all.

Thanks for all the info everyone!

The problem is back after three days of running good. Same thing again. Extremely slow and DNS error several times before connecting.

I did try to disable the computer browser service and change the work group name and couldn't connect at all.

The network connection protocals are: IP setting: DHCP enabled,
DNS: Append primary and connection specific DNS suffixes, Append parent suffixes of the primary DNS suffix, register this connection's addresses in DNS.
WINS: Enable LM Hosts Lookup, there is a check by default
Optional settings: TCP/IP filtering, Enable filtering is unchecked, Permit all is checked on TCP and UDP ports and IP protocals.

Connect using MCP Networking Controller
Obtain IP address automatically
Obtain Dns Server address automatically

Help!!!

Did you ever try that TCP/IP repair program?

I clicked repair connection in the control panel at network and internet connections. This seemed to help a little at first for a few minutes. When I rebooted it went back to doing the same thing. I clicked repair again and it didn't help this time at all.

When I typed ipconfig /all in run, The dos screen just flashed and I get nothing?

To do ipconfig /all you have to run cmd in the run dialogue.Then in the command prompt type ipconfig /all. And I meant the program TCP/IP repair.

Do I just right click on the connection and click repair?

I think I figured out ipconfig/all through cammand prompt? Here is the info and the pings:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Employees>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : CommunityCom
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Control
ler
Physical Address. . . . . . . . . : 00-40-CA-75-7C-46
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 24.176.125.6
24.159.64.23
24.159.64.21
Lease Obtained. . . . . . . . . . : Sunday, October 22, 2006 6:32:14 PM
Lease Expires . . . . . . . . . . : Monday, October 23, 2006 6:32:14 PM

C:\Documents and Settings\Employees>

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Employees>ping 24.176.125.6

Pinging 24.176.125.6 with 32 bytes of data:

Reply from 24.176.125.6: bytes=32 time=12ms TTL=252
Reply from 24.176.125.6: bytes=32 time=12ms TTL=252
Reply from 24.176.125.6: bytes=32 time=12ms TTL=252
Reply from 24.176.125.6: bytes=32 time=12ms TTL=252

Ping statistics for 24.176.125.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 12ms, Average = 12ms

C:\Documents and Settings\Employees>
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Employees>ping 24.159.64.23

Pinging 24.159.64.23 with 32 bytes of data:

Reply from 24.159.64.23: bytes=32 time=18ms TTL=252
Reply from 24.159.64.23: bytes=32 time=10ms TTL=252
Reply from 24.159.64.23: bytes=32 time=14ms TTL=252
Reply from 24.159.64.23: bytes=32 time=13ms TTL=252

Ping statistics for 24.159.64.23:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 18ms, Average = 13ms

C:\Documents and Settings\Employees>

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Employees>ping 24.159.64.21

Pinging 24.159.64.21 with 32 bytes of data:

Reply from 24.159.64.21: bytes=32 time=14ms TTL=252
Reply from 24.159.64.21: bytes=32 time=12ms TTL=252
Reply from 24.159.64.21: bytes=32 time=12ms TTL=252
Reply from 24.159.64.21: bytes=32 time=15ms TTL=252

Ping statistics for 24.159.64.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 15ms, Average = 13ms

C:\Documents and Settings\Employees>

Under LAN Settings nothing is checked in automatic configuration or proxy server and there is no address in either if this helps?

I didn't see the problem. Your subnet, dns, and ip all looked fine. I would get a second opinion though :D. And for the TCP/IP repair, it is a program that you have to download to use. Using XP's repair just restores connectivity. http://www.xp-smoker.com/freeware.html

No I haven't tried that program yet...I can't seem to connect to that site either...page cannot be displayed...over and over...

Download it on another computer and transfer it over using a flash drive or something.

Take a look at this. http://www.cybertechhelp.com/download/file/winsock-xp-fix. It may be able to fix your problem. I still prefer TCP/IP repair. But anything you can get to work, you should try. Just do your best to find TCP/IP Repair. I'll even email it to you if you want.

Ok, I downloaded the program TCP/IP repair and ran it. It seemed to help for about an hour and then back to the same thing again. I ran it again and it didn't help the second time. That was last night...

Today I got a message from lynksys to go to the router setup page and enable MTU and set the value from 1500 to 1400 and observe. I did that and when I saved the settings, it knocked both computers offline. I had to unplug and reset the router to get back online. I reported back to linksys the observation.
After powering off and on and resetting the router, I am able to browse a little faster but not much like I am use to. After time passes it gets slower and slower, And goes to the DNS error page more often?

I heard a trojan horse may cause this problem. So I did a search and did what symantec recommended. That didn't help either. Their description seemed to be simular to what I am experiencing.

I will post the description and recommendations for anyone who requests.

Also I am getting more Red Alerts from zone alarm. They have the addresses of the other computer hooked to the router. Maybe the linksys address, I don't know? Hence the topic! ...I will post the Alert.

I am not a computer expert but I have held my own until now. I don't want to sound paranoid but Is it possible to be hacked or trojan horse by the other pc? Can it slow me down and cause browser problems?

I never had this problem before on a stand alone computer!

Somebody help me!

Here is the Red Alerts from Zone Alarm. My computer does the same thing with zone alarm on or off. I even uninstalled it to see. It is back on now though. What do these alerts for port 137 and 138 mean?

ZoneAlarm blocked access to port 137 on your computer

No breach in your security has occurred. Your computer is safe.

What happened?

ZoneAlarm prevented a remote computer from connecting to port 137 on your computer. This connection attempt was probably legitimate traffic from the Internet or your local network. If you are sharing files or printers on a local network, someone may have tried to access your shares. If you are not sharing resources, this alert may have resulted from a failed domain name lookup.

Should I be concerned?

No. ZoneAlarm blocked the connection attempt, so no harm can come to your computer from it. However, blocking traffic on this port can keep you from sharing files and other resources with other computers on a Local Area Network (LAN). Also, Windows file sharing can represent a security vulnerability if you do not password-protect your shared files.

What should I do?
Click OK to close the alert box. This does not let any traffic into or out of your computer.

If you are sharing files on a local network, password-protect your shared files to keep them secure. See Windows help for instructions on how to do this.

If you are on a home or business local network, and you are receiving repeated alerts on port 137, do the following:

Make sure the Internet Lock and Stop button are not engaged.
Make sure the local computers you want to share files with, or your entire local network, have been added to the Trusted Zone.
If the above steps do not reduce the number of alerts, use the Alerts and Logs panel to suppress the alert box.
See ZoneAlarm online help for instructions on how to perform these steps.




ZoneAlarm blocked access to port 137 on your computer

No breach in your security has occurred. Your computer is safe.
Inside the firewall alert

Alert property Alert property value Technical explanation
Source IP Address 192.168.1.100 The IP address of the computer that sent the packet which caused the alert.
Source Port 137 The port used by the source computer when sending the packet.
Destination IP 192.168.1.xxx The IP address of the computer to which the packet was sent.
Destination Port 137 The port on the destination computer used to receive the packet.
Transport Layer Protocol UDP The protocol that allows data to be transported between software programs on different computers.
Network Layer Protocol IP The protocol that allows two networked computers to locate each other on a network.
Link Layer Protocol Ethernet The protocol that allows two directly linked computers to share a network cable.
Alert Date Oct-23-2006 07:24:19 PM PDT The time when ZoneAlarm detected the alert on your computer.
Alert Count 1 Number of times this connection attempt repeated its attempt on your machine after the original alert. ZoneAlarm shields your machine from repeated displays of an identical alert.

ZoneAlarm security enforcement at time of alert

Alert property Alert property value Technical explanation
Lock Level Lock Not Engaged Internet and network connections permitted by your ZoneAlarm settings are not blocked by a lock setting.
Trusted Zone Security Level Medium This ZoneAlarm setting enforces application privileges and Internet Lock settings, leaving your computer visible to other computers in the Trusted Zone. It does not block file or printer shares (NetBIOS) or operating system traffic to and from the Trusted Zone.
Trusted Zone Servers Servers Allowed Computers in your ZoneAlarm Trusted Zone are not prevented from connecting to server programs running on your computer.
Internet Zone Security Level High This ZoneAlarm setting blocks access from the Internet Zone to file and printer shares (NetBIOS) and other operating system services. Ports not currently in use by a program are blocked and are not visible to the Internet Zone. This Security Level also enforces application privileges and Internet Lock settings.
Internet Zone Servers Servers Allowed Computers in your ZoneAlarm Internet Zone are not prevented from connecting to server programs running on your computer.
Packet Direction Incoming The packet that caused the alert was sent from a computer located somewhere on the Internet or on your network. It was being sent to your computer.
Zone Internet Zone This ZoneAlarm zone contains all the computers and networks in the world that are connected to the Internet, until you explicitly define them as members of another zone.
Operating system Windows XP-5.1.2600-Service Pack 1-SP Version of operating system running on your computer.

Inside ZoneAlarm Pro

Advanced Feature Available in ZoneAlarm Technical explanation
Firewall with application 'fingerprinting' n/a Advanced Program Component Control validates an application at the .DLL level. This 'fingerprint' ensures that rogue code cannot masquerade as a trusted application. Click here for an offer to upgrade your security.
Attack notification with advanced threat analysis and advice n/a Full Whois Report available on each hack attempt. IP mapping pinpoints the computer network that the attack originated from. Activate this feature.
Advanced email virus and worm protection n/a Advanced MailSafe identifies potentially harmful scripts in email attachments, and then disables the script's ability to execute by changing the file type. Supplements a virus scanner by quarantining harmful email attachments that may carry a yet unclassified virus. Scan incoming email.
Internet ad blocking n/a Enable ad blocking to stop annoying pop-up and pop-under windows. Block traditional banners ads completely or only those that do not load within several seconds. Custom fit ad blocking to your preferences.
Cookie control n/a Prevent Web sites from spying on you by blocking session, persistent, or 3rd party cookies. Disable Web bugs and set cookie expiration dates. Surf more anonymously.
Active content control(Java/Active X) n/a Suppress hostile JavaScript and ActiveX components. Active content control also prevents rogue downloads from initiating—a new obtrusive Web advertising tactic. Tailor your privacy settings.
Blocked Zone n/a Place Web sites or IP addresses into the Blocked Zone to permanently bar them from contacting your machine. Click here to create your own personal Blocked Zone.
Password protected settings n/a Set a password to prevent unauthorized users from changing your security settings. Click here for this feature.
Auto-network detection (with one-click ICS/NAT compatibility) n/a Adapt your security to a new network—including wireless networks. One-click trusted networking and file sharing is a must-have for laptop users and mobile professionals. Upgrade to ZoneAlarm Pro.

port137ina ZoneAlarm blocked access to port 137 on your computer

No breach in your security has occurred. Your computer is safe.

Details

Port 137 is commonly used for NetBIOS messages (Network Basic Input-Output System). Windows uses NetBIOS to manage network traffic, and particularly to enable you to share files, printers, and other resources with other computers on your home or business network. If 192.168.1.100, the address the connection attempt came from, is on your local network, this alert may have been caused by:

A server on your network attempting to renew your IP address
Another Windows computer on your network attempting to refresh information about your shared directories
Another Windows computer responding to an attempt by you to access shared resources
If 192.168.1.100 is not on your local network, this alert may have been caused by a port scan.

About Port Scans

Port scanning means using an automated tool to systematically try to connect to every port on a computer. While port scans have some legitimate uses, hackers use them to look for unprotected computers with unguarded ports, typically scanning random blocks of Internet addresses.

Successful port scans can retrieve a variety of information about a computer, such as its operating system and the programs it is running. Because you are using ZoneAlarm, your computer remains invisible to port scans. Hackers performing scans do not even know your computer exists, because no information is returned by the scan.


ZoneAlarm has blocked an inbound communication on port 138 on your computer
ZoneAlarm has successfully stopped Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe.
Details




Port 138 is commonly used for NetBIOS messages (Network Basic Input-Output System). Windows uses NetBIOS to manage network traffic, and particularly to enable you to share files, printers, and other resources with other computers on your home or business network. If 192.168.1.100, the address the blocked connection attempt came from, is on your local network, this alert may have been caused by:

A server on your network attempting to renew your IP address
Another Windows computer on your network attempting to refresh information about your shared directories
Another Windows computer responding to an attempt by you to access shared resources
If 192.168.1.100 is not on your local network, this alert may have been caused by a port scan.

About Port Scans

Port scanning means using an automated tool to systematically try to connect to every port on a computer. While port scans have some legitimate uses, hackers use them to look for unprotected computers with unguarded ports, typically scanning random blocks of Internet addresses.

Successful port scans can retrieve a variety of information about a computer, such as its operating system and the programs it is running. Because you are using ZoneAlarm, your computer remains invisible to port scans. Hackers performing scans do not even know your computer exists, because no information is returned by the scan.

Maybe you should try MAC filtering on your router so only certain people could access it (you and your roommate). Also I would head over to cyber safety and check with them to see if you have any viruses or other malware.

Go to command prompt and do a netstat -an and see what is the list of incoming and outgoing connections running.

If you see a long list, you are most probably infected with a virus or a trojan.

How do I do that? techahben? What shoud i type in command prompt? I think I have a trojan? Most of these people don't understand? You seem very intelligent to me!

OK, Now I have top speed and no problems at 7:00 in the morning? What is the problem the rest of the day? Am I being hacked? My pc works good right now!

OK, Now I have top speed and no problems at 7:00 in the morning? What is the problem the rest of the day? Am I being hacked? My pc works good right now!

:D

It probably your ISP is over-subscribed. Too many users online at the same time.

OK, if you need to check next time, just click Start, Run and then at the cursor type CMD. At the black prompt, type netstat -an.

A list of outgoing and incoming connection will be shown. To judge whether it is a outgoing or incoming connectoin just look at the port no (eg. 192.168.1.2:1234, in this case port no is 1234).

High-range ports are normally outgoing and low-range ports are incoming. So if you see 192.168.1.2:1234 then 24.110.223.234:80, it is outbound connection from port 1234 to port 80 (web server), etc.

If you infected with spamware, you see alot of outgoing connections to port 25.

Thanks for the info techahben, I am learning a lot here. This seems to be a great site. If I can get my problems fixed I may just become a subscriber to this site. Thanks for all the help!

ok techahben...This is the report from netstat -an:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Employees>netstat -an

Active Connections

Proto Local Address Foreign Address
TCP 0.0.0.0:135 0.0.0.0:0
TCP 0.0.0.0:445 0.0.0.0:0
TCP 0.0.0.0:1025 0.0.0.0:0
TCP 0.0.0.0:1026 0.0.0.0:0
TCP 127.0.0.1:1027 0.0.0.0:0
TCP 192.168.1.101:139 0.0.0.0:0
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1029 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1067 *:*
UDP 192.168.1.101:123 *:*
UDP 192.168.1.101:137 *:*
UDP 192.168.1.101:138 *:*

C:\Documents and Settings\Employees>

How does it look? Is it ok? Help?

Computer does good for a day or two and then the same thing again!!! Seems to only be a problem when the roomate comes in. I still think she is trying to hack me. My computer has been lightning fast until she came in tonight with someone and they hooked another laptop up to the router and were doing something. Then a few minutes later my pc was doing the same thing again. I have it working better now after window washer, ad-aware, spybot S&D, defrag were run...None of these found anything...Then I ran AMust registry cleaner and it found 27 bad entries...After it fixed the bad entries, I am able to surf again? These are the bad entries:

AMUST Registry Cleaner 3.11 (http://www.amustsoft.com)
Running on 4.0 (compatible; MSIE 6.0; Windows NT 5.1)

COM subsystem
-----------------------------------
Invalid or malformed Class Identifier: {7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}
(Specified Inproc Server is invalid: c:\program files\spyware doctor\chilkatxml.dll)
KEY: HKCR\CLSID\{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}\InprocServer32
VALUE: (Default)

Invalid or malformed Class Identifier: {BE41F4E6-9EAD-498f-A473-F3CA66F9BE8B}\VersionIndependentProgID
(Specified Program Identifier does not exist: NLIR.Wordbreaker)
KEY: HKCR\CLSID\{BE41F4E6-9EAD-498f-A473-F3CA66F9BE8B}\VersionIndependentProgID
VALUE: (Default)

Invalid or malformed Class Identifier: {C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}
(Specified Local Server is invalid: c:\progra~1\spywar~2\swdoctor.exe)
KEY: HKCR\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\LocalServer32
VALUE: (Default)

Invalid or malformed Class Identifier: {CA2043A8-64C9-48ed-AB7E-BB5BBF735D2B}\VersionIndependentProgID
(Specified Program Identifier does not exist: NLIR.Stemmer)
KEY: HKCR\CLSID\{CA2043A8-64C9-48ed-AB7E-BB5BBF735D2B}\VersionIndependentProgID
VALUE: (Default)

Invalid or malformed Class Identifier: {CE2E4226-494A-4DB2-9B45-7C8586CC01A3}
(Specified Inproc Server is invalid: c:\program files\spyware doctor\chilkatxml.dll)
KEY: HKCR\CLSID\{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}\InprocServer32
VALUE: (Default)

Invalid or malformed Class Identifier: {DD777EF2-30CE-4afd-AC19-EBC1F5976C82}
(Specified Inproc Server is invalid: c:\progra~1\zonela~1\zoneal~1\mailfr~1\mlfoshim.dl l)
KEY: HKCR\CLSID\{DD777EF2-30CE-4afd-AC19-EBC1F5976C82}\InprocServer32
VALUE: (Default)

Invalid Program Identifier: ChilkatXml.ChilkatXml
(Invalid Class Identifier: {CE2E4226-494A-4DB2-9B45-7C8586CC01A3})
KEY: HKCR\ChilkatXml.ChilkatXml
VALUE: (Default)

Invalid Program Identifier: ChilkatXml.ChilkatXml.1
(Invalid Class Identifier: {CE2E4226-494A-4DB2-9B45-7C8586CC01A3})
KEY: HKCR\ChilkatXml.ChilkatXml.1
VALUE: (Default)

Invalid Program Identifier: ChilkatXml.XmlFactory
(Invalid Class Identifier: {7FAB24D9-F81A-49A3-A0E9-A3198DEDF454})
KEY: HKCR\ChilkatXml.XmlFactory
VALUE: (Default)

Invalid Program Identifier: ChilkatXml.XmlFactory.1
(Invalid Class Identifier: {7FAB24D9-F81A-49A3-A0E9-A3198DEDF454})
KEY: HKCR\ChilkatXml.XmlFactory.1
VALUE: (Default)

Invalid Program Identifier: MlfOutlookAddin.MlfAddin
(Invalid Class Identifier: {DD777EF2-30CE-4AFD-AC19-EBC1F5976C82})
KEY: HKCR\MlfOutlookAddin.MlfAddin
VALUE: (Default)

Invalid Program Identifier: MlfOutlookAddin.MlfAddin.1
(Invalid Class Identifier: {DD777EF2-30CE-4AFD-AC19-EBC1F5976C82})
KEY: HKCR\MlfOutlookAddin.MlfAddin.1
VALUE: (Default)

Invalid Program Identifier: SpyDoctor.EBankProblem
(Cannot find specified Class Identifier: {AE612304-E8F9-45D9-A444-32409D33E954})
KEY: HKCR\SpyDoctor.EBankProblem
VALUE: (Default)

Invalid Program Identifier: SpyDoctor.EMClient
(Invalid Class Identifier: {C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49})
KEY: HKCR\SpyDoctor.EMClient
VALUE: (Default)

Invalid Program Identifier: SpyDoctor.QuarantinedItemProxy
(Cannot find specified Class Identifier: {C2CE6266-0404-4C54-96B4-8829852E3537})
KEY: HKCR\SpyDoctor.QuarantinedItemProxy
VALUE: (Default)

Invalid Program Identifier: SpyDoctor.ScripterProxy
(Cannot find specified Class Identifier: {9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9})
KEY: HKCR\SpyDoctor.ScripterProxy
VALUE: (Default)

Invalid Type Library: {101F9C56-A0F3-455C-ABBB-191168ABCF94}
(File not found: C:\Program Files\Spyware Doctor\chilkatxml.dll)
KEY: HKCR\TypeLib\{101F9C56-A0F3-455C-ABBB-191168ABCF94}\1.0\0\win32
VALUE: (Default)

Invalid Type Library: {CF34D2A7-C8C6-4B4E-8752-F63C2BDF1CF0}
(File not found: C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfoshim.dl l)
KEY: HKCR\TypeLib\{CF34D2A7-C8C6-4B4E-8752-F63C2BDF1CF0}\1.0\0\win32
VALUE: (Default)

Invalid Interface: IEBankProblem
(Invalid Type Library: {8051E3F7-B752-42C8-AEA7-4CC1D125D49B})
KEY: HKCR\Interface\{27A03337-291D-488A-9A22-8C46E050DFBD}\TypeLib
VALUE: (Default)

Invalid Interface: IChilkatXml
(Invalid Type Library: {101F9C56-A0F3-455C-ABBB-191168ABCF94})
KEY: HKCR\Interface\{2A401274-F2E0-462F-8DFC-50F8D8675718}\TypeLib
VALUE: (Default)

Invalid Interface: IXmlFactory
(Invalid Type Library: {101F9C56-A0F3-455C-ABBB-191168ABCF94})
KEY: HKCR\Interface\{624CD0C7-ACD8-4E28-8393-2137F8D76DCE}\TypeLib
VALUE: (Default)

Invalid Interface: IEMClient
(Invalid Type Library: {8051E3F7-B752-42C8-AEA7-4CC1D125D49B})
KEY: HKCR\Interface\{930418D9-F27C-4D3C-B478-6699932A3327}\TypeLib
VALUE: (Default)

Invalid Interface: _IChilkatXmlEvents
(Invalid Type Library: {101F9C56-A0F3-455C-ABBB-191168ABCF94})
KEY: HKCR\Interface\{AB8A032C-31A4-4708-A753-8158D5B5C0B9}\TypeLib
VALUE: (Default)

Invalid Interface: IScripterProxy
(Invalid Type Library: {8051E3F7-B752-42C8-AEA7-4CC1D125D49B})
KEY: HKCR\Interface\{B0EA3F5F-E58A-4376-AE71-D7518BBB2925}\TypeLib
VALUE: (Default)

Invalid Interface: IMlfAddin
(Invalid Type Library: {CF34D2A7-C8C6-4B4E-8752-F63C2BDF1CF0})
KEY: HKCR\Interface\{C4DC07CA-C3F4-4259-9B27-F122D8795AA0}\TypeLib
VALUE: (Default)

Invalid Interface: IQuarantinedItemProxy
(Invalid Type Library: {8051E3F7-B752-42C8-AEA7-4CC1D125D49B})
KEY: HKCR\Interface\{CED0340D-C57E-4371-B9F7-83ED5541AA22}\TypeLib
VALUE: (Default)

Microsoft Office
-----------------------------------
Cannot find registered Microsoft Office add-in: Outlook\Addins\MlfOutlookAddin.MlfAddin
(Invalid Program Identifier: MlfOutlookAddin.MlfAddin)
KEY: HKCU\SOFTWARE\Microsoft\Office\Outlook\Addins\MlfO utlookAddin.MlfAddin
VALUE: (Default)

My problem is back again!!! This is so random it is nerve racking!!! Nothing has changed on my pc!!! It must be the ISP ,,,Charter cable!!! What else can it be?

try leaving your computer plugged in at friends house all day. if they have a different ISP and it still happens it is your computer.