C:\Windows\System32\rundll32.exe and C:\Windows\System32
\winlogon.exe are repeatedly trying to connect to the
Internet, specifically:
TCP Connection to h-213.61.6.3.host.de.colt.net
[213.61.6.3:80]
TCP Connection to hosting-68.76.rev.fr.colt.net
[213.41.76.68:80]
TCP Connection to 4.78.20.4:80
TCP Connection to 208.185.54.9.speedera.com
[208.185.54.9:80]

I understand that both of these exe's are integral parts
of XP, and it's whatever's calling them that's the
problem. I've got Norton Antivirus, and Microsoft Spyware
running and I've scanned my drives with AntiVir but
they've found nothing. I've stopped or disabled as many
services as I can, and done the same with msconfig to
prune the programs that run on startup

I can shutdown the RunDLL32.exe using Task Manager, but
not WinLogon.exe as it's a 'critical system process'

For now, I've just set Kerio Firewall to block both exe's
from accessing the Internet, but I'd like to find a more
permanent solution, because it repeatedly tries to
connect, increasing the local port number each time, until
I get a buffer overflow error and have to reboot.

Submit a Suspected Spyware Report
>-----Original Message-----
>C:\Windows\System32\rundll32.exe and C:\Windows\System32
>\winlogon.exe are repeatedly trying to connect to the
>Internet, specifically:
>TCP Connection to h-213.61.6.3.host.de.colt.net
>[213.61.6.3:80]
>TCP Connection to hosting-68.76.rev.fr.colt.net
>[213.41.76.68:80]
>TCP Connection to 4.78.20.4:80
>TCP Connection to 208.185.54.9.speedera.com
>[208.185.54.9:80]
>
>I understand that both of these exe's are integral parts
>of XP, and it's whatever's calling them that's the
>problem. I've got Norton Antivirus, and Microsoft Spyware
>running and I've scanned my drives with AntiVir but
>they've found nothing. I've stopped or disabled as many
>services as I can, and done the same with msconfig to
>prune the programs that run on startup
>
>I can shutdown the RunDLL32.exe using Task Manager, but
>not WinLogon.exe as it's a 'critical system process'
>
>For now, I've just set Kerio Firewall to block both exe's
>from accessing the Internet, but I'd like to find a more
>permanent solution, because it repeatedly tries to
>connect, increasing the local port number each time,
until
>I get a buffer overflow error and have to reboot.
>.
>

I can't tell what's going on here--but this may be legit traffic.

Is your ISP colt.net, or do they use colt.net's facilities?

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"David Jones" <(E-Mail Removed)> wrote in message
news:11f001c5476b$51a46c10$(E-Mail Removed)...
> C:\Windows\System32\rundll32.exe and C:\Windows\System32
> \winlogon.exe are repeatedly trying to connect to the
> Internet, specifically:
> TCP Connection to h-213.61.6.3.host.de.colt.net
> [213.61.6.3:80]
> TCP Connection to hosting-68.76.rev.fr.colt.net
> [213.41.76.68:80]
> TCP Connection to 4.78.20.4:80
> TCP Connection to 208.185.54.9.speedera.com
> [208.185.54.9:80]
>
> I understand that both of these exe's are integral parts
> of XP, and it's whatever's calling them that's the
> problem. I've got Norton Antivirus, and Microsoft Spyware
> running and I've scanned my drives with AntiVir but
> they've found nothing. I've stopped or disabled as many
> services as I can, and done the same with msconfig to
> prune the programs that run on startup
>
> I can shutdown the RunDLL32.exe using Task Manager, but
> not WinLogon.exe as it's a 'critical system process'
>
> For now, I've just set Kerio Firewall to block both exe's
> from accessing the Internet, but I'd like to find a more
> permanent solution, because it repeatedly tries to
> connect, increasing the local port number each time, until
> I get a buffer overflow error and have to reboot.