Yoe said:
LMHosts is enabled by default.
I would be suspicious.
Try another Virus scanner with a full system scan.
I used the latest McAfee and F-Prot DAT files, but again, nothing even
suspicious showed up.
Is it normal for the Microsoft HTML Help Executable to open up a UDP port
when used? This is the 'browser' style MS help system with the *.chm file
type and yellow question mark icon. For example, if I have open the Services
control window and click its Help icon, Zone Alarm says it's trying to
connect to the Internet, and then this is what I see using TCPView:
MMC.EXE:324 UDP 127.0.0.1:1026 *:*
Is that normal?
Also, opening the Windows 'Find' utility (the one from the Start menu)
results in Windows Explorer attemping to open a port for DNS. The
destination IP is 0.0.0.0, but if I've already connected to my ISP, then the
destination IP is my ISP's DNS proxy server, and still the DNS port.
While Zone Alarm reports most of these programs as trying to connect to the
Internet when launched, only the HTML Help process seems to open up a port,
or at least - keeps the port open long enough for me to see (TCPView
refreshes once per second). The port closes when I terminate the Help
process.
I still think this is a system configuration problem. It's as if my computer
thinks it's on a network or something, and has difficulty resolving its
identity.
I tried the Microsoft Baseline Security Analyzer, but it requires the
'Server' and 'Workstation' services to be running. I don't seem to have them
services listed / installed. Anyway, when I launch the MS BLSA, it shows
"\*error*" as my computer name. Is that because I don't have the 2 required
services running, or a clue to what my configuration problem might be?
I should add that I previously had NetBIOS and DCOM ports 'listening', and
played around with the Services, Windows Components, Registry and Network
Connection settings a lot before finally getting all my ports closed. Some
time ago this machine had Internet Connection Sharing, although it and the
network card are now disabled. The only open ports I have after a reboot now
is System on TCP 1025, which seems normal to me.
Any suggestions?