Need help!

[jholland1964]

I am really somewhat puzzled by your question really. How do you KNOW that your computer is actually DOWNLOADING about 100-200 bytes 7 to 8 times per hour?
You are on DSL, correct? This means the computer actually is ALWAYS online when it is turned on, you don't have to have a browser open.
It is very possible that you have a number of programs set to auto-update, if this is the case then those programs will check to see if updates are available and may do so a number of times a day and many programs have updates several times a day...especially anti-virus programs and some anti-spy programs. So it will send out "are there any updates?" and the answer will come back...yes or no. If the answer is yes and whatever program it is will then download the auto update.

You can configure Firefox to actually SHOW a box when a download is taking place, this way you will know what is being downloaded. See my attached. My anti-virus program is the only one I have set to auto update, all the other programs I do manually. There are some days I may get 4 or 5 updates to my anti-virus program AND my Firefox shows this when it happens with a download box.

The sites you note in your post are perfectly legitimate sites;
The first two

http://fxfeeds.mozilla.com/rss20.xml
and then from site:
http://newsrss.bbc.co.uk/rss/newsonl...t_page/sps.xml

are RSS feeds from firefox. An RSS Feed is actually something firefox calls Live Bookmarks. Go to this page for an explanation. They are not actually downloading anything to the computer.
The last one you note

http://akamaifree.ewido.net/3777.dat

is definitely associated with the AVG Anti-spy program and probably an update. Note ewido.net this is the address for the AVG Anti spy program so it was probably either checking for updates and probably receiving one.

This you note

udp out protocol,destination 255.255.255.255

is also perfectly legitimate. Read this link

Now as far as your firewall blocking something regularly, this is what it is SUPPOSED to do. This doesn't mean you have ever been to these sites it just means these sites are trying to access the computer...in other words these sites, which your firewall blocks, are sites which sort of use automatic dialers...sort of like automatic telephone dialers which just dial-up random sets of telephone numbers in hopes of hitting a legitimate telephone number so that they can sell you something. Many businesses use this in their advertising, just as many websites do the same thing. The firewall is doing it's job.

[jabi]

I'm on adsl! I'm connected only when i click on connect button from my connection shortcut (from control panel).

And i'm assigned to dinamic IP adress. Now i'm perfectly understand whay svchost.exe try to access to 255.255.255.255 (thanks to your link)but why my firewall block that every time by itself and give me no option to alow or deny? Same was with Zone alarm and now comodo firewall. I know how to work with this programs,but on this case it's their free will only.
Should i alow that interaction when i learn how? -I think i must alow server to check my IP. Please confirm to me?

About firefox "activitys" ,it's evrything clearly now in my mind.

How i know that my comp downloading??
-- Actually i sow frequently blinking of two monitors in tray and after evry blink i check sum of received and sent bytes. Then i go on firewall options and sow that svchost.exe or system aplication is/are active on internet and bytes comes and goes.
Somtimes it just try to access 255.255.255.255 and that seems ok now,but sometimes is something different(like system aplication).
Frequency of "blinking" is much higher now than before and that make my suspicious.
I have to say that 80% of "blinking"(sent datas) are caused by svchost.exe sending info to 255.255....Maybe if i find the way to alow my firewall to let "backinfo" from server(about ip check) to my comp...maybe this can help hmm?

And i forget to say that i alow only nod32 to update automaticly. Everything else that i'm aware of- i'm updating manualy.I think i know to recognize when my nod updating by simple look on his update status and that's not what make me suspicious in first place.

Thank you very much for links.

[jabi]

Apparently in my country this work's in different way. I must enter username and password to proceed.I try your way few minutes ago and it didn't work.

Anyway:

And i'm assigned to dinamic IP adress. Now i'm perfectly understand whay svchost.exe try to access to 255.255.255.255 (thanks to your link)but why my firewall block that every time by itself and give me no option to alow or deny? Same was with Zone alarm and now comodo firewall. I know how to work with this programs,but on this case it's their free will only.
Should i alow that interaction when i learn how? -I think i must alow server to check my IP. Please confirm to me?

Can you confirm this to me please?? Am I right??

[TurcoLoco]

I'm on adsl! I'm connected only when i click on connect button from my connection shortcut (from control panel).

And i'm assigned to dinamic IP adress. Now i'm perfectly understand whay svchost.exe try to access to 255.255.255.255 (thanks to your link)but why my firewall block that every time by itself and give me no option to alow or deny? Same was with Zone alarm and now comodo firewall. I know how to work with this programs,but on this case it's their free will only.
Should i alow that interaction when i learn how? -I think i must alow server to check my IP. Please confirm to me?

About firefox "activitys" ,it's evrything clearly now in my mind.

How i know that my comp downloading??
-- Actually i sow frequently blinking of two monitors in tray and after evry blink i check sum of received and sent bytes. Then i go on firewall options and sow that svchost.exe or system aplication is/are active on internet and bytes comes and goes.
Somtimes it just try to access 255.255.255.255 and that seems ok now,but sometimes is something different(like system aplication).
Frequency of "blinking" is much higher now than before and that make my suspicious.
I have to say that 80% of "blinking"(sent datas) are caused by svchost.exe sending info to 255.255....Maybe if i find the way to alow my firewall to let "backinfo" from server(about ip check) to my comp...maybe this can help hmm?

And i forget to say that i alow only nod32 to update automaticly. Everything else that i'm aware of- i'm updating manualy.I think i know to recognize when my nod updating by simple look on his update status and that's not what make me suspicious in first place.

Thank you very much for links.

All of the above activities are normal, happens on all Windows platforms but more so on XP and Vista! These two "Phone Home" at regular intervals at the very least! Also if you have Automatic Updates enabled, that will be another reason for almost regular, minimal background network activity with occasional file downloads during the times when it is receiving the available/applicable updates.

Your Firewall utilities either configured incorrectly (during setup or later by you) or simply not working right for some reason (program corruption or conflict with the system or even another program).

Of course all these are possibilities that I could only suggest, since your logs looked clean per Jholland, there is not much to say other than:

A) Please provide a log file showing all network activity during one of those "odd times" using a security program or your firewall's own internal monitoring.

or

B) Reformat the system if you can't give us anything to go on yet you are confident something is wrong.

or

C) If none of the other logs indicate a problem, continue using the system as is till some identifiable issue occurs.

It is really odd that your so called always on ADSL connection is requiring you to enter username/password everything you want to surf the net. Are you getting billed by the time you spend online or per connection/day? What icon do you click on in Control Panel?

Curious...

~TL