NDIS User mode I/O Driver

[BxP9]

NDIS User Mode I/O Driver has received an ICMP Type 0 (echo Reply) packet
from [10.0.0.138]. Do you want to allow this program to access the network?
Details:
File Version : 5.1.2600.0 (xpclient.010817-1148)
File Description : NDIS User mode I/O Driver
File Path : C:\WINDOWS\system32\drivers\ndisuio.sys
Connection origin : remote initiated
Protocol : ICMP
Local Address : 10.0.0.1
ICMP Type : 0 (Echo Reply)
ICMP Code : 0
Remote Name :
Remote Address : 10.0.0.138

Ethernet packet details:
Ethernet II (Packet Length: 102)
Destination: 00-a0-24-37-5f-c2
Source: 00-90-d0-05-93-3e
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
..0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 255
Protocol: 0x1 (ICMP - Internet Control Message Protocol)
Header checksum: 0x6931 (Correct)
Source: 10.0.0.138
Destination: 10.0.0.1
Internet Control Message Protocol
Type: 0 (Echo Reply)
Code: 0
Data (64 bytes)
Binary dump of the packet:
0000: 00 A0 24 37 5F C2 00 90 : D0 05 93 3E 08 00 45 00 | ..$7_......>..E.
0010: 00 58 75 B1 00 00 FF 01 : 31 69 0A 00 00 8A 0A 00 | .Xu.....1i......
0020: 00 01 00 00 02 A1 00 04 : 08 D0 0C 8F 07 00 20 21 | .............. !
0030: 22 23 24 25 26 27 28 29 : 2A 2B 2C 2D 2E 2F 30 32 | "#$%&'()*+,-./02
0040: 33 34 35 36 37 38 39 3A : 3B 3C 3D 3E 3F 40 41 42 | 3456789:;<=>?@AB
0050: 43 44 45 46 47 48 49 4A : 4B 4C 4D 4E 4F 50 51 52 | CDEFGHIJKLMNOPQR
0060: 53 54 00 00 00 00 : | ST....

> "sponge" <yosponge@yahoo.com> wrote in message
> news:8d76ec03.0310202010.5c1d4862@posting.google.c om...
> > On Mon, 20 Oct 2003 19:29:29 GMT, "BxP9" <NOMAIL> wrote:
> >
> > >No software installed when the new ISP service started. Just plugged
> > in
> > >modem, added my personal account info and connected fine.
> > >I'm using Sygate firewall and looked through the logs to find this
> > item. IP
> > >10.0.0.138 did back trace and reported this:
> >
> > That IP is part of your local, private connection to the modem and/or
> > ISP.
> >
> > As far as removal goes, try just finding the file that keeps trying to
> > connect and rename it or move it to another folder. Most of the ISP
> > parasites aren't smart enough to try to reinstall themselves. If they
> > do, try running HiJackThis and post the results here.
> >
> > I take it the UDP is FROM your ISP's IP address TO those ports (local)
> > on YOUR machine? If so, your ISP is likely scanning you to see if
> > you're running a website, DNS server, etc. If that's not the case,
> > (or, actually, whether or not it's the case), have you disabled
> > NetBIOS over TCP/IP? If you are running a home network, use NetBEUI
> > instead; if not, you should not be running anything except TCP/IP.
> >
> > Sponge
> > Sponge's Secure Solutions
> > www.geocities.com/yosponge
> > My new email: yosponge2 et yahoo dot com
>
>
"sponge" <yosponge@yahoo.com> wrote in message
news:8d76ec03.0310202010.5c1d4862@posting.google.c om...
> On Mon, 20 Oct 2003 19:29:29 GMT, "BxP9" <NOMAIL> wrote:
>
> >No software installed when the new ISP service started. Just plugged
> in
> >modem, added my personal account info and connected fine.
> >I'm using Sygate firewall and looked through the logs to find this
> item. IP
> >10.0.0.138 did back trace and reported this:
>
> That IP is part of your local, private connection to the modem and/or
> ISP.
>
> As far as removal goes, try just finding the file that keeps trying to
> connect and rename it or move it to another folder. Most of the ISP
> parasites aren't smart enough to try to reinstall themselves. If they
> do, try running HiJackThis and post the results here.
>
> I take it the UDP is FROM your ISP's IP address TO those ports (local)
> on YOUR machine? If so, your ISP is likely scanning you to see if
> you're running a website, DNS server, etc. If that's not the case,
> (or, actually, whether or not it's the case), have you disabled
> NetBIOS over TCP/IP? If you are running a home network, use NetBEUI
> instead; if not, you should not be running anything except TCP/IP.
>
> Sponge
> Sponge's Secure Solutions
> www.geocities.com/yosponge
> My new email: yosponge2 et yahoo dot com