WTF! Now MY machine is being weird! I just connected to internet and sygate said NTOSKRNL.exe has changed since last time you opened it!! What the hell is going on? Is there lots of malicious activity on the net at the moment? this is the full message please help... The executable has changed since the last time you used: C:\WINDOWS\System32\ntoskrnl.exe File Version : 5.1.2600.1106 (xpsp1.020828-1920) File Description : NT Kernel & System File Path : C:\WINDOWS\System32\ntoskrnl.exe Process ID : 0x4 (Heximal) 4 (Decimal) Connection origin : remote initiated Protocol : TCP Local Address : 211.27.14.199 Local Port : 445 (CIFS - Common Internet File System) Remote Name : Remote Address : 211.27.8.114 Remote Port : 2756 Ethernet packet details: Ethernet II (Packet Length: 62) Destination: 00-00-04-00-00-00 Source: 04-00-20-00-04-00 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 121 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x8051 (Correct) Source: 211.27.8.114 Destination: 211.27.14.199 Transmission Control Protocol (TCP) Source port: 2756 Destination port: 445 Sequence number: 3148594443 Acknowledgment number: 0 Header length: 28 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0x3f1e (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 00 04 00 00 00 04 00 : 20 00 04 00 08 00 45 00 | ........ .....E. 0010: 00 30 F2 D7 40 00 79 06 : 51 80 D3 1B 08 72 D3 1B | .0..@.y.Q....r.. 0020: 0E C7 0A C4 01 BD BB AB : BD 0B 00 00 00 00 70 02 | ..............p. 0030: 22 38 1E 3F 00 00 02 04 : 05 B4 01 01 04 02 | "8.?..........

sounds like it is a problem with an NT kernel. this might be fixed with the system file checker. open the command prompt and then type "sfc/runnow" but put your windows disc in the drive first

I have a similar problem, but with WIN XP. I am not sure whether to allow communication to port 224.0.0.22. Sygate tells me this message when I connect to the NET. The executable has changed since the last time you used: C:\WINDOWS\system32\wuauclt.exe File Version : 5.4.3790.2182built by: srv03_rtm(ntvbl04) File Description : Automatic Updates File Path : C:\WINDOWS\system32\wuauclt.exe Process ID : 0x470 (Heximal) 1136 (Decimal) Connection origin : local initiated Ethernet packet details: Ethernet II (Packet Length: 68) Destination: 05-00-20-00-05-00 Source: 00-00-05-00-00-00 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 24 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 1 Protocol: 0x2 (IGMP - Internet Group Management Message Protocol) Header checksum: 0x529e (Correct) Source: 134.117.239.212 Destination: 224.0.0.22 Binary dump of the packet: 0000: 05 00 20 00 05 00 00 00 : 05 00 00 00 08 00 46 00 | .. ...........F. 0010: 00 28 30 1D 00 00 01 02 : 9E 52 86 75 EF D4 E0 00 | .(0......R.u.... 0020: 00 16 94 04 00 00 22 00 : EA 03 00 00 00 01 04 00 | ......"......... 0030: 00 00 EF FF FF FA 86 75 : EF D4 00 00 00 00 00 00 | .......u........ 0040: 00 00 00 00 : | .... equalization