Lately I received several messages from webhosters I have used e.g. 35GB a day of traffic. I noticed I jave an open port 80 and 443. These are now closed, but can someone tell me if the following programs are normally allowed to contact Internet and what they do: 1. Generic Host Process for Win32 Services (svhost.exe) 2. NetBEU Frames Protocol Driver (nbf.sys) 3. Live Update Engine COM Module (LuCOMServer.exe) 4. NT Kernel_System (ntoskernel.exe) trying to send ICMP Type 8 (echo request) to 213.51.129.168 THANKS ALL !!!

LMAO How much bandwidth have you got there Richard ??? ,35 gig!!! a day ??? even on BB that would mean huge volume of traffic, d/l (lol) if you can bandwidth monitor sit and watch it. sounds like some ones having a laugh, using your pc as a traffic redirector. set up a log in services to see if thats the case. have you got any firewalls ? any antivirus? check for latest virus's could be youve a port open www.grc.com shieleds up , simple and effective get a firewall good ole zone alarm freebie. & d/l a trojan remover . ask the isp what the traffic is they should tell you. now pull the plug.

Not sure how helpful this is for you, but the IP address you listed showed the following: OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL This is probably the ISP for the person using your PC to redirect traffic. There's no way to be absolute though, because they could be using a daisy-chain affect to redirect traffic among several PC's. I use the instructions given above to "pull the plug" and take yourself out of the loop. Good luck.

LUCOM.exe is part of Norton Antivirus live update. The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging. HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value