bucp1-vip-m.blue.aol.com - need help

Did not get answer on LooknStop (trial expired) section so I decided to post this here:



After uninstalling AOL Active Virus Shield something from my PC is connection to bucp1-vip-m.blue.aol.com

http://img15.imgspot.com/u/06/239/16/look1156797575.JPG -- Uploaded file locally -- dog

BOX content:

Code:

0000:18 EE 90 7C 38 07 91 7C î�|8.‘|
0008:FF FF FF FF 32 07 91 7C ÿÿÿÿ2.‘|
0010:AB 06 91 7C EB 06 91 7C «.‘|ë.‘|
0018:E4 F3 12 00 08 F4 12 00 äó..ô.
0020:00 00 00 00 EC F0 12 00 ....ìð.
0028:4C 00 00 00 E0 F5 12 00 L...àõ.
0030:18 EE 90 7C 70 05 91 7C î�|p.‘|
0038:FF FF FF FF 6D 05 91 7C ÿÿÿÿm.‘|
0040:3C CA DF 77 00 00 15 00 <Êßw...
0048:00 00 00 00 20 37 20 00 .... 7 .
0050:7E 00 00 00 83 78 DD 77 ~...ƒxÝw
0058:8C CA DF 77 40 F4 12 00 ŒÊßw@ô.
0060:50 F4 12 00 00 00 00 00 Pô.....
0068:00 00 00 00 26 00 7E 00 ....&.~.
0070:50 F4 12 00 4C 00 FE 00 Pô.L.þ.
0078:20 37 20 00 00 00 00 00  7 .....
0080:00 00 00 00 00 00 00 00 ........
0088:00 00 00 00 00 00 00 00 ........
0090:30 F2 12 00 00 00 15 00 0ò....
0098:32 07 91 7C 09 00 00 00 2.‘|....
00A0:38 08 15 00 00 00 15 00 8.....
00A8:28 38 20 00 08 F2 12 00 (8 ..ò.
00B0:00 00 00 00 4C F4 12 00 ....Lô.
00B8:18 EE 90 7C 38 07 91 7C î�|8.‘|
00C0:FF FF FF FF 32 07 91 7C ÿÿÿÿ2.‘|
00C8:AB 06 91 7C EB 06 91 7C «.‘|ë.‘|
00D0:00 00 00 00 E0 9B D3 00 ....à›Ó.
00D8:00 00 00 00 00 00 00 00 ........
00E0:00 00 00 00 00 00 00 00 ........
00E8:14 00 00 00 8C F2 12 00 ...Θ.
00F0:00 00 33 00 32 07 91 7C ..3.2.‘|
00F8:02 00 00 00 E8 06 33 00 ....è.3.
0100:00 00 33 00 E0 9B D3 00 ..3.à›Ó.
0108:64 F2 12 00 00 00 00 00 dò.....
0110:A8 F4 12 00 18 EE 90 7C ¨ô.î�|
0118:38 07 91 7C FF FF FF FF 8.‘|ÿÿÿÿ
0120:32 07 91 7C AB 06 91 7C 2.‘|«.‘|
0128:EB 06 91 7C B8 C8 D4 00 ë.‘|¸ÈÔ.
0130:08 00 00 00 00 00 00 00 ........
0138:B0 02 15 00 01 00 00 00 °......
0140:78 01 15 00 38 03 15 00 x..8..
0148:90 98 1B 00 F8 EB FD 7F �˜.øëý
0150:FE E1 90 7C 38 F3 12 00 þá�|8ó.
0158:F4 F2 12 00 6C FB 90 7C ôò.lû�|
0160:71 FB 90 7C 38 F3 12 00 qû�|8ó.
0168:FE E1 90 7C F8 EB FD 7F þá�|øëý
0170:D0 F2 12 00 0A E2 90 7C Ðò..â�|
0178:E0 F5 12 00 18 EE 90 7C àõ.î�|
0180:78 FB 90 7C FF FF FF FF xû�|ÿÿÿÿ
0188:71 FB 90 7C B4 6F DD 77 qû�|´oÝw
0190:34 00 00 C0 88 01 33 00 4..Àˆ.3.
0198:F8 EB FD 7F BF 6F DD 77 øëý¿oÝw
01A0:2C F4 12 00 EC 03 00 00 ,ô.ì...
01A8:34 F4 12 00 20 F4 12 00 4ô. ô.
01B0:EC 03 00 00 D0 F4 12 00 ì...Ðô.
01B8:00 00 00 00 0E 00 00 00 ........
01C0:00 00 00 00 00 00 00 00 ........
01C8:34 00 00 C0 00 00 00 00 4..À....
01D0:01 00 00 00 0B 00 00 00 ........
01D8:00 00 34 00 2E 00 32 00 ..4...2.
01E0:3D FB 90 7C 08 F4 12 00 =û�|.ô.
01E8:00 00 00 00 88 F3 12 00 ....ˆó.
01F0:00 00 00 00 71 FB 90 7C ....qû�|
01F8:08 00 00 00 08 F4 12 00 .....ô.
0200:58 00 00 00 64 F3 12 00 X...dó.
0208:F8 C8 D4 00 D0 F3 12 00 øÈÔ.Ðó.
0210:18 EE 90 7C 78 FB 90 7C î�|xû�|
0218:FF FF FF FF 98 F3 12 00 ÿÿÿÿ˜ó.
0220:00 00 00 00 C8 05 91 7C ....È.‘|
0228:20 38 20 00 64 F4 12 00  8 .dô.
0230:51 05 91 7C 38 08 15 00 Q.‘|8..
0238:6D 05 91 7C 00 00 00 00 m.‘|....
0240:00 00 00 00 28 38 20 00 ....(8 .
0248:AA F0 90 7C 38 02 33 00 ªð�|8.3.
0250:02 00 00 00 E4 F3 12 00 ....äó.
0258:80 02 33 00 59 30 00 00 €.3.Y0..
0260:24 F4 12 00 30 79 DD 77 $ô.0yÝw
0268:EC 03 00 00 F8 EB FD 7F ì...øëý
0270:64 F5 12 00 04 00 00 00 dõ.....
0278:7E 79 DD 77 01 00 00 00 ~yÝw....
0280:80 00 00 00 7E 00 00 00 €...~...
0288:83 78 DD 77 09 00 00 00 ƒxÝw....
0290:0C F4 12 00 00 00 00 00 .ô.....
0298:C8 05 91 7C B0 C8 D4 00 È.‘|°ÈÔ.
02A0:D8 F4 12 00 51 05 91 7C Øô.Q.‘|
02A8:38 08 33 00 6D 05 91 7C 8.3.m.‘|
02B0:B8 C8 D4 00 B8 C8 D4 00 ¸ÈÔ.¸ÈÔ.
02B8:00 00 00 00 00 00 00 00 ........
02C0:00 00 15 00 64 D6 90 7C ...dÖ�|
02C8:EA A6 80 7C 00 00 00 00 ꦀ|....
02D0:00 00 00 00 7C F4 12 00 ....|ô.
02D8:0E A7 01 00 09 00 00 00 .§......
02E0:A8 F3 12 00 00 00 00 00 ¨ó.....
02E8:9C F4 12 00 18 EE 90 7C œô.î�|
02F0:70 05 91 7C FF FF FF FF p.‘|ÿÿÿÿ
02F8:6D 05 91 7C 5A 99 80 7C m.‘|Z™€|
0300:00 00 15 00 00 00 00 00 .......
0308:6D 99 80 7C 48 00 00 00 m™€|H...
0310:00 00 00 00 28 38 20 00 ....(8 .
0318:00 00 00 00 EF D8 90 7C ....ïØ�|
0320:7C 4C D6 76 FC 03 00 00 |LÖvü...
0328:78 F4 12 00 A8 F4 12 00 xô.¨ô.
0330:E0 F5 12 00 00 00 33 00 àõ...3.
0338:70 99 80 7C FF FF FF FF p™€|ÿÿÿÿ
0340:6D 99 80 7C BA 4C D6 76 m™€|ºLÖv
0348:28 38 20 00 00 00 01 00 (8 .....
0350:09 00 00 00 1C F4 12 00 ....ô.
0358:00 00 00 00 10 F5 12 00 ....õ.
0360:18 EE 90 7C 70 05 91 7C î�|p.‘|
0368:FF FF FF FF 6D 05 91 7C ÿÿÿÿm.‘|
0370:DE C2 C2 77 00 00 33 00 ÞÂÂw..3.
0378:00 00 00 00 E3 C2 C2 77 ....ãÂÂw
0380:B8 C8 D4 00 E0 9B D3 00 ¸ÈÔ.à›Ó.
0388:00 00 00 00 E8 03 00 00 ....è...
0390:B8 C8 D4 00 E0 9B D3 00 ¸ÈÔ.à›Ó.
0398:92 D5 90 7C 4A 4D D6 76 ’Õ�|JMÖv
03A0:FC 03 00 00 64 F5 12 00 ü...dõ.
03A8:49 4F 63 00 FC 03 00 00 IOc.ü...
03B0:B8 C8 D4 00 E0 9B D3 00 ¸ÈÔ.à›Ó.
03B8:0F 4C 63 00 FC 03 00 00 .Lc.ü...
03C0:F4 E8 70 00 F0 EF 70 00 ôèp.ðïp.
03C8:01 00 00 00 00 00 00 00 ........
03D0:00 00 00 00 00 00 00 00 ........
03D8:00 00 00 00 00 00 00 00 ........
03E0:00 00 00 00 00 00 00 00 ........
03E8:00 00 00 00 24 EB 70 00 ....$ëp.
03F0:FC 03 00 00 EC 03 00 00 ü...ì...
03F8:EC F5 12 00 9C 30 63 00 ìõ.œ0c.

My Look n Stop trial expired and currently I have no firewall installed.
How do I find why is my PC connecting to AOL site because I have no any AOL software installed no more?

 

It took me 6+ months to get rid of all the AOL Crap. Keep Digging.
Turn on WINDOWS Firewall also.

 

Since your sig is showing ewido I'll assume this is on an NT based operating system. If it's XP....open task manager and make sure the PID column is selected. If not....select View\Select columns and select PID.

Then I would suggest downloading Fport by Foundstone and extract it to a location of your choice. Then start an instance of the command interpreter....Start button > Run....type cmd. Go to the folder where you placed Fport and execute fport.exe. It should then let you see the PID, process, port, protocol and path of that AOL connection.

That's just one of many ways to find it and also introduces you to the Foundstone folks if you have never seen their work.

Bubba

 

port 1043 is associated to cli.exe made by ATI

This connection seems to be active just when I start computer.

Is there any tool that I can install so that it monitor everything from the time when system start?

I am using XP Home.

 

Also with Outpost 3 I could not see nothing with that address in LOG files...

 

Its look like associated with ICQ and this article is very interesting:

http://www.facetime.com/productservices/wp/rtg500_wp_pg3.aspx