andichan2001
asked on
Hidden program use my internet connection?
Usually bytes sent is less than bytes received, if you are not uploading data.
But in my computer, bytes sent is more than 3 times bytes received! and I'm
not uploading data, just browsing the internet (this makes my browsing activity slower than before).
I suspect that there is a hidden program that use my internet connection.
How can track down the problem and eliminate it?
How can I see the data sent away from my computer?
How can I know which programs that use my internet connection?
Thank you,
Andi
But in my computer, bytes sent is more than 3 times bytes received! and I'm
not uploading data, just browsing the internet (this makes my browsing activity slower than before).
I suspect that there is a hidden program that use my internet connection.
How can track down the problem and eliminate it?
How can I see the data sent away from my computer?
How can I know which programs that use my internet connection?
Thank you,
Andi
goto command prompt
type netstat -a
this will show you a list of things
your computer is connected to and listeing for, then start going down the list and verifiying
if you find one that has a port open close the port on your firewall, other wise, kill apps that are running that you dont know what they do.
kill them one at a time, and see when the connection goes away.
if you find one you cant get, msg me and i will tell you what it is ...
type netstat -a
this will show you a list of things
your computer is connected to and listeing for, then start going down the list and verifiying
if you find one that has a port open close the port on your firewall, other wise, kill apps that are running that you dont know what they do.
kill them one at a time, and see when the connection goes away.
if you find one you cant get, msg me and i will tell you what it is ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have NT, review the Event Logs.
If you want a product, (and you run virus check), then consider personal firewall such as ZoneAlarm that will let you list and block all nature of outgoing TCP/IP traffic.
Try to not allow any program to run at startup. On many OS you get StartUp folder and/or command line capability such as running MsConfig where you can review many of these.
Review task manager, for just what programs are running. Eliminating the new ones one at a time can either identify a culprit or make system ineffective, both of which can be cured through a reboot. So this is a rather intuitive time-consuming, frustrating process, but remains a viable tool when all else fails as interest permits.
If you want a product, (and you run virus check), then consider personal firewall such as ZoneAlarm that will let you list and block all nature of outgoing TCP/IP traffic.
Try to not allow any program to run at startup. On many OS you get StartUp folder and/or command line capability such as running MsConfig where you can review many of these.
Review task manager, for just what programs are running. Eliminating the new ones one at a time can either identify a culprit or make system ineffective, both of which can be cured through a reboot. So this is a rather intuitive time-consuming, frustrating process, but remains a viable tool when all else fails as interest permits.
> But in my computer, bytes sent is more than 3 times bytes received!
This is atypical of a good spyware, they don't really have more traffic, on their own, than the displays. They go for the URL, rather than the HTML and JGG files themselves.
If this is sporadic, it may be that you've become open for people borrowing parts of your disk for their downloads. More likely if you've opened up FTP. You running any other 'server' function? Toying with webserver?
If this is continual, a more consistent overall average, then you may have been hit with remote control program, or, a neighborhood jock who is snooping, looking for files, and perhaps trying to monitor your keystrokes. It could also be that you've been nice and agreed somewhere to volunteer your spare CPU cycles.
Most likely, if you set back and apply all upgrades to OS and browser, then add the firewall censor, then your bytes in vs bytes out should become more as you'd anticipate.
This is atypical of a good spyware, they don't really have more traffic, on their own, than the displays. They go for the URL, rather than the HTML and JGG files themselves.
If this is sporadic, it may be that you've become open for people borrowing parts of your disk for their downloads. More likely if you've opened up FTP. You running any other 'server' function? Toying with webserver?
If this is continual, a more consistent overall average, then you may have been hit with remote control program, or, a neighborhood jock who is snooping, looking for files, and perhaps trying to monitor your keystrokes. It could also be that you've been nice and agreed somewhere to volunteer your spare CPU cycles.
Most likely, if you set back and apply all upgrades to OS and browser, then add the firewall censor, then your bytes in vs bytes out should become more as you'd anticipate.
How savvy are you with understanding tcp/ip packets?
Running sniffer would be a good option, if you could make head or tail of the packets.
You could also install Zonealarm. This program will ask you every time something tries to connect to, OR connect _from_ your computer.
The 'connect froms' are the interesting part. If you just fire up your computer, and do nothing, and zonealarm starts bugging you about programs trying to access the Internet... bingo you've found it. By all means deny access to that program until you can figure out how to disable it.
Running sniffer would be a good option, if you could make head or tail of the packets.
You could also install Zonealarm. This program will ask you every time something tries to connect to, OR connect _from_ your computer.
The 'connect froms' are the interesting part. If you just fire up your computer, and do nothing, and zonealarm starts bugging you about programs trying to access the Internet... bingo you've found it. By all means deny access to that program until you can figure out how to disable it.
you can download a software firewall. It will tell you what programs are accessing the internet. Tiny personal firewall, blackice, zone alarm.
You can download Languard scanner from gfi.com, and scan yourself to see if you have any trojan programs installed.
give me your ip address and I can scan you, and I'll tell you.
luck,
You can download Languard scanner from gfi.com, and scan yourself to see if you have any trojan programs installed.
give me your ip address and I can scan you, and I'll tell you.
luck,
ASKER
It turn out that there isn't any spyware in my machine. From the command netstat -a I found out that the computer is trying to connect to Primary DNS Suffix. As soon as I remove "Primary DNS Suffix of this computer" in Network Identification, the connection's back to normal. BTW, thank you for all your comments.
ASKER
Sorry, it turn out that the problem is now come and go. Sometimes the connection is normal:
=======================
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP hadinataa:ftp hadinataa:0 LISTENING
TCP hadinataa:smtp hadinataa:0 LISTENING
TCP hadinataa:http hadinataa:0 LISTENING
TCP hadinataa:epmap hadinataa:0 LISTENING
TCP hadinataa:https hadinataa:0 LISTENING
TCP hadinataa:microsoft-ds hadinataa:0 LISTENING
TCP hadinataa:1025 hadinataa:0 LISTENING
TCP hadinataa:1027 hadinataa:0 LISTENING
TCP hadinataa:1029 hadinataa:0 LISTENING
UDP hadinataa:epmap *:*
UDP hadinataa:microsoft-ds *:*
UDP hadinataa:1026 *:*
UDP hadinataa:1028 *:*
UDP hadinataa:1645 *:*
UDP hadinataa:1646 *:*
UDP hadinataa:radius *:*
UDP hadinataa:radacct *:*
UDP hadinataa:3456 *:*
UDP hadinataa:1030 *:*
UDP hadinataa:1031 *:*
C:\>
=======================
but sometimes the problem persist:
=======================
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP hadinataa:ftp hadinataa:0 LISTENING
TCP hadinataa:smtp hadinataa:0 LISTENING
TCP hadinataa:http hadinataa:0 LISTENING
TCP hadinataa:epmap hadinataa:0 LISTENING
TCP hadinataa:https hadinataa:0 LISTENING
TCP hadinataa:microsoft-ds hadinataa:0 LISTENING
TCP hadinataa:1025 hadinataa:0 LISTENING
TCP hadinataa:1027 hadinataa:0 LISTENING
TCP hadinataa:1029 hadinataa:0 LISTENING
TCP hadinataa:1032 hadinataa:0 LISTENING
TCP hadinataa:1143 hadinataa:0 LISTENING
TCP hadinataa:1409 hadinataa:0 LISTENING
TCP hadinataa:1443 hadinataa:0 LISTENING
TCP hadinataa:1650 hadinataa:0 LISTENING
.
.
.
.
TCP hadinataa:4938 hadinataa:0 LISTENING
TCP hadinataa:4939 hadinataa:0 LISTENING
TCP hadinataa:4940 hadinataa:0 LISTENING
TCP hadinataa:4941 hadinataa:0 LISTENING
TCP hadinataa:4942 hadinataa:0 LISTENING
TCP hadinataa:1032 hadinataa:3306 ESTABLISHED
TCP hadinataa:3306 hadinataa:1032 ESTABLISHED
TCP hadinataa:netbios-ssn hadinataa:0 LISTENING
TCP hadinataa:2331 61-216-15-12.HINET-IP.hine
TCP hadinataa:2395 p4182-ipad01hodogaya.kanag
TCP hadinataa:4018 61.149.23.190:http ESTABLISHED
TCP hadinataa:4044 muccollege.co.jp:http ESTABLISHED
TCP hadinataa:4429 r109.asp.mewave.com:http ESTABLISHED
TCP hadinataa:4647 ppp-jt2-d.telkom.net.id:ht
TCP hadinataa:4648 ppp-bdl-a.telkom.net.id:ht
.
.
.
=======================
Please help me..
=======================
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP hadinataa:ftp hadinataa:0 LISTENING
TCP hadinataa:smtp hadinataa:0 LISTENING
TCP hadinataa:http hadinataa:0 LISTENING
TCP hadinataa:epmap hadinataa:0 LISTENING
TCP hadinataa:https hadinataa:0 LISTENING
TCP hadinataa:microsoft-ds hadinataa:0 LISTENING
TCP hadinataa:1025 hadinataa:0 LISTENING
TCP hadinataa:1027 hadinataa:0 LISTENING
TCP hadinataa:1029 hadinataa:0 LISTENING
UDP hadinataa:epmap *:*
UDP hadinataa:microsoft-ds *:*
UDP hadinataa:1026 *:*
UDP hadinataa:1028 *:*
UDP hadinataa:1645 *:*
UDP hadinataa:1646 *:*
UDP hadinataa:radius *:*
UDP hadinataa:radacct *:*
UDP hadinataa:3456 *:*
UDP hadinataa:1030 *:*
UDP hadinataa:1031 *:*
C:\>
=======================
but sometimes the problem persist:
=======================
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP hadinataa:ftp hadinataa:0 LISTENING
TCP hadinataa:smtp hadinataa:0 LISTENING
TCP hadinataa:http hadinataa:0 LISTENING
TCP hadinataa:epmap hadinataa:0 LISTENING
TCP hadinataa:https hadinataa:0 LISTENING
TCP hadinataa:microsoft-ds hadinataa:0 LISTENING
TCP hadinataa:1025 hadinataa:0 LISTENING
TCP hadinataa:1027 hadinataa:0 LISTENING
TCP hadinataa:1029 hadinataa:0 LISTENING
TCP hadinataa:1032 hadinataa:0 LISTENING
TCP hadinataa:1143 hadinataa:0 LISTENING
TCP hadinataa:1409 hadinataa:0 LISTENING
TCP hadinataa:1443 hadinataa:0 LISTENING
TCP hadinataa:1650 hadinataa:0 LISTENING
.
.
.
.
TCP hadinataa:4938 hadinataa:0 LISTENING
TCP hadinataa:4939 hadinataa:0 LISTENING
TCP hadinataa:4940 hadinataa:0 LISTENING
TCP hadinataa:4941 hadinataa:0 LISTENING
TCP hadinataa:4942 hadinataa:0 LISTENING
TCP hadinataa:1032 hadinataa:3306 ESTABLISHED
TCP hadinataa:3306 hadinataa:1032 ESTABLISHED
TCP hadinataa:netbios-ssn hadinataa:0 LISTENING
TCP hadinataa:2331 61-216-15-12.HINET-IP.hine
TCP hadinataa:2395 p4182-ipad01hodogaya.kanag
TCP hadinataa:4018 61.149.23.190:http ESTABLISHED
TCP hadinataa:4044 muccollege.co.jp:http ESTABLISHED
TCP hadinataa:4429 r109.asp.mewave.com:http ESTABLISHED
TCP hadinataa:4647 ppp-jt2-d.telkom.net.id:ht
TCP hadinataa:4648 ppp-bdl-a.telkom.net.id:ht
.
.
.
=======================
Please help me..
ASKER
What can cause this hundreds or even thousands of listening tcp ports?
I have been reading this thred with interest and am sorry to see that nothing has been added since March 15 (unless I am missing something). I am having the same experience. I have virus software on my computer as have now installed Zone Alarm Pro. My outgoing packets after an hour and a half past restart have reached 3,719,441,683,790 and my incoming is a measly 8,427. netstat gives me this:
Proto Local Address Foreign Address State
TCP VALUED-5E2B8C56:http VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:epmap VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:https VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:microsoft-
TCP VALUED-5E2B8C56:1024 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1025 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1026 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1027 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1031 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1035 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1042 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1046 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1047 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1048 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1062 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1063 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1064 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1065 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1108 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:kpop VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2042 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2043 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2052 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2055 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2522 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2901 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5000 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5001 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5679 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8103 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8110 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8500 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9128 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9130 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9133 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9343 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:19997 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:19998 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51250 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51251 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51712 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51713 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1024 localhost:1048 ESTABLISHED
TCP VALUED-5E2B8C56:1026 localhost:1064 ESTABLISHED
TCP VALUED-5E2B8C56:1042 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1046 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1047 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1048 localhost:1024 ESTABLISHED
TCP VALUED-5E2B8C56:1062 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1063 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1064 localhost:1026 ESTABLISHED
TCP VALUED-5E2B8C56:ms-sql-s VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2082 localhost:2081 TIME_WAIT
TCP VALUED-5E2B8C56:2085 localhost:2084 TIME_WAIT
TCP VALUED-5E2B8C56:2088 localhost:2087 TIME_WAIT
TCP VALUED-5E2B8C56:2091 localhost:2090 TIME_WAIT
TCP VALUED-5E2B8C56:2094 localhost:2093 TIME_WAIT
TCP VALUED-5E2B8C56:2097 localhost:2096 TIME_WAIT
TCP VALUED-5E2B8C56:2100 localhost:2099 TIME_WAIT
TCP VALUED-5E2B8C56:2103 localhost:2102 TIME_WAIT
TCP VALUED-5E2B8C56:2106 localhost:2105 TIME_WAIT
TCP VALUED-5E2B8C56:2107 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:2108 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:2109 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:9130 localhost:1042 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1046 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1047 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1062 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1063 ESTABLISHED
TCP VALUED-5E2B8C56:11523 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:11523 localhost:2079 TIME_WAIT
TCP VALUED-5E2B8C56:51200 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51201 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53010 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53248 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53249 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53250 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53504 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53632 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:netbios-ss
TCP VALUED-5E2B8C56:kpop 169.132.117.39:http ESTABLISHED
TCP VALUED-5E2B8C56:ms-sql-s VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2052 berp-fe10.dial.aol.com:519
TCP VALUED-5E2B8C56:2055 64.12.26.153:5190 ESTABLISHED
UDP VALUED-5E2B8C56:microsoft-
UDP VALUED-5E2B8C56:isakmp *:*
UDP VALUED-5E2B8C56:1030 *:*
UDP VALUED-5E2B8C56:1075 *:*
UDP VALUED-5E2B8C56:1104 *:*
UDP VALUED-5E2B8C56:1105 *:*
UDP VALUED-5E2B8C56:ms-sql-m *:*
UDP VALUED-5E2B8C56:3456 *:*
UDP VALUED-5E2B8C56:6801 *:*
UDP VALUED-5E2B8C56:6802 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:1086 *:*
UDP VALUED-5E2B8C56:1095 *:*
UDP VALUED-5E2B8C56:1239 *:*
UDP VALUED-5E2B8C56:1717 *:*
UDP VALUED-5E2B8C56:1793 *:*
UDP VALUED-5E2B8C56:1900 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:netbios-ns
UDP VALUED-5E2B8C56:netbios-dg
UDP VALUED-5E2B8C56:1900 *:*
UDP VALUED-5E2B8C56:2057 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:1900 *:*
Does anybody recognize an obvious culprit here? Thanks!
Proto Local Address Foreign Address State
TCP VALUED-5E2B8C56:http VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:epmap VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:https VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:microsoft-
TCP VALUED-5E2B8C56:1024 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1025 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1026 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1027 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1031 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1035 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1042 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1046 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1047 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1048 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1062 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1063 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1064 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1065 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1108 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:kpop VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2042 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2043 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2052 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2055 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2522 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2901 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5000 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5001 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:5679 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8103 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8110 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:8500 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9128 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9130 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9133 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:9343 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:19997 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:19998 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51250 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51251 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51712 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51713 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:1024 localhost:1048 ESTABLISHED
TCP VALUED-5E2B8C56:1026 localhost:1064 ESTABLISHED
TCP VALUED-5E2B8C56:1042 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1046 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1047 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1048 localhost:1024 ESTABLISHED
TCP VALUED-5E2B8C56:1062 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1063 localhost:9130 ESTABLISHED
TCP VALUED-5E2B8C56:1064 localhost:1026 ESTABLISHED
TCP VALUED-5E2B8C56:ms-sql-s VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2082 localhost:2081 TIME_WAIT
TCP VALUED-5E2B8C56:2085 localhost:2084 TIME_WAIT
TCP VALUED-5E2B8C56:2088 localhost:2087 TIME_WAIT
TCP VALUED-5E2B8C56:2091 localhost:2090 TIME_WAIT
TCP VALUED-5E2B8C56:2094 localhost:2093 TIME_WAIT
TCP VALUED-5E2B8C56:2097 localhost:2096 TIME_WAIT
TCP VALUED-5E2B8C56:2100 localhost:2099 TIME_WAIT
TCP VALUED-5E2B8C56:2103 localhost:2102 TIME_WAIT
TCP VALUED-5E2B8C56:2106 localhost:2105 TIME_WAIT
TCP VALUED-5E2B8C56:2107 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:2108 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:2109 localhost:11523 TIME_WAIT
TCP VALUED-5E2B8C56:9130 localhost:1042 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1046 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1047 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1062 ESTABLISHED
TCP VALUED-5E2B8C56:9130 localhost:1063 ESTABLISHED
TCP VALUED-5E2B8C56:11523 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:11523 localhost:2079 TIME_WAIT
TCP VALUED-5E2B8C56:51200 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:51201 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53010 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53248 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53249 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53250 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53504 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:53632 VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:netbios-ss
TCP VALUED-5E2B8C56:kpop 169.132.117.39:http ESTABLISHED
TCP VALUED-5E2B8C56:ms-sql-s VALUED-5E2B8C56:0 LISTENING
TCP VALUED-5E2B8C56:2052 berp-fe10.dial.aol.com:519
TCP VALUED-5E2B8C56:2055 64.12.26.153:5190 ESTABLISHED
UDP VALUED-5E2B8C56:microsoft-
UDP VALUED-5E2B8C56:isakmp *:*
UDP VALUED-5E2B8C56:1030 *:*
UDP VALUED-5E2B8C56:1075 *:*
UDP VALUED-5E2B8C56:1104 *:*
UDP VALUED-5E2B8C56:1105 *:*
UDP VALUED-5E2B8C56:ms-sql-m *:*
UDP VALUED-5E2B8C56:3456 *:*
UDP VALUED-5E2B8C56:6801 *:*
UDP VALUED-5E2B8C56:6802 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:1086 *:*
UDP VALUED-5E2B8C56:1095 *:*
UDP VALUED-5E2B8C56:1239 *:*
UDP VALUED-5E2B8C56:1717 *:*
UDP VALUED-5E2B8C56:1793 *:*
UDP VALUED-5E2B8C56:1900 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:netbios-ns
UDP VALUED-5E2B8C56:netbios-dg
UDP VALUED-5E2B8C56:1900 *:*
UDP VALUED-5E2B8C56:2057 *:*
UDP VALUED-5E2B8C56:ntp *:*
UDP VALUED-5E2B8C56:1900 *:*
Does anybody recognize an obvious culprit here? Thanks!
use one of the tools if u r commercial user:
http://www.lavasoftusa.com/software/
get this for FREE for personal use:
http://www.lavasoftusa.com/software/adaware/