Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Getting Weird things going on in netstat

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Getting Weird things going on in netstat

Reply to Message Icon

Name: Bokke
Date: July 18, 2009 at 15:39:53 Pacific
OS: Microsoft Windows XP Professional
CPU/Ram: 1.819 GHz / 1023 MB
Product: Gigabyte / Awrdacpi
Subcategory: General
Comment:

Hi there, a few days I had adware on my computer which I removed but today I checked my netstat command and I got these entries which I don't like the look of

TCP paulpc:1060 ool-4354611e.dyn.optonline.net:11646 ESTABLISHE
D
TCP paulpc:1062 140:51484 FIN_WAIT_1
TCP paulpc:1066 Dynamic-IP-186837870.cable.net.co:32385 ESTABLI
SHED
TCP paulpc:1079 190:53981 ESTABLISHED
TCP paulpc:1099 cm-83-97-135-188.telecable.es:45960 ESTABLISHED

TCP paulpc:1138 an.tacoda.net:http ESTABLISHED
TCP paulpc:1140 content.dl:http ESTABLISHED
TCP paulpc:1192 img:http ESTABLISHED
TCP paulpc:1208 akamai.smartadserver.com:http ESTABLISHED
TCP paulpc:1216 www.google:http ESTABLISHED
TCP paulpc:1232 www.google:http ESTABLISHED
TCP paulpc:1234 anrtx.tacoda.net:http TIME_WAIT
TCP paulpc:1236 www.google:http ESTABLISHED
TCP paulpc:1240 www.google:http ESTABLISHED
TCP paulpc:1242 anrtx.tacoda.net:http TIME_WAIT
TCP paulpc:1296 cr:http TIME_WAIT
TCP paulpc:1312 optimized:http TIME_WAIT
TCP paulpc:1314 pagead2.googlesyndication.com:http ESTABLISHED
TCP paulpc:1317 googleads.g.doubleclick.net:http ESTABLISHED
TCP paulpc:1360 optimized:http TIME_WAIT
TCP paulpc:1362 media.fastclick.net:http TIME_WAIT
TCP paulpc:1366 cdn.fastclick.net:http ESTABLISHED
TCP paulpc:1404 Dynamic-IP-186812386.cable.net.co:16099 ESTABLI
SHED
TCP paulpc:1407 CPE00123fb8bbb8-CM0012c9ab5ee8.cpe.net.cable.rog-
TCP paulpc:1110 paulpc:kpop ESTABLISHED
TCP paulpc:1099 cm-83-97-135-188.telecable.es:45960 ESTABLISHED
TCP paulpc:1066 Dynamic-IP-186837870.cable.net.co:32385 ESTABLI
these are just some of the entries.

What do you make of these

Also here's my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:41 a.m., on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 196.213.109.53:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4935 bytes

Also money is not an issue so if someone recomends a payware virus scanner that's good and popular I will probally buy it, also I am using nod32, Malwarebytes, scanspyware and zonealarm and they all come up clean



Sponsored Link
Ads by Google

Response Number 1
Name: jdk (by neoark)
Date: July 22, 2009 at 13:59:49 Pacific
Reply:

Those traffic seems like P2P traffic from ares.

If I'm helping you and I don't reply within 24 hours send me a PM.


0
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Getting Weird things going on in netstat
Weird Things Happening www.computing.net/answers/security/weird-things-happening/8914.html

Anyone heard of virus attacking avi www.computing.net/answers/security/anyone-heard-of-virus-attacking-avi/14674.html

Is NAV cutting it these days? www.computing.net/answers/security/is-nav-cutting-it-these-days/3258.html