Getting Weird things going on in netstat

Gigabyte / Awrdacpi
July 18, 2009 at 15:39:53
Specs: Microsoft Windows XP Professional, 1.819 GHz / 1023 MB
Hi there, a few days I had adware on my computer which I removed but today I checked my netstat command and I got these entries which I don't like the look of

TCP paulpc:1060 ool-4354611e.dyn.optonline.net:11646 ESTABLISHE
D
TCP paulpc:1062 140:51484 FIN_WAIT_1
TCP paulpc:1066 Dynamic-IP-186837870.cable.net.co:32385 ESTABLI
SHED
TCP paulpc:1079 190:53981 ESTABLISHED
TCP paulpc:1099 cm-83-97-135-188.telecable.es:45960 ESTABLISHED

TCP paulpc:1138 an.tacoda.net:http ESTABLISHED
TCP paulpc:1140 content.dl:http ESTABLISHED
TCP paulpc:1192 img:http ESTABLISHED
TCP paulpc:1208 akamai.smartadserver.com:http ESTABLISHED
TCP paulpc:1216 www.google:http ESTABLISHED
TCP paulpc:1232 www.google:http ESTABLISHED
TCP paulpc:1234 anrtx.tacoda.net:http TIME_WAIT
TCP paulpc:1236 www.google:http ESTABLISHED
TCP paulpc:1240 www.google:http ESTABLISHED
TCP paulpc:1242 anrtx.tacoda.net:http TIME_WAIT
TCP paulpc:1296 cr:http TIME_WAIT
TCP paulpc:1312 optimized:http TIME_WAIT
TCP paulpc:1314 pagead2.googlesyndication.com:http ESTABLISHED
TCP paulpc:1317 googleads.g.doubleclick.net:http ESTABLISHED
TCP paulpc:1360 optimized:http TIME_WAIT
TCP paulpc:1362 media.fastclick.net:http TIME_WAIT
TCP paulpc:1366 cdn.fastclick.net:http ESTABLISHED
TCP paulpc:1404 Dynamic-IP-186812386.cable.net.co:16099 ESTABLI
SHED
TCP paulpc:1407 CPE00123fb8bbb8-CM0012c9ab5ee8.cpe.net.cable.rog-
TCP paulpc:1110 paulpc:kpop ESTABLISHED
TCP paulpc:1099 cm-83-97-135-188.telecable.es:45960 ESTABLISHED
TCP paulpc:1066 Dynamic-IP-186837870.cable.net.co:32385 ESTABLI
these are just some of the entries.

What do you make of these

Also here's my hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:41 a.m., on 19/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 196.213.109.53:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4935 bytes

Also money is not an issue so if someone recomends a payware virus scanner that's good and popular I will probally buy it, also I am using nod32, Malwarebytes, scanspyware and zonealarm and they all come up clean


See More: Getting Weird things going on in netstat

Report •


#1
July 22, 2009 at 13:59:49
Those traffic seems like P2P traffic from ares.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •
Related Solutions


Ask Question