I have noticed i have a lot of established connections on various ports when checking with netstat in dos. I used Arin Whois to check the ip address and heres what it showed: Search results for: 72.247.29.200 OrgName: Akamai Technologies OrgID: AKAMAI Address: 8 Cambridge Center City: Cambridge StateProv: MA PostalCode: 02142 Country: US NetRange: 72.246.0.0 - 72.247.191.255 CIDR: 72.246.0.0/16, 72.247.0.0/17, 72.247.128.0/18 NetName: AKAMAI-ARIN-1 NetHandle: NET-72-246-0-0-1 Parent: NET-72-0-0-0-0 NetType: Direct Allocation NameServer: ACCESS.AKAMAI.COM NameServer: YA.AKAMAI.COM Comment: RegDate: 2005-03-14 Updated: 2006-11-17 RNOCHandle: NF81-ARIN RNOCName: Freedman, Noam RNOCPhone: +1-617-938-3130 RNOCEmail: noam+arin@akamai.com OrgTechHandle: NF81-ARIN OrgTechName: Freedman, Noam OrgTechPhone: +1-617-938-3130 OrgTechEmail: noam+arin@akamai.com # ARIN WHOIS database, last updated 2007-02-10 19:10 It shows I have 15 established connections on port 80. Search results for: 212.150.236.82 OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 212.0.0.0 - 212.255.255.255 CIDR: 212.0.0.0/8 NetName: RIPE-NCC-212 NetHandle: NET-212-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: NS3.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: NS-EXT.ISC.ORG NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: 1997-11-14 Updated: 2005-08-03 # ARIN WHOIS database, last updated 2007-02-10 19:10 I have 1 established connection on port 80. Search results for: 204.2.35.38 OrgName: NTT America, Inc. OrgID: NTTAM-1 Address: 8005 South Chester Street Address: Suite 200 City: Centennial StateProv: CO PostalCode: 80112 Country: US ReferralServer: rwhois://rwhois.gin.ntt.net:4321/ NetRange: 204.0.0.0 - 204.3.255.255 CIDR: 204.0.0.0/14 NetName: NTTA-204 NetHandle: NET-204-0-0-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation NameServer: NS0.VERIO.NET NameServer: NS1.VERIO.NET NameServer: NS2.VERIO.NET NameServer: NS3.VERIO.NET NameServer: NS4.VERIO.NET Comment: Comment: Reassignment information for this block is Comment: available at rwhois.gin.ntt.net port 4321 RegDate: 1994-05-04 Updated: 2006-11-10 RTechHandle: VIA4-ORG-ARIN RTechName: VIPAR RTechPhone: +1-303-645-1900 RTechEmail: vipar@us.ntt.net OrgAbuseHandle: NAAC-ARIN OrgAbuseName: NTT America Abuse Contact OrgAbusePhone: +1-800-551-1630 OrgAbuseEmail: abuse@ntt.net OrgNOCHandle: NASC-ARIN OrgNOCName: NTT America Support Contact OrgNOCPhone: +1-800-551-1630 OrgNOCEmail: support@us.ntt.net OrgTechHandle: VIPAR-ARIN OrgTechName: VIPAR OrgTechPhone: +1-303-645-1900 OrgTechEmail: vipar@us.ntt.net # ARIN WHOIS database, last updated 2007-02-10 19:10 I have 5 established connections on port 80. IP Address 127.0.0.1 54 connections 30 of them are port 12080. The rest are random ports ranging from 1059 to 1283. I only had google and arin whois open while running this check so I left those off the list since I obviously had a connection to those sites. I'm running zone alarm pro and it hasn't prompted me with any access alerts. I'm just not sure why I have so many active connections and connections to those companies when I only have 2 web pages open. I ran full virus scans with panda, trend micro and avast and got nada. Any thoughts? Windows XP Pro SP2 AMD Athlon 64 3200+ 2.0GHZ Venice Core Gigabyte GA-K8N-SLI Motherboard 1GB Geil DDR400 Dual Channel ATI Radeon X800 GTO Fireblade Edition 256MB DDR PCIE

Do you have a background program, such as an antivirus or firewall that has permission to scan incoming/outgoing data? If so you it may be causing the massive amount of connections.

Try running the tests on here: https://www.grc.com/x/ne.dll?bh0bkyd2 DerekW