netstat and HJT Log

idyllhands · 01-28-2008, 08:03 PM

Hi guys. I've been noticing some slow down on my pc. I ran a netstat -s from a command prompt and got the following (among other) results immediately after a reboot:

TCP Statistics for IPv4

Active Opens = 137
Passive Opens = 66
Failed Connection Attempts = 4
Reset Connections = 39
Current Connections = 47
Segments Received = 16652
Segments Sent = 15789
Segments Retransmitted = 5

Just wondering my my current connections is so high right on boot. I have Vidalia (proxy) on my system, but never quite figured out how to configure it..would this maybe be the culprit, or am I looking at possible spyware?

I ran HijackThis and got 2 errors (I am on win 64 bit, if that matters)
Here's my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:19 PM, on 1/26/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [VGAUtil] "C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1195513346781
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TabletServicePen - Unknown owner - C:\WINDOWS\system32\Pen_Tablet.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8511 bytes

Thanks a bunch for any help/suggestions!!

idyllhands · 01-30-2008, 04:46 AM

Anyone have a chance to look over this?
Or can tell me what all those current connections mean?

I've been told that can mean spyware or virus..

idyllhands · 01-31-2008, 02:11 AM

And how about those (file missing) entries...can i safely remove those?

**ceewi1** · 01-31-2008, 07:12 AM

Don't remove the (file missing) entries. HijackThis cannot read 64 bit machines correctly, and will report file missing in cases where the files actually do exist.

Your logfile shows no signs of malware. Please reboot your PC and try this:

Click on Start -> Run. Type the following command and click OK:
cmd /c netstat -b >> c:\netstat.txt

This will produce a file c:\netstat.txt. Please post the contents here. This will indicate which program is making each connection.

idyllhands · 02-03-2008, 06:13 AM

Thanks for the response. Glad to know it looks clean.
Here are my netstat results..please tell me what it means if you can. I am trying to learn (or at least reassure me that it looks clean

)
It looks like a bunch of those connections are for my proxy..is that what you see in this info?
The thing is, that www.whatismyip.com still gives me my actual ip, so I dont think my vidalia/tor is configured right...

Active Connections

Proto Local Address Foreign Address State PID
TCP josh-lomfo9ygt6:1038 josh-lomfo9ygt6:9051 ESTABLISHED 1604
[vidalia.exe]

TCP josh-lomfo9ygt6:1423 josh-lomfo9ygt6:1424 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1424 josh-lomfo9ygt6:1423 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1425 josh-lomfo9ygt6:1426 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1426 josh-lomfo9ygt6:1425 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1710 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2343 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2346 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2384 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2392 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2416 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2435 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:9051 josh-lomfo9ygt6:1038 ESTABLISHED 2640
[tor.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2435 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2392 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2384 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:1710 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2416 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2343 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2346 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2328 ntp.tourism.wa.gov.au:9001 ESTABLISHED 2640
[tor.exe]

TCP josh-lomfo9ygt6:2441 66.77.165.217:http ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2345 en2l1.ds.innogames.net:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2347 en0l1.ds.innogames.net:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2389 72.21.211.247:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:ms-olap1 py-in-f99.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2417 mu-in-f91.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2577 ar-in-f147.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2514 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2553 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2421 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2429 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2480 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2534 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2580 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2444 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2536 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2559 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2419 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2516 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2443 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2506 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2558 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2478 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2543 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2590 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2569 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2512 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2540 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2555 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2594 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2423 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2567 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2425 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2530 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2549 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2474 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2493 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2556 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2442 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2528 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2433 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2454 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2468 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2483 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2430 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2447 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2456 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2560 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2583 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2521 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2476 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2462 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2485 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2557 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2584 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2432 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2518 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2497 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2482 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2431 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2547 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2532 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2520 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2446 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2537 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2445 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2458 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2581 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2470 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2481 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2535 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2551 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2427 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2571 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2517 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2496 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2578 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2519 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2498 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2593 TIME_WAIT 0

**ceewi1** · 02-05-2008, 06:43 AM

I'm really looking to see whether there are any malware programs responsible for those connections, but all they all appear legitimate. I'd say your log's clean

.

idyllhands · 02-06-2008, 03:38 PM

Kewl, thanks for looking, I appreciate it =)
So is having that many connections at least somewhat normal?

tlarkin · 02-06-2008, 03:55 PM

the netstat results can also be due to your firewall rules. Please describe your network for me. Are you behind a router with NAT enabled? What applications are installed on your computer? Any P2P apps like limewire or bittrorrent, or something like it? How many computers are on your network?

idyllhands · 02-08-2008, 04:26 AM

I don't know about NAT...could you explain that to me? I am using a router with 2 pcs on it. I don't have any p2p on my pc. I do have a software firewall that came with my motherboard: Nvidia firewall. What does the TIME_WAIT mean?

tlarkin · 02-08-2008, 03:31 PM

NAT is a router technology that refuses connections from remote hosts. You may need to put a packet sniffer on your network to see what is going on, however if you just have the default load of Windows on there I can only assume it is a service running in windows doing this. I mean you are constantly sending and receiving packets on your network, even when not in use.

01-28-2008, 08:03 PM	#1 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	netstat and HJT Log Hi guys. I've been noticing some slow down on my pc. I ran a netstat -s from a command prompt and got the following (among other) results immediately after a reboot: TCP Statistics for IPv4 Active Opens = 137 Passive Opens = 66 Failed Connection Attempts = 4 Reset Connections = 39 Current Connections = 47 Segments Received = 16652 Segments Sent = 15789 Segments Retransmitted = 5 Just wondering my my current connections is so high right on boot. I have Vidalia (proxy) on my system, but never quite figured out how to configure it..would this maybe be the culprit, or am I looking at possible spyware? I ran HijackThis and got 2 errors (I am on win 64 bit, if that matters) Here's my HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:03:19 PM, on 1/26/2008 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe C:\WINDOWS\SysWOW64\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\WinRAR\RarExtLoader.exe C:\Program Files (x86)\WinRAR\RarExtLoader.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [VGAUtil] "C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1195513346781 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: TabletServicePen - Unknown owner - C:\WINDOWS\system32\Pen_Tablet.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 8511 bytes Thanks a bunch for any help/suggestions!!

01-31-2008, 07:12 AM	#4 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	Don't remove the (file missing) entries. HijackThis cannot read 64 bit machines correctly, and will report file missing in cases where the files actually do exist. Your logfile shows no signs of malware. Please reboot your PC and try this: Click on Start -> Run. Type the following command and click OK: cmd /c netstat -b >> c:\netstat.txt This will produce a file c:\netstat.txt. Please post the contents here. This will indicate which program is making each connection. __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

02-05-2008, 06:43 AM	#6 (permalink)
ceewi1 Moderator Join Date: Dec 2005 Location: Melbourne, Australia Age: 22 Posts: 5,418	I'm really looking to see whether there are any malware programs responsible for those connections, but all they all appear legitimate. I'd say your log's clean . __________________ CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. Useful PSU Guides

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

01-30-2008, 04:46 AM	#2 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	Anyone have a chance to look over this? Or can tell me what all those current connections mean? I've been told that can mean spyware or virus..

01-31-2008, 02:11 AM	#3 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	And how about those (file missing) entries...can i safely remove those?

02-03-2008, 06:13 AM	#5 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	Thanks for the response. Glad to know it looks clean. Here are my netstat results..please tell me what it means if you can. I am trying to learn (or at least reassure me that it looks clean ) It looks like a bunch of those connections are for my proxy..is that what you see in this info? The thing is, that www.whatismyip.com still gives me my actual ip, so I dont think my vidalia/tor is configured right... Active Connections Proto Local Address Foreign Address State PID TCP josh-lomfo9ygt6:1038 josh-lomfo9ygt6:9051 ESTABLISHED 1604 [vidalia.exe] TCP josh-lomfo9ygt6:1423 josh-lomfo9ygt6:1424 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:1424 josh-lomfo9ygt6:1423 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:1425 josh-lomfo9ygt6:1426 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:1426 josh-lomfo9ygt6:1425 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:1710 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2343 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2346 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2384 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2392 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2416 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:2435 josh-lomfo9ygt6:12080 ESTABLISHED 2796 [firefox.exe] TCP josh-lomfo9ygt6:9051 josh-lomfo9ygt6:1038 ESTABLISHED 2640 [tor.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2435 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2392 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2384 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:1710 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2416 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2343 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2346 ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2328 ntp.tourism.wa.gov.au:9001 ESTABLISHED 2640 [tor.exe] TCP josh-lomfo9ygt6:2441 66.77.165.217:http ESTABLISHED 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2345 en2l1.ds.innogames.net:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2347 en0l1.ds.innogames.net:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2389 72.21.211.247:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:ms-olap1 py-in-f99.google.com:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2417 mu-in-f91.google.com:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:2577 ar-in-f147.google.com:http CLOSE_WAIT 2080 [ashWebSv.exe] TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2514 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2553 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2421 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2429 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2480 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2534 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2580 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2444 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2536 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2559 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2419 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2516 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2443 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2506 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2558 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2478 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2543 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2590 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2569 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2512 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2540 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2555 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2594 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2423 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2567 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2425 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2530 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2549 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2474 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2493 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2556 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2442 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2528 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2433 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2454 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2468 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2483 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2430 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2447 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2456 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2560 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2583 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2521 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2476 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2462 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2485 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2557 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2584 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2432 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2518 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2497 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2482 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2431 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2547 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2532 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2520 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2446 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2537 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2445 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2458 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2581 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2470 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2481 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2535 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2551 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2427 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2571 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2517 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2496 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2578 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2519 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2498 TIME_WAIT 0 TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2593 TIME_WAIT 0

02-06-2008, 03:38 PM	#7 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	Kewl, thanks for looking, I appreciate it =) So is having that many connections at least somewhat normal?

02-06-2008, 03:55 PM	#8 (permalink)
tlarkin VIP Member Join Date: Apr 2006 Location: Kansas City, MO Posts: 9,931	the netstat results can also be due to your firewall rules. Please describe your network for me. Are you behind a router with NAT enabled? What applications are installed on your computer? Any P2P apps like limewire or bittrorrent, or something like it? How many computers are on your network?

02-08-2008, 04:26 AM	#9 (permalink)
idyllhands Silver Member Join Date: Sep 2007 Posts: 105	I don't know about NAT...could you explain that to me? I am using a router with 2 pcs on it. I don't have any p2p on my pc. I do have a software firewall that came with my motherboard: Nvidia firewall. What does the TIME_WAIT mean?

02-08-2008, 03:31 PM	#10 (permalink)
tlarkin VIP Member Join Date: Apr 2006 Location: Kansas City, MO Posts: 9,931	NAT is a router technology that refuses connections from remote hosts. You may need to put a packet sniffer on your network to see what is going on, however if you just have the default load of Windows on there I can only assume it is a service running in windows doing this. I mean you are constantly sending and receiving packets on your network, even when not in use.