netstat and HJT Log

I

idyllhands

New Member
Hi guys. I've been noticing some slow down on my pc. I ran a netstat -s from a command prompt and got the following (among other) results immediately after a reboot:


TCP Statistics for IPv4

Active Opens = 137
Passive Opens = 66
Failed Connection Attempts = 4
Reset Connections = 39
Current Connections = 47
Segments Received = 16652
Segments Sent = 15789
Segments Retransmitted = 5


Just wondering my my current connections is so high right on boot. I have Vidalia (proxy) on my system, but never quite figured out how to configure it..would this maybe be the culprit, or am I looking at possible spyware?

I ran HijackThis and got 2 errors (I am on win 64 bit, if that matters)
Here's my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:19 PM, on 1/26/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe"
O4 - HKLM\..\Run: [VGAUtil] "C:\Program Files (x86)\GigaByte\VGA Utility Manager\G-VGA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files (x86)\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files (x86)\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195513346781
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TabletServicePen - Unknown owner - C:\WINDOWS\system32\Pen_Tablet.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8511 bytes




Thanks a bunch for any help/suggestions!!
 
Anyone have a chance to look over this?
Or can tell me what all those current connections mean?

I've been told that can mean spyware or virus..
 
Don't remove the (file missing) entries. HijackThis cannot read 64 bit machines correctly, and will report file missing in cases where the files actually do exist.

Your logfile shows no signs of malware. Please reboot your PC and try this:

Click on Start -> Run. Type the following command and click OK:
cmd /c netstat -b >> c:\netstat.txt

This will produce a file c:\netstat.txt. Please post the contents here. This will indicate which program is making each connection.
 
Thanks for the response. Glad to know it looks clean.
Here are my netstat results..please tell me what it means if you can. I am trying to learn (or at least reassure me that it looks clean :D)
It looks like a bunch of those connections are for my proxy..is that what you see in this info?
The thing is, that www.whatismyip.com still gives me my actual ip, so I dont think my vidalia/tor is configured right...


Active Connections

Proto Local Address Foreign Address State PID
TCP josh-lomfo9ygt6:1038 josh-lomfo9ygt6:9051 ESTABLISHED 1604
[vidalia.exe]

TCP josh-lomfo9ygt6:1423 josh-lomfo9ygt6:1424 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1424 josh-lomfo9ygt6:1423 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1425 josh-lomfo9ygt6:1426 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1426 josh-lomfo9ygt6:1425 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:1710 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2343 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2346 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2384 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2392 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2416 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:2435 josh-lomfo9ygt6:12080 ESTABLISHED 2796
[firefox.exe]

TCP josh-lomfo9ygt6:9051 josh-lomfo9ygt6:1038 ESTABLISHED 2640
[tor.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2435 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2392 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2384 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:1710 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2416 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2343 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2346 ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2328 ntp.tourism.wa.gov.au:9001 ESTABLISHED 2640
[tor.exe]

TCP josh-lomfo9ygt6:2441 66.77.165.217:http ESTABLISHED 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2345 en2l1.ds.innogames.net:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2347 en0l1.ds.innogames.net:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2389 72.21.211.247:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:ms-olap1 py-in-f99.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2417 mu-in-f91.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:2577 ar-in-f147.google.com:http CLOSE_WAIT 2080
[ashWebSv.exe]

TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2514 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2553 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2421 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2429 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2480 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2534 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2580 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2444 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2536 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2559 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2419 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2516 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2443 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2506 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2558 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2478 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2543 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2590 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2569 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2512 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2540 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2555 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2594 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2423 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2567 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2425 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2530 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2549 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2474 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2493 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2556 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2442 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2528 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2433 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2454 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2468 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2483 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2430 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2447 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2456 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2560 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2583 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2521 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2476 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2462 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2485 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2557 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2584 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2432 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2518 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2497 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2482 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2431 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2547 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2532 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2520 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2446 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2537 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2445 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2458 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2581 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2470 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2481 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2535 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2551 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2427 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2571 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2517 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2496 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2578 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2519 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2498 TIME_WAIT 0
TCP josh-lomfo9ygt6:12080 josh-lomfo9ygt6:2593 TIME_WAIT 0
 
I'm really looking to see whether there are any malware programs responsible for those connections, but all they all appear legitimate. I'd say your log's clean :).
 
the netstat results can also be due to your firewall rules. Please describe your network for me. Are you behind a router with NAT enabled? What applications are installed on your computer? Any P2P apps like limewire or bittrorrent, or something like it? How many computers are on your network?
 
I don't know about NAT...could you explain that to me? I am using a router with 2 pcs on it. I don't have any p2p on my pc. I do have a software firewall that came with my motherboard: Nvidia firewall. What does the TIME_WAIT mean?
 
NAT is a router technology that refuses connections from remote hosts. You may need to put a packet sniffer on your network to see what is going on, however if you just have the default load of Windows on there I can only assume it is a service running in windows doing this. I mean you are constantly sending and receiving packets on your network, even when not in use.
 
You must log in or register to reply here.
Back
Top