Need Opinion on the Following Suspicious Activity

I noticed that even when I have nothing open in Windows XP Pro SP2, there is
activity galore...see below. I am not too sure how to address this.
Spyware software didn't catch anything out of the ordinary and ZoneAlarm
Firewall did not catch anything sinister either. There is always net
activity being received onto my computer even when it is not being used and
nothing is running. Please advise if at all possible as to what this is:
Thanks very much.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>netstat

Active Connections

Proto Local Address Foreign Address State
TCP xppro:1046 64.215.164.234:http ESTABLISHED
TCP xppro:1047 207.46.20.93:http ESTABLISHED
TCP xppro:1048 64.4.21.189:https ESTABLISHED
TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
TCP xppro:2869 192.168.0.1:6065 TIME_WAIT

Re: Need Opinion on the Following Suspicious Activity

Start by looking up the IP addresses and see if they have anything to do
with your connection: www.dnsstuff.com

"Jeff Lloyd" wrote in message
news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below. I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either. There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running. Please advise if at all possible as to what this is:
>Thanks very much.
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\user>netstat
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP xppro:1046 64.215.164.234:http ESTABLISHED
> TCP xppro:1047 207.46.20.93:http ESTABLISHED
> TCP xppro:1048 64.4.21.189:https ESTABLISHED
> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>

Re: Need Opinion on the Following Suspicious Activity

Start by looking up the IP addresses and see if they have anything to do
with your connection: www.dnsstuff.com

"Jeff Lloyd" wrote in message
news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below. I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either. There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running. Please advise if at all possible as to what this is:
>Thanks very much.
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\user>netstat
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP xppro:1046 64.215.164.234:http ESTABLISHED
> TCP xppro:1047 207.46.20.93:http ESTABLISHED
> TCP xppro:1048 64.4.21.189:https ESTABLISHED
> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>

Re: Need Opinion on the Following Suspicious Activity

From: "Jeff Lloyd"

| I noticed that even when I have nothing open in Windows XP Pro SP2, there is
| activity galore...see below. I am not too sure how to address this.
| Spyware software didn't catch anything out of the ordinary and ZoneAlarm
| Firewall did not catch anything sinister either. There is always net
| activity being received onto my computer even when it is not being used and
| nothing is running. Please advise if at all possible as to what this is:
| Thanks very much.
|
| Microsoft Windows XP [Version 5.1.2600]
| (C) Copyright 1985-2001 Microsoft Corp.
|
| C:\Documents and Settings\user>netstat
|
| Active Connections
|
| Proto Local Address Foreign Address State
| TCP xppro:1046 64.215.164.234:http ESTABLISHED
| TCP xppro:1047 207.46.20.93:http ESTABLISHED
| TCP xppro:1048 64.4.21.189:https ESTABLISHED
| TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
| TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
| TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
|

What's so suspicious ?

HotMail ?
Microsoft ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Re: Need Opinion on the Following Suspicious Activity

From: "Jeff Lloyd"

| I noticed that even when I have nothing open in Windows XP Pro SP2, there is
| activity galore...see below. I am not too sure how to address this.
| Spyware software didn't catch anything out of the ordinary and ZoneAlarm
| Firewall did not catch anything sinister either. There is always net
| activity being received onto my computer even when it is not being used and
| nothing is running. Please advise if at all possible as to what this is:
| Thanks very much.
|
| Microsoft Windows XP [Version 5.1.2600]
| (C) Copyright 1985-2001 Microsoft Corp.
|
| C:\Documents and Settings\user>netstat
|
| Active Connections
|
| Proto Local Address Foreign Address State
| TCP xppro:1046 64.215.164.234:http ESTABLISHED
| TCP xppro:1047 207.46.20.93:http ESTABLISHED
| TCP xppro:1048 64.4.21.189:https ESTABLISHED
| TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
| TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
| TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
|

What's so suspicious ?

HotMail ?
Microsoft ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Re: Need Opinion on the Following Suspicious Activity

"Jeff Lloyd" wrote in message
news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below. I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either. There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running. Please advise if at all possible as to what this is:
>Thanks very much.
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\user>netstat
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP xppro:1046 64.215.164.234:http ESTABLISHED
> TCP xppro:1047 207.46.20.93:http ESTABLISHED
> TCP xppro:1048 64.4.21.189:https ESTABLISHED
> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>

The http connections are the Windows Update site. Maybe you have automatic
updates turned on? (good)

The other lines appear to be UPnP traffic from your computer to your local
router. Nothing suspicious. You can disable Universal Plug and Play on the
router and/or turn off the services that support it on your PC if you don't
like it. (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service and
Universal Plug
and Play Device Host to disabled and stopped ) MSN/Windows Live Messenger,
if you use it, is also known to generate some UPnP traffic on its own
regardless of whether you turn the services off.

About UPnP:
http://www.microsoft.com/technet/prodtechnol/winxppro/evalua te/upnpxp.mspx
http://en.wikipedia.org/wiki/Universal_Plug_and_Play


--
Colin Nash
Microsoft MVP
Windows Shell/User

Re: Need Opinion on the Following Suspicious Activity

"Jeff Lloyd" wrote in message
news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>is activity galore...see below. I am not too sure how to address this.
>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>Firewall did not catch anything sinister either. There is always net
>activity being received onto my computer even when it is not being used and
>nothing is running. Please advise if at all possible as to what this is:
>Thanks very much.
>
> Microsoft Windows XP [Version 5.1.2600]
> (C) Copyright 1985-2001 Microsoft Corp.
>
> C:\Documents and Settings\user>netstat
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP xppro:1046 64.215.164.234:http ESTABLISHED
> TCP xppro:1047 207.46.20.93:http ESTABLISHED
> TCP xppro:1048 64.4.21.189:https ESTABLISHED
> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>

The http connections are the Windows Update site. Maybe you have automatic
updates turned on? (good)

The other lines appear to be UPnP traffic from your computer to your local
router. Nothing suspicious. You can disable Universal Plug and Play on the
router and/or turn off the services that support it on your PC if you don't
like it. (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service and
Universal Plug
and Play Device Host to disabled and stopped ) MSN/Windows Live Messenger,
if you use it, is also known to generate some UPnP traffic on its own
regardless of whether you turn the services off.

About UPnP:
http://www.microsoft.com/technet/prodtechnol/winxppro/evalua te/upnpxp.mspx
http://en.wikipedia.org/wiki/Universal_Plug_and_Play


--
Colin Nash
Microsoft MVP
Windows Shell/User

Re: Need Opinion on the Following Suspicious Activity

"Colin Nash [MVP]" wrote in message
news:eF%23gr5lwGHA.4880@TK2MSFTNGP04.phx.gbl...
>
> "Jeff Lloyd" wrote in message
> news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>>is activity galore...see below. I am not too sure how to address this.
>>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>>Firewall did not catch anything sinister either. There is always net
>>activity being received onto my computer even when it is not being used
>>and nothing is running. Please advise if at all possible as to what this
>>is: Thanks very much.
>>
>> Microsoft Windows XP [Version 5.1.2600]
>> (C) Copyright 1985-2001 Microsoft Corp.
>>
>> C:\Documents and Settings\user>netstat
>>
>> Active Connections
>>
>> Proto Local Address Foreign Address State
>> TCP xppro:1046 64.215.164.234:http ESTABLISHED
>> TCP xppro:1047 207.46.20.93:http ESTABLISHED
>> TCP xppro:1048 64.4.21.189:https ESTABLISHED
>> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
>> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
>> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>>
>
> The http connections are the Windows Update site. Maybe you have
> automatic updates turned on? (good)
>
> The other lines appear to be UPnP traffic from your computer to your local
> router. Nothing suspicious. You can disable Universal Plug and Play on
> the router and/or turn off the services that support it on your PC if you
> don't like it. (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service
> and Universal Plug
> and Play Device Host to disabled and stopped ) MSN/Windows Live
> Messenger, if you use it, is also known to generate some UPnP traffic on
> its own regardless of whether you turn the services off.
>
> About UPnP:
> http://www.microsoft.com/technet/prodtechnol/winxppro/evalua te/upnpxp.mspx
> http://en.wikipedia.org/wiki/Universal_Plug_and_Play
>
>
> --
> Colin Nash
> Microsoft MVP
> Windows Shell/User
>
Colin, thanks very much for your explanation to this. Much appreciated.

Jeff

Re: Need Opinion on the Following Suspicious Activity

"Colin Nash [MVP]" wrote in message
news:eF%23gr5lwGHA.4880@TK2MSFTNGP04.phx.gbl...
>
> "Jeff Lloyd" wrote in message
> news:cc219$44e4ec79$4528b82c$10515@ALLTEL.NET...
>>I noticed that even when I have nothing open in Windows XP Pro SP2, there
>>is activity galore...see below. I am not too sure how to address this.
>>Spyware software didn't catch anything out of the ordinary and ZoneAlarm
>>Firewall did not catch anything sinister either. There is always net
>>activity being received onto my computer even when it is not being used
>>and nothing is running. Please advise if at all possible as to what this
>>is: Thanks very much.
>>
>> Microsoft Windows XP [Version 5.1.2600]
>> (C) Copyright 1985-2001 Microsoft Corp.
>>
>> C:\Documents and Settings\user>netstat
>>
>> Active Connections
>>
>> Proto Local Address Foreign Address State
>> TCP xppro:1046 64.215.164.234:http ESTABLISHED
>> TCP xppro:1047 207.46.20.93:http ESTABLISHED
>> TCP xppro:1048 64.4.21.189:https ESTABLISHED
>> TCP xppro:2869 192.168.0.1:6063 TIME_WAIT
>> TCP xppro:2869 192.168.0.1:6064 TIME_WAIT
>> TCP xppro:2869 192.168.0.1:6065 TIME_WAIT
>>
>
> The http connections are the Windows Update site. Maybe you have
> automatic updates turned on? (good)
>
> The other lines appear to be UPnP traffic from your computer to your local
> router. Nothing suspicious. You can disable Universal Plug and Play on
> the router and/or turn off the services that support it on your PC if you
> don't like it. (Start-> Run-> SERVICES.MSC and set SSDP Discovery Service
> and Universal Plug
> and Play Device Host to disabled and stopped ) MSN/Windows Live
> Messenger, if you use it, is also known to generate some UPnP traffic on
> its own regardless of whether you turn the services off.
>
> About UPnP:
> http://www.microsoft.com/technet/prodtechnol/winxppro/evalua te/upnpxp.mspx
> http://en.wikipedia.org/wiki/Universal_Plug_and_Play
>
>
> --
> Colin Nash
> Microsoft MVP
> Windows Shell/User
>
Colin, thanks very much for your explanation to this. Much appreciated.

Jeff