Help with cleaning my home computer (after running Network Probe)

Help with cleaning my home computer (after running Network Probe)

am 12.09.2007 06:24:03 von mCassidy

I am looking for some help on identifying what type of activity is
possibly happening on my home computer and what I can do about it.

I suspected that there was SOME type of activity as my HDD always
seems to be running..just a teeny little bit at a time but when there
is nothing going on in the room I notice it. I went through the
updates of Spybot, Ad-aware, Spywareblaster.. cleaned up some usual
junk but nothing serious. I did a little bit of reading and ended up
downloading Network Probe. I figured out how to view the activity
from my computer and right away it looked like I had a lot of activity
from a Protocol named ether.ARP. Looking at the conversations using
this protocol I see a growing list transferring anywhere from ~1KB up
to about 30KB over a varied amount of packets.

For example, the largest size (32.7KB) was first seen at 23:01:26
(when I first started the program) and by the latest sighting at
23:49:56 had transferred (now) 33.3KB over 533 packets. Neither the
Source Host or Destination Host matches my IP address/Default Gateway.

ether.ARP is the top protocol for activity in the past hour with 3.7MB
over 60,000+ packets!! That just doesn't seem like normal activity!

Looking closer at the list of conversations for this protocol I see a
few key Source Hosts:
1) cpe-xx-xxx-xx-x.cinci.res.rr.com
2) VOIP-xx-xxx-xx-x.cinci.rr.com
3) user-xxxxxxx.cable.mindspring.com
4) rrcs-xx-xxx-xx-xxx.central.biz.rr.com
5) dhcp-xx-xx-xxx-xxx.cinci.twc.wcoilexpress.com

(There are a couple variations of the xx's through the list but these
are the major hosts)

Anyhow, I am a little stumped from here. Some of the Source Hosts
share the same IP as my Default Gateway. I am wondering what I can do
with this information and how I can stop this information from being
transferred through my computer? I thought that I could possibly
block each of these addresses.. but I am not sure that is the best
solution.

Hopefully someone can help me towards the right direction.

Thanks :)