Constant Activity

[Thermo1223]

OK This is for my work computer. It has DSL with WinXP Firewall turned on and Zonealarm. Yet the activity light on the modem still blinks away for now reason. I have removed as much spyware as I could find with about 3 scanners. It has Norton Coporate Anti-Virus and was scanned yesterday. I ran netstat and this is all the shit I get. Can someone please explain to me what going on.



Active Connections

Proto Local Address Foreign Address State
TCP allentown:3053 dyn-83-155-55-63.ppp.tiscali.fr:microsoft-ds TI
ME_WAIT
TCP allentown:3153 dyn-83-155-123-73.ppp.tiscali.fr:microsoft-ds T
IME_WAIT
TCP allentown:3174 38-134-37-213.libre.auna.net:microsoft-ds ESTAB
LISHED
TCP allentown:3202 35.103.236.48:microsoft-ds ESTABLISHED
TCP allentown:3211 bzq-218-161-42.red.bezeqint.net:microsoft-ds ES
TABLISHED
TCP allentown:3212 155.198.121.100:microsoft-ds SYN_SENT
TCP allentown:3213 85-63-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3214 77-63-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3215 dsl-201-135-215-88.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3216 81.218.227.0:microsoft-ds SYN_SENT
TCP allentown:3217 dyn-83-155-56-81.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3218 218-167-195-0.dynamic.hinet.net:microsoft-ds SY
N_SENT
TCP allentown:3219 dsl-201-135-40-1.prod-infinitum.com.mx:microsoft
-ds SYN_SENT
TCP allentown:3221 218-167-86-229.dynamic.hinet.net:microsoft-ds S
YN_SENT
TCP allentown:3223 dsl-201-135-123-199.prod-infinitum.com.mx:micros
oft-ds SYN_SENT
TCP allentown:3227 bzq-218-81-45.red.bezeqint.net:microsoft-ds EST
ABLISHED
TCP allentown:3228 218-167-35-1.dynamic.hinet.net:microsoft-ds SYN
_SENT
TCP allentown:3229 dyn-83-155-94-69.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3230 218-167-125-162.dynamic.hinet.net:microsoft-ds
SYN_SENT
TCP allentown:3231 78-191-37-213.libre.auna.net:microsoft-ds TIME_
WAIT
TCP allentown:3232 dyn-83-155-55-65.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3233 dsl-201-135-214-44.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3235 dsl-201-135-36-48.prod-infinitum.com.mx:microsof
t-ds SYN_SENT
TCP allentown:3236 2-85-37-213.libre.auna.net:microsoft-ds SYN_SEN
T
TCP allentown:3237 42.Red-80-33-137.pooles.rima-tde.net:microsoft-d
s SYN_SENT
TCP allentown:3238 160.Red-80-33-61.pooles.rima-tde.net:microsoft-d
s SYN_SENT
TCP allentown:3239 13-212-37-213.libre.auna.net:microsoft-ds TIME_
WAIT
TCP allentown:3240 dsl-201-135-236-54.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3242 79-191-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3244 bzq-218-74-81.red.bezeqint.net:microsoft-ds SYN
_SENT
TCP allentown:3245 72.190.119.150:microsoft-ds SYN_SENT
TCP allentown:3246 dsl-201-135-97-65.prod-infinitum.com.mx:microsof
t-ds SYN_SENT
TCP allentown:3248 dsl-201-135-238-84.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3250 213.37.43.0:microsoft-ds SYN_SENT
TCP allentown:3253 92-113-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3254 dsl-201-135-5-71.prod-infinitum.com.mx:microsoft
-ds SYN_SENT
TCP allentown:3255 pool-151-197-193-224.phil.east.verizon.net:micro
soft-ds SYN_SENT
TCP allentown:3256 dyn-83-155-123-33.ppp.tiscali.fr:microsoft-ds T
IME_WAIT
TCP allentown:3258 78-40-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3259 dsl-201-135-92-123.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3260 bzq-218-255-44.red.bezeqint.net:microsoft-ds SY
N_SENT
TCP allentown:3261 194.220.46.45:microsoft-ds SYN_SENT
TCP allentown:3262 63-98-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3263 bzq-218-162-5.red.bezeqint.net:microsoft-ds SYN
_SENT
TCP allentown:3267 dsl-201-135-78-63.prod-infinitum.com.mx:microsof
t-ds SYN_SENT
TCP allentown:3268 3-118-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3269 213.37.195.0:microsoft-ds SYN_SENT
TCP allentown:3270 43.Red-80-33-137.pooles.rima-tde.net:microsoft-d
s SYN_SENT
TCP allentown:3271 dyn-83-155-52-32.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3273 dyn-83-155-123-34.ppp.tiscali.fr:microsoft-ds S
YN_SENT
TCP allentown:3274 86-160-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3275 28-53-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3276 63-156-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3277 86-43-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3278 bzq-218-240-5.red.bezeqint.net:microsoft-ds SYN
_SENT
TCP allentown:3279 67-139-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3282 16.141.117.239:microsoft-ds SYN_SENT
TCP allentown:3284 141.211.124.190:microsoft-ds SYN_SENT
TCP allentown:3285 ip67-154-83-87.z83-154-67.customer.algx.net:micr
osoft-ds SYN_SENT
TCP allentown:3287 bzq-218-253-38.red.bezeqint.net:microsoft-ds SY
N_SENT
TCP allentown:3288 72-238-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3289 141.211.21.4:microsoft-ds SYN_SENT
TCP allentown:3291 47.127.230.148:microsoft-ds SYN_SENT
TCP allentown:3292 dyn-83-155-112-73.ppp.tiscali.fr:microsoft-ds S
YN_SENT
TCP allentown:3293 bzq-218-241-82.red.bezeqint.net:microsoft-ds SY
N_SENT
TCP allentown:3295 20.18.197.33:microsoft-ds SYN_SENT
TCP allentown:3296 107.26.221.222:microsoft-ds SYN_SENT
TCP allentown:3300 dsl-201-135-211-52.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3305 dyn-83-155-250-197.ppp.tiscali.fr:microsoft-ds
SYN_SENT
TCP allentown:3307 141.211.104.31:microsoft-ds SYN_SENT
TCP allentown:3308 dsl-201-135-221-67.prod-infinitum.com.mx:microso
ft-ds SYN_SENT
TCP allentown:3310 71-227-37-213.libre.auna.net:microsoft-ds SYN_S
ENT
TCP allentown:3311 bzq-218-240-77.red.bezeqint.net:microsoft-ds SY
N_SENT
TCP allentown:3313 pool-151-197-235-121.phil.east.verizon.net:micro
soft-ds SYN_SENT
TCP allentown:3314 81.218.59.0:microsoft-ds SYN_SENT
TCP allentown:3316 bzq-218-22-241.cablep.bezeqint.net:microsoft-ds
SYN_SENT
TCP allentown:3318 bzq-218-162-72.red.bezeqint.net:microsoft-ds TI
ME_WAIT
TCP allentown:3319 dsl-201-135-34-70.prod-infinitum.com.mx:microsof
t-ds SYN_SENT
TCP allentown:3322 bzq-218-14-50.cablep.bezeqint.net:microsoft-ds
SYN_SENT
TCP allentown:3324 dsl-201-135-76-48.prod-infinitum.com.mx:microsof
t-ds SYN_SENT
TCP allentown:3326 54-34-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3327 bzq-218-225-42.red.bezeqint.net:microsoft-ds SY
N_SENT
TCP allentown:3330 18.206.125.77:microsoft-ds SYN_SENT
TCP allentown:3331 pool-151-197-200-233.phil.east.verizon.net:micro
soft-ds SYN_SENT
TCP allentown:3332 107.134.136.113:microsoft-ds SYN_SENT
TCP allentown:3334 cdu07d186.cncm.ne.jp:microsoft-ds SYN_SENT
TCP allentown:3335 216.246.47.27:microsoft-ds SYN_SENT
TCP allentown:3336 214.176.116.65:microsoft-ds SYN_SENT
TCP allentown:3337 61.54.120.92:microsoft-ds SYN_SENT
TCP allentown:3338 28-88-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3339 bzq-218-136-150.cablep.bezeqint.net:microsoft-ds
SYN_SENT
TCP allentown:3340 pool-151-197-55-58.phil.east.verizon.net:microso
ft-ds SYN_SENT
TCP allentown:3341 pool-151-197-215-41.phil.east.verizon.net:micros
oft-ds SYN_SENT
TCP allentown:3342 61.54.188.47:microsoft-ds SYN_SENT
TCP allentown:3343 dyn-83-155-244-27.ppp.tiscali.fr:microsoft-ds S
YN_SENT
TCP allentown:3344 client-151-197-78-32.jgwfunding.com:microsoft-ds
SYN_SENT
TCP allentown:3345 dyn-83-155-85-28.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3348 212.147.175.179:microsoft-ds SYN_SENT
TCP allentown:3349 53.148.253.233:microsoft-ds SYN_SENT
TCP allentown:3350 105.204.157.160:microsoft-ds SYN_SENT
TCP allentown:3351 pool-151-197-183-136.phil.east.verizon.net:micro
soft-ds SYN_SENT
TCP allentown:3352 136.224.159.185:microsoft-ds SYN_SENT
TCP allentown:3353 164.47.234.52:microsoft-ds SYN_SENT
TCP allentown:3354 pool-151-197-125-59.phil.east.verizon.net:micros
oft-ds SYN_SENT
TCP allentown:3355 61.54.117.101:microsoft-ds SYN_SENT
TCP allentown:3356 54-66-37-213.libre.auna.net:microsoft-ds SYN_SE
NT
TCP allentown:3357 dyn-83-155-18-74.ppp.tiscali.fr:microsoft-ds SY
N_SENT
TCP allentown:3358 dyn-83-155-64-231.ppp.tiscali.fr:microsoft-ds S
YN_SENT
TCP allentown:3359 141.211.8.114:microsoft-ds SYN_SENT
TCP allentown:3360 48.Red-80-33-221.pooles.rima-tde.net:microsoft-d
s SYN_SENT

Thanks in Advance.

 

[k1pp3r]

You might have stuff being redirected off your computer, Download HijackThis, just google for it, and post the results and I can take a look at them.

 

[scrotus]

I know that my cable modem activity light always goes constantly. ALways has. I can't remember if dsl did the same thing though.

 

[Thermo1223]

OK I have figured it out, after many more numerous virus and anti-spyware sweeps. I looked at the activity per program in ZoneAlarm. Well first it showed it was explorer spouting all that rubish but after denying access to explorer from the interent IE wouldn't work. Then I saw the Generic Host Process for windows was having mucho activity as well. I accidently granted it server access. I big no-no, I granted the power that regardless of firewall that my computer could be a server to anyone, anywhere. I opened up the task manager and saw that SVCHOST.EXE was one of many but the one I wanted was the one which was growing in size fast. It was already at 15 megs when I terminated it, also explorer.exe was the same growing and at 20 megs. I terminated the process and the activity stopped imediatley and explorer shrunk too. No more constant access.