Does this look okay? I've been told that there should only be 1 or 2 items in here.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Eddie>netstat

Active Connections

Proto Local Address Foreign Address State
TCP EDDIE_LAPTOP:1738 localhost:1739 ESTABLISHED
TCP EDDIE_LAPTOP:1739 localhost:1738 ESTABLISHED
TCP EDDIE_LAPTOP:1755 localhost:1756 ESTABLISHED
TCP EDDIE_LAPTOP:1756 localhost:1755 ESTABLISHED
TCP EDDIE_LAPTOP:1432 adsl-75-18-127-248.dsl.scrm01.sbcglobal.net:5185
7 CLOSING
TCP EDDIE_LAPTOP:1436 5ac29fa7.bb.sky.com:21366 FIN_WAIT_1
TCP EDDIE_LAPTOP:1438 56-240-91-219.static.youtele.com:12312 CLOSING
TCP EDDIE_LAPTOP:1471 c-24-2-239-12.hsd1.ct.comcast.net:63590 FIN_WAI
T_1
TCP EDDIE_LAPTOP:1475 j198009.upc-j.chello.nl:38266 CLOSING
TCP EDDIE_LAPTOP:1528 soll1-156.cust.blixtvik.net:http FIN_WAIT_2
TCP EDDIE_LAPTOP:1529 soll1-156.cust.blixtvik.net:http CLOSING
TCP EDDIE_LAPTOP:1534 soll1-167.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1536 soll1-167.cust.blixtvik.net:1337 FIN_WAIT_1
TCP EDDIE_LAPTOP:1537 soll1-167.cust.blixtvik.net:6969 CLOSING
TCP EDDIE_LAPTOP:1539 soll1-167.cust.blixtvik.net:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1540 soll1-199.cust.blixtvik.net:1337 CLOSING
TCP EDDIE_LAPTOP:1541 soll1-167.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1545 soll1-167.cust.blixtvik.net:6969 TIME_WAIT
TCP EDDIE_LAPTOP:1546 soll1-167.cust.blixtvik.net:6969 FIN_WAIT_1
TCP EDDIE_LAPTOP:1549 soll1-167.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1553 soll1-156.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1556 soll1-167.cust.blixtvik.net:1337 LAST_ACK
TCP EDDIE_LAPTOP:1558 soll1-156.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1569 C-59-100-124-43.bri.connect.net.au:8174 TIME_WA
IT
TCP EDDIE_LAPTOP:1577 77.247.176.135:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1586 soll1-167.cust.blixtvik.net:6969 FIN_WAIT_2
TCP EDDIE_LAPTOP:1587 soll1-167.cust.blixtvik.net:http FIN_WAIT_2
TCP EDDIE_LAPTOP:1589 unknown.rackforce.com:34802 ESTABLISHED
TCP EDDIE_LAPTOP:1593 soll1-167.cust.blixtvik.net:6969 FIN_WAIT_1
TCP EDDIE_LAPTOP:1601 c-71-232-115-3.hsd1.ma.comcast.net:13696 TIME_W
AIT
TCP EDDIE_LAPTOP:1602 BSN-142-142-120.dial-up.dsl.siol.net:25055 FIN_
WAIT_1
TCP EDDIE_LAPTOP:1603 soll1-167.cust.blixtvik.net:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1606 77.247.176.135:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1610 77.247.176.151:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1611 soll1-167.cust.blixtvik.net:http FIN_WAIT_1
TCP EDDIE_LAPTOP:1617 77.247.176.134:http LAST_ACK
TCP EDDIE_LAPTOP:1620 10-37-201-123.static.youtele.com:49448 ESTABLIS
HED
TCP EDDIE_LAPTOP:1627 tracker.torrentbox.com:2710 FIN_WAIT_1
TCP EDDIE_LAPTOP:1629 5aca5429.bb.sky.com:32459 CLOSING
TCP EDDIE_LAPTOP:1633 host-196-205-145-28.static.link.com.eg:14360 ES
TABLISHED
TCP EDDIE_LAPTOP:1634 stgt-4d02a84d.pool.mediaWays.net:53375 TIME_WAI
T
TCP EDDIE_LAPTOP:1636 static249-248.adsl.no:63235 TIME_WAIT
TCP EDDIE_LAPTOP:1641 dsl88.242-18869.ttnet.net.tr:16755 ESTABLISHED
TCP EDDIE_LAPTOP:1646 soll1-167.cust.blixtvik.net:http TIME_WAIT
TCP EDDIE_LAPTOP:1647 soll1-167.cust.blixtvik.net:1337 FIN_WAIT_1
TCP EDDIE_LAPTOP:1662 77.247.176.135:http ESTABLISHED
TCP EDDIE_LAPTOP:1665 sladinki007.net:6500 FIN_WAIT_2
TCP EDDIE_LAPTOP:1672 ool-4354c453.dyn.optonline.net:25674 FIN_WAIT_1

TCP EDDIE_LAPTOP:1673 c-4965e055.556-1-64736c21.cust.bredbandsbolaget.
se:24223 TIME_WAIT
TCP EDDIE_LAPTOP:1691 tracker.hexagon.cc:2710 ESTABLISHED
TCP EDDIE_LAPTOP:1692 soll1-167.cust.blixtvik.net:6969 FIN_WAIT_1
TCP EDDIE_LAPTOP:1695 catv-d5debe48.catv.broadband.hu:12247 CLOSING
TCP EDDIE_LAPTOP:1697 soll1-167.cust.blixtvik.net:1337 TIME_WAIT
TCP EDDIE_LAPTOP:1700 84.238.100.4:20846 TIME_WAIT
TCP EDDIE_LAPTOP:1702 c83-255-103-82.bredband.comhem.se:56342 FIN_WAI
T_1
TCP EDDIE_LAPTOP:1705 68-114-226-24.dhcp.fdul.wi.charter.com:34672 ES
TABLISHED
TCP EDDIE_LAPTOP:1709 cpc3-brig7-0-0-cust642.brig.cable.ntl.com:33220
FIN_WAIT_1
TCP EDDIE_LAPTOP:1715 soll1-167.cust.blixtvik.net:1337 FIN_WAIT_1
TCP EDDIE_LAPTOP:1716 a10.ip1.netikka.fi:24436 TIME_WAIT
TCP EDDIE_LAPTOP:1717 248-20.62-81.cust.bluewin.ch:53141 TIME_WAIT
TCP EDDIE_LAPTOP:1719 soll1-167.cust.blixtvik.net:1337 CLOSING
TCP EDDIE_LAPTOP:1720 soll1-167.cust.blixtvik.net:1337 TIME_WAIT
TCP EDDIE_LAPTOP:1721 56-240-91-219.static.youtele.com:12312 FIN_WAIT
_1
TCP EDDIE_LAPTOP:1724 cpe-74-74-210-8.rochester.res.rr.com:6905 FIN_W
AIT_1
TCP EDDIE_LAPTOP:1726 123-243-38-140.tpgi.com.au:53612 TIME_WAIT
TCP EDDIE_LAPTOP:1729 soll1-167.cust.blixtvik.net:6969 ESTABLISHED
TCP EDDIE_LAPTOP:1730 084202118030.customer.alfanett.no:53145 FIN_WAI
T_1
TCP EDDIE_LAPTOP:1736 c-68-35-132-46.hsd1.nm.comcast.net:55082 TIME_W
AIT
TCP EDDIE_LAPTOP:1741 77.247.176.134:http LAST_ACK
TCP EDDIE_LAPTOP:1744 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1745 soll1-199.cust.blixtvik.net:1337 ESTABLISHED
TCP EDDIE_LAPTOP:1746 77.247.176.135:http ESTABLISHED
TCP EDDIE_LAPTOP:1747 194-144-96-32.du.xdsl.is:47510 ESTABLISHED
TCP EDDIE_LAPTOP:1749 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1750 nf-in-f99.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1751 nf-in-f147.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1753 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1754 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_LAPTOP:1757 soll1-167.cust.blixtvik.net:1337 FIN_WAIT_1
TCP EDDIE_LAPTOP:1758 cpe-74-74-210-8.rochester.res.rr.com:6905 TIME_
WAIT
TCP EDDIE_LAPTOP:1767 c-67-188-91-224.hsd1.ca.comcast.net:44646 TIME_
WAIT
TCP EDDIE_LAPTOP:1769 h29n6c1o1114.bredband.skanova.com:38379 FIN_WAI
T_1
TCP EDDIE_LAPTOP:1781 75-172-57-104.tukw.qwest.net:30066 CLOSING
TCP EDDIE_LAPTOP:1785 78.34.100-74.rev.gaoland.net:14677 FIN_WAIT_1
TCP EDDIE_LAPTOP:1787 bas4-toronto12-1168021312.dsl.bell.ca:47529 FIN
_WAIT_1
TCP EDDIE_LAPTOP:1790 85.8.4.142.static.se.wasadata.net:64277 TIME_WA
IT
TCP EDDIE_LAPTOP:1793 77.247.176.135:http ESTABLISHED
TCP EDDIE_LAPTOP:1800 80.67.86.16:http ESTABLISHED
TCP EDDIE_LAPTOP:1802 soll1-167.cust.blixtvik.net:http ESTABLISHED
TCP EDDIE_LAPTOP:1803 adsl-212-240-84.cha.bellsouth.net:49152 CLOSING

TCP EDDIE_LAPTOP:1804 79.80-202-17.nextgentel.com:59693 FIN_WAIT_1
TCP EDDIE_LAPTOP:1808 soll1-199.cust.blixtvik.net:1337 LAST_ACK
TCP EDDIE_LAPTOP:1809 pool-71-165-189-105.lsanca.fios.verizon.net:2778
8 FIN_WAIT_1
TCP EDDIE_LAPTOP:1812 host-55-56.wimareg.clients.pavlovmedia.com:64005
FIN_WAIT_1
TCP EDDIE_LAPTOP:1814 31.80-203-87.nextgentel.com:10000 FIN_WAIT_1
TCP EDDIE_LAPTOP:1815 77.247.176.151:http TIME_WAIT
TCP EDDIE_LAPTOP:1819 soll1-167.cust.blixtvik.net:1337 TIME_WAIT
TCP EDDIE_LAPTOP:1822 221-128-167-220.static.exatt.net:60417 TIME_WAI
T
TCP EDDIE_LAPTOP:1826 sladinki007.net:6500 SYN_SENT
TCP EDDIE_LAPTOP:1827 host-89-228-254-110.olsztyn.mm.pl:29548 ESTABLI
SHED
TCP EDDIE_LAPTOP:1830 82-32-222-253.cable.ubr08.newt.blueyonder.co.uk:
11595 TIME_WAIT
TCP EDDIE_LAPTOP:1831 220-131-105-62.HINET-IP.hinet.net:10631 ESTABLI
SHED
TCP EDDIE_LAPTOP:1832 ip70-173-195-219.lv.lv.cox.net:54024 ESTABLISHE
D
TCP EDDIE_LAPTOP:1834 201-64-166-239.ultrawave.com.br:12622 ESTABLISH
ED
TCP EDDIE_LAPTOP:1836 193.138.231.146:2710 ESTABLISHED
TCP EDDIE_LAPTOP:1837 81-235-228-105-no91.tbcn.telia.com:42233 ESTABL
ISHED
TCP EDDIE_LAPTOP:1839 ip565b3805.direct-adsl.nl:14119 FIN_WAIT_1
TCP EDDIE_LAPTOP:1840 borg55.upnaway.com:60393 TIME_WAIT
TCP EDDIE_LAPTOP:1841 75-165-235-20.slkc.qwest.net:33769 ESTABLISHED
TCP EDDIE_LAPTOP:1846 soll1-199.cust.blixtvik.net:1337 ESTABLISHED
TCP EDDIE_LAPTOP:1850 c-6a05e655.36-5-64736c11.cust.bredbandsbolaget.s
e:26372 ESTABLISHED
TCP EDDIE_LAPTOP:1851 c-76-27-48-25.hsd1.ut.comcast.net:61962 ESTABLI
SHED
TCP EDDIE_LAPTOP:1852 193.138.231.146:2710 SYN_SENT
TCP EDDIE_LAPTOP:1853 soll1-167.cust.blixtvik.net:6969 ESTABLISHED
TCP EDDIE_LAPTOP:1854 cpe-74-74-210-8.rochester.res.rr.com:6905 ESTAB
LISHED
TCP EDDIE_LAPTOP:1857 86-41-68-193.b-ras2.chf.cork.eircom.net:53606 E
STABLISHED
TCP EDDIE_LAPTOP:1858 ppp121-44-54-67.lns10.syd7.internode.on.net:6111
4 TIME_WAIT
TCP EDDIE_LAPTOP:1859 wireless-gw.geneva.edu:14671 SYN_SENT
TCP EDDIE_LAPTOP:1860 81-236-239-157-no38.tbcn.telia.com:62290 ESTABL
ISHED
TCP EDDIE_LAPTOP:1861 cpe-024-025-038-064.ec.res.rr.com:46507 ESTABLI
SHED
TCP EDDIE_LAPTOP:1863 lit75-1-81-57-238-3.fbx.proxad.net:48306 SYN_SE
NT
TCP EDDIE_LAPTOP:1864 65-73-72-71.bras01.rnd.wi.frontiernet.net:32459
ESTABLISHED
TCP EDDIE_LAPTOP:1865 h131n1fls34o282.telia.com:18471 ESTABLISHED
TCP EDDIE_LAPTOP:1866 108.25.95.219.kmr01-home.tm.net.my:45682 SYN_SE
NT
TCP EDDIE_LAPTOP:1867 ip-204-197.belltel.ph:10604 SYN_SENT
TCP EDDIE_LAPTOP:1868 77.247.176.134:http ESTABLISHED
TCP EDDIE_LAPTOP:1869 tracker.hexagon.cc:2710 ESTABLISHED
TCP EDDIE_LAPTOP:1870 soll1-199.cust.blixtvik.net:1337 ESTABLISHED
TCP EDDIE_LAPTOP:1872 tracker.torrentbox.com:2710 SYN_SENT
TCP EDDIE_LAPTOP:1873 adsl-152-112-23.asm.bellsouth.net:6880 SYN_SENT


C:\Documents and Settings\Eddie>

Well I can see your useing bittorrent at a glance, but no idea if anything suspicious is there.

Well I sent an email to my ISP asking them to upgrade my connection to 8meg because last time they offered it me I did not have a compatible modem. But no I do I wanted the 8Meg connection.

All I got back was an auto reply about connection speeds and I have two run netstat and if there are more than 1 or 2 entries there is a problem with my computer and they cannot help me further until i fix it.

So I'm thinking this is a load of rubbish, because with just two FF tabs open and no P2P this is the result.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Eddie>netstat

Active Connections

Proto Local Address Foreign Address State
TCP EDDIE_DESKTOP:1030 localhost:27015 ESTABLISHED
TCP EDDIE_DESKTOP:3517 localhost:27015 ESTABLISHED
TCP EDDIE_DESKTOP:3535 localhost:3536 ESTABLISHED
TCP EDDIE_DESKTOP:3536 localhost:3535 ESTABLISHED
TCP EDDIE_DESKTOP:3537 localhost:3538 ESTABLISHED
TCP EDDIE_DESKTOP:3538 localhost:3537 ESTABLISHED
TCP EDDIE_DESKTOP:27015 localhost:1030 ESTABLISHED
TCP EDDIE_DESKTOP:27015 localhost:3517 ESTABLISHED
TCP EDDIE_DESKTOP:1211 by1msg3145605.phx.gbl:1863 ESTABLISHED
TCP EDDIE_DESKTOP:3540 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3543 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3544 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3545 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3546 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3547 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3548 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3549 nf-in-f99.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3550 nf-in-f147.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3551 nf-in-f104.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3560 bu-in-f18.google.com:http TIME_WAIT
TCP EDDIE_DESKTOP:3566 bu-in-f18.google.com:http TIME_WAIT
TCP EDDIE_DESKTOP:3567 bu-in-f18.google.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3569 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3571 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3572 ug-in-f164.google.com:http CLOSE_WAIT
TCP EDDIE_DESKTOP:3573 ug-in-f164.google.com:http CLOSE_WAIT
TCP EDDIE_DESKTOP:3574 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3575 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3576 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3577 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3578 agony.olympustechgroup.com:http ESTABLISHED
TCP EDDIE_DESKTOP:3579 agony.olympustechgroup.com:http ESTABLISHED

C:\Documents and Settings\Eddie>

FWIW, here's what I see:

C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP MAIN:3092 localhost:3093 ESTABLISHED
TCP MAIN:3093 localhost:3092 ESTABLISHED
TCP MAIN:3094 localhost:3095 ESTABLISHED
TCP MAIN:3095 localhost:3094 ESTABLISHED
TCP MAIN:3121 localhost:3122 ESTABLISHED
TCP MAIN:3122 localhost:3121 ESTABLISHED
TCP MAIN:3129 localhost:3130 ESTABLISHED
TCP MAIN:3130 localhost:3129 ESTABLISHED
TCP MAIN:1074 cs49.msg.dcn.yahoo.com:5050 ESTABLISHED
TCP MAIN:1078 sip32.voice.re2.yahoo.com:https ESTABLISHED
TCP MAIN:3117 incoming.verizon.net:pop3 TIME_WAIT
TCP MAIN:3120 216.207.68.57:http ESTABLISHED
TCP MAIN:3125 199.106.212.28:http ESTABLISHED
TCP MAIN:3126 199.106.212.28:http ESTABLISHED

The command netstat -b displays the executables responsible for the network connections or listening ports. One of my FF connections has 4 ports opened as indicated by 'netstat -b.'

According to a google search on agony.olympustechgroup.com, this seems to relate back to KH itself channeled through AZ aka Smokey. How are you connecting to KH forums as I do NOT get any of the same open ports showing? The other repeated one, blixtvik.net, is a Sweedish site, I believe. Looks like a web monitoring service? Is this your ISP?

One of many good sources on the command: http://www.rrsecurity-abuse.com/netstat.html

If you are concerned, do you have any FireWall running other than Windows? Check the firewall's log, if curious.

I've got AVG internet security.

I have the following ports forwarded 28149, 3724, 6112, 6881 - 6999. The first ones for uTorrent but the rest are for World of Warcraft (which i no longer play so I can remove anyway). There is nothing weird in my firewall or router log. I am connecting with a fixed IP and DNS address, but I cant see that making any difference.

Arrr I've just ran netstat -b on the desktop and most of the connections are for uTorrent.exe. I think there is an open connection for every peer and seeder im connected to. Which is why there are so many. There are a few for MSN and Skype and about 5 for firefox. I'm not getting the agony.olympustechgroup.com ones here so ill look on the laptop to see if its still there later.

Nope my ISP isnt sweedish, its just been brought by AOL so I would expect something American for that. I should think that it is probity TPB as a few of my torrents are tracked there.

Thanks

Turn off all your Internet applications and close down all applications. Then run it again.


NETSTAT

Then NETSTAT -b if needed to see what applications are opening a connection.


Here is what I have on my system with only Firefox open to this page.


C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP b:2241 localhost:2242 ESTABLISHED
TCP b:2242 localhost:2241 ESTABLISHED
TCP b:2243 localhost:2244 ESTABLISHED
TCP b:2244 localhost:2243 ESTABLISHED

As you can see I have no applications opening or keeping open any connection on my network card except Firefox. If you do then you have something talking. Not that there is anything wrong with that, but your ISP does not want to support you running a dedicated network support type service or Peer2Peer software. So, shut it all down, run your test again and then do a copy/paste and e-mail it to them. Tell them you found some application that was running on your system that you didn't even know was there.