D
drodg
Use: Dell laptop, WinXP Pro, behind Dlink router, no firewall running,
mcafee anti-virus updated, all xp updates done, Adaware updates done, use
Mozilla browser plus IE.
I'm puzzled!...
- When PC is idle I run DOS Netstat -o. It periodically shows a mystery
connection to unknown.Level3.net:http and unknown.Level3.net:https. PID
shows as 780. Sometimes shows as ESTABLISHED while most of the time shows
as CLOSE WAIT.
- Trace route shows the IP as 209.245.19.42. Belongs to www.level3.com.
When I run Tasklisk /svc it shows PID 780 as svchost.exe.
- PID 780 svchost.exe contains:
AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation,
Netman, Nla, Schedule, seclogon, SENS, ShellHWDetection, srservice,
TermService, Themes, TrkWks, uploadmgr, W32Time, winmgmt, wuauserv, WZCSVC.
My question is: is the data being sent to Level3 safe, necessary or
possible spyware? Are there other ways to find out? Thank you.
mcafee anti-virus updated, all xp updates done, Adaware updates done, use
Mozilla browser plus IE.
I'm puzzled!...
- When PC is idle I run DOS Netstat -o. It periodically shows a mystery
connection to unknown.Level3.net:http and unknown.Level3.net:https. PID
shows as 780. Sometimes shows as ESTABLISHED while most of the time shows
as CLOSE WAIT.
- Trace route shows the IP as 209.245.19.42. Belongs to www.level3.com.
When I run Tasklisk /svc it shows PID 780 as svchost.exe.
- PID 780 svchost.exe contains:
AudioSrv, BITS, Browser, CryptSvc, Dhcp, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation,
Netman, Nla, Schedule, seclogon, SENS, ShellHWDetection, srservice,
TermService, Themes, TrkWks, uploadmgr, W32Time, winmgmt, wuauserv, WZCSVC.
My question is: is the data being sent to Level3 safe, necessary or
possible spyware? Are there other ways to find out? Thank you.