AVG firewall told me that wgatray.exe was trying to contact Microsoft, which I blocked.
(I still haven't figured out why I have a system process trying to contact Napster every time I power back up from Stand By mode)
so I downloaded and ran Process Explorer, which showed that I'm running some processes that I don't want (like Remote Registry - waiting for the hotfix link for that one)
Under Process Explorer, I found that one of the svchost.exe processes ( 908 if that matters ) had two UDP connections listed:
Protocol: UDP Local Address: freighter:ntp Remote Address: *.* ( btw: freighter is my machine's name )
Protocol: UDP Local Address: 007guard.com:ntp Remote Address: *.* <-- this is the one that concerned me.
I had to edit in the field names for each line since I don't know how to use blog formatting hardly.
I googled 007guard and found listings of the exe files that are installed as part of that worm. Having checked for those files, I found none installed. I also did a full system scan with AVG Internet Security last night, so I'd be a little surprised to find an infection just after that.
I checked my hosts file, and "127.0.0.1 007guard.com" is my first entry. Is the entry shown above just a result of my hosts file? If so then all is fine, and I've got no worries.
but if just a little more tech info is needed to see if I've got some weird malware, here's more info:
Hitting the "Stack" button (thread stack at the time port was opened) in Process Explorer gives me this:
Hoping that this is at least nominally clear, thanks for your help!
Edit: Moved topic to the more appropriate forum. ~ Animal