Unkown Internet Activity

I'm running XP home and have a DSL connection running through a protected wireless connection. As soon as I turn on the laptop, internet activity starts and runs nonstop unless I disable my wireless connection. If I click on the connection status several thousand packets are being sent and recieved. How can I find out where this internet activity is coming from and disable it?

Download TCPView.
Unzip download file and double click on Tcpview.exe to run the program.
When the program is fully running, go File>Save As and save the report as TCP.txt.
Post report's content in your next reply.

to avoid time wasted troubleshooting, are you able to replace it with
another better router?

What does make you believe, it's a router problem?
We don't even know, if the OP has a router.

routers are flaky (i have two
that work when they want). i've seen bad reviews, esp about netgear dsl routers.
this is going to take awhile, lol.

I'm not sure where you're getting those certain statements from, but since the OP didn't reply yet and I don't have a crystal ball, I can't know if he has a router to start with and then, if it's Netgear brand and yet it's bad...

I agree with Broni. Let's see where this traffic is coming from/going to.

My first thought is malware, but it could be something as simple as Windows Update or an anti-virus program set to automatically check for updates.

Bill253
feelin' so fly like a cheesehead!

i didn't see your first response to the poster, until i had posted my first response,
so no offense. i remembered that i had a netgear nic that quit working as well (30 dollars
down the drain). i understand that we need all the facts, so i'll be patient.
thank you for the connections program link.

Edited by cogs10, 06 February 2011 - 11:45 PM.

My first thought is malware

Very possible, so I wanted to see, where all that traffic is coming from....

Thanks Broni,

Ran TCPView and this is what I got.

alg.exe 3208 TCP Tony 1052 Tony 0 LISTENING
AppleMobileDeviceService.exe 1800 TCP Tony 27015 localhost 1029 ESTABLISHED
AppleMobileDeviceService.exe 1800 TCP Tony 27015 Tony 0 LISTENING
ccsvchst.exe 1908 TCP Tony 1044 Tony 0 LISTENING
CLI.exe 1472 TCP Tony 1026 Tony 0 LISTENING
CLI.exe 3964 TCP Tony 1030 Tony 0 LISTENING
iexplore.exe 1532 UDP Tony 1059 * *
iTunesHelper.exe 3064 TCP Tony 1029 localhost 27015 ESTABLISHED
jqs.exe 1856 TCP Tony 5152 localhost 1142 CLOSE_WAIT
jqs.exe 1856 TCP Tony 5152 Tony 0 LISTENING
lsass.exe 708 UDP Tony isakmp * *
lsass.exe 708 UDP Tony 4500 * *
mDNSResponder.exe 1816 TCP Tony 5354 Tony 0 LISTENING
mDNSResponder.exe 1816 UDP Tony 1025 * *
mDNSResponder.exe 1816 UDP tony.myhome.westell.com 5353 * *
mDNSResponder.exe 1816 UDP Tony 50899 * *
svchost.exe 1024 TCP tony.myhome.westell.com 1173 a72-247-219-64.deploy.akamaitechnologies.com http ESTABLISHED 67 13,458 1,691 7,233,509 201 143,252 1 31
svchost.exe 980 TCP Tony epmap Tony 0 LISTENING
svchost.exe 1024 UDP Tony 1172 * * 1,664 1,664 1,664 1,664 28 28 28 28
svchost.exe 1308 UDP tony.myhome.westell.com 1900 * *
svchost.exe 1024 UDP Tony ntp * *
svchost.exe 1024 UDP tony.myhome.westell.com ntp * *
svchost.exe 1308 UDP Tony 1900 * *
System 4 TCP tony.myhome.westell.com netbios-ssn Tony 0 LISTENING
System 4 TCP Tony microsoft-ds Tony 0 LISTENING
System 4 UDP tony.myhome.westell.com netbios-ns * *
System 4 UDP tony.myhome.westell.com netbios-dgm * *
System 4 UDP Tony microsoft-ds * *

Let's see what Broni has to say about this, but I notice:

AppleMobileDeviceService.exe 1800 TCP Tony 27015 localhost 1029 ESTABLISHED
AppleMobileDeviceService.exe 1800 TCP Tony 27015 Tony 0 LISTENING

Does this mean you have an Apple device - Ipod, Ipad, Iphone, etc. connecting or trying to connect to your XP system (or the other way around)?

The other one is:

iTunesHelper.exe 3064 TCP Tony 1029 localhost 27015 ESTABLISHED

Which makes me think iTunes downloads/updates might be occurring, or trying to.

I'm not sure what jqs.exe is, but my untrained eye doesn't see anything else suspicious. As I said, let's see what Broni has to say.

Bill253

jqs.exe is Java Quick Starter - legit

I don't see anything suspicious.

I removed Itunes and Apple Mobile and ran TCPView again. The actvity is still present.

alg.exe 3588 TCP Tony 1044 Tony 0 LISTENING
ccsvchst.exe 1616 TCP Tony 1043 Tony 0 LISTENING
CLI.exe 2816 TCP Tony 1038 Tony 0 LISTENING
CLI.exe 1372 TCP Tony 1027 Tony 0 LISTENING
jqs.exe 1548 TCP Tony 5152 Tony 0 LISTENING
lsass.exe 536 UDP Tony isakmp * *
lsass.exe 536 UDP Tony 4500 * *
mDNSResponder.exe 1504 TCP Tony 5354 Tony 0 LISTENING
mDNSResponder.exe 1504 UDP Tony 1025 * *
mDNSResponder.exe 1504 UDP tony.myhome.westell.com 5353 * *
mDNSResponder.exe 1504 UDP Tony 54461 * *
svchost.exe 812 TCP Tony epmap Tony 0 LISTENING
svchost.exe 936 UDP tony.myhome.westell.com 1900 * *
svchost.exe 936 UDP Tony 1900 * *
svchost.exe 3544 UDP Tony ntp * *
svchost.exe 3544 UDP tony.myhome.westell.com ntp * *
svchost.exe 3544 TCP tony.myhome.westell.com 1090 a184-84-255-25.deploy.akamaitechnologies.com http ESTABLISHED 113 22,939 2,800 12,713,694 128,218 28
svchost.exe 3544 UDP Tony 1089 * * 2,854 2,854 2,854 2,854 36 36 36 36
System 4 TCP tony.myhome.westell.com netbios-ssn Tony 0 LISTENING
System 4 TCP Tony microsoft-ds Tony 0 LISTENING
System 4 UDP tony.myhome.westell.com netbios-ns * * 3 150
System 4 UDP tony.myhome.westell.com netbios-dgm * *
System 4 UDP Tony microsoft-ds * *

Ithen deleeted the svchost.exe labeled akamaitetechnologies wich says its deployed from a remote address and the activity stops but in just a few minutes it reestabishes a connection and starts up again.

Router, modem constant activity is normal.

As for Akamai, there is nothing to worry about.

Just to quote: http://pressf1.pcworld.co.nz/archive/index.php/t-33444.html

Akamai provides many IT services like application hosting, content delivery,
and streaming media services, but they are probably best known for their
massive distributed computer infrastructure. In lay terms, they have upwards
of 15,000+ servers positioned around the globe providing content (software
downloads, etc) and media (like QuickTime, RealAudio, or Windows Media
files) for their customers (the likes of Apple, GM, MTV, Department of
Defense, IBM, Microsoft, Monster.com, Yahoo!, Adobe...).

So there is no way to know what kind of activity is actually going on. It is consuming all of my bandwith and I have a maximum download of 350MB/day then my provider slows me to below dialup speed. I have left the computer on for over an hour at my business where there is no maximum and it continues.