OK, grave-digging a bit here in case this helps someone out there who might have been wasting time being paranoid like I did for a few hours. I stumbled upon this thread Googling so eventually another person will do the same and be more at ease after reading.
I, too, had the same issue as the OP above. Spent a few hours over a couple weeks time trying to solve this issue. In reality, it's not an issue at all. What I found was I have been using hostman to keep my hosts file updated to protect against ads and malware, or both.
What suddenly occurred to me after combing though the hosts file is that
is the first entry in the entire file that uses 127.0.0.1 as localhost, after a lengthy list of redirects to 0.0.0.0.
So, I created and entry right above this first 127.0.0.1 that looked like this:
127.0.0.1 00mylogin.anydomain.net #test
Notice the 2 zeros, that was to make it be the first of the 127.0.0.1 entries in the host file. I suspect hostman or the people who create the MVPS hosts file like to keep it alphabetical.
After I did this netstat -a showed the domain I inserted (made up no less) instead of the suspicious looking 0koryu0.easter.ne.jp domain.
So, if you have redirects in your hosts file such as the above and fiddle with netstat you're going to see connections to the first one in the hosts list, instead of the familiar "localhost" or the name of your machine. (I've seen both testing this).
Mystery solved, we're not hacked.
Edited by jkr4m3r, 06 March 2015 - 07:03 PM.