BACKGROUND
I am on a cable connection in the UK with no other PCs or printers attached. I use FILSECLAB's personal firewall.
I downloaded and installed "TreeWalk DNS" a week ago on my XP Pro system. As I am in the UK I also installed the "ORSC Slave-Root" package. I have to say I am not particularly familiar with the technical details of DNS lookups.
OBSERVATIONS
Today I booted up. Before I manually launched anything I saw the following entries shown below in my firewall monitor.
These entries have worried me because for the last week my PC has been hesitating for several seconds before connecting to servers such as
Spybot (latest version with latest updates) reports nothing.
QUESTIONS FOR ANYONE
1: Which entries below are expected and which are unusual?2: Have I got some subtle malware on my system?
3: How can I track back from these entries to find what programs invoked NAMED.EXE to make these network connections?4: Should I remove Treewalk or does it make no difference?
For the time being I have put these into my hosts file in order to restrain them from connecting.
Thank you for any help.
-------- LIST OF SELECTED FIREWALL MONITOR ENTRIES --------
NOTES:
(1) There were often several entries for each IP address but I have listed only one. (2) My IP address with port 1025 was always shown for each of these entries (3) The program associated with each entry was always Treewalk's NAMED.EXE. (4) In most cases, 70 bytes were sent and none received but for
192.5.6.30 (for which the IP lookup keeps failing) there was as much as 10 KB of traffic in each direction! (5) Sadly I can't find out anything for 194.54.112.30/FLUETANO.=====
38.113.2.100 :53 Jerky Network Services, Mass199.166.26.100 :53 VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM
199.166.29.100 :53 VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM 199.166.31.100 :53 VRx Network Services Inc. server=JFWHOME.FUNHOUSE.COM194.54.112.30 :53 FLUENTANO, Hostmaster Bergen Nett og Media, Norway
193.0.14.129 :53 Subnet for k.root-servers.net192.5.6.30 :53 a.gtld-servers.net [sent 10595 bytes & received 11369 bytes]
192.26.92.30 :53 VeriSign Global Registry 192.26.92.32 :53 VeriSign Global Registry 192.33.14.30 :53 Verisign 198.41.0.4 :53 Verisign202.12.29.59 :53 Asia Pacific Network Information Center, Australia
216.239.34.10 :53 Google [I have Google Desktop Search]------- END LIST OF SELECTED FIREWALL MONITOR ENTRIES --------