Not at all is not my ISP!!!!

My internal IP is assigned automatically by my hardware rounter wich make it even more strange that is show as that.

I use a linksys wtr 54g router ....... and a alcatel speedtouch dsl modem


rikytik what hardware do you use?

My router is the same model as yours Sony. I don't use Charter either and am connected by cable.

The appearance of the mosow.eau connection also reflects the internal 192.168.101 ip apparently generated by the router. The connection seems to be PC#1 connecting to PC#2 Both are hardwired to the router. It is on PC#1 that I found the moscow entries in the registry using Registry Crawler. None of my scanning stuff found them. I did a whole sale reg clean and in poking around found about 4,000 directories in HKEY_USERS\S-1-5-21-2025429265-1580436667-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ that relate to mostly pop up and other spyware type connections that happened over the past year or two. Those directories appear to be void of any useful data, probably due to the registry cleaner (Registry Medic 3). It removed 100+ entries. But those thousands of directories are still there. Just trying to figure my next step.

Haven't rulled out a clean install and start fresh with a new attitude about security.

hmmm i searched everywhere my regestry and i only found the entry from xstat nothing else.

I'm really confused about this one ....i run every possible virus and trojan scanner that i know of most of the spyware tools and nothing is found on my system

I even passed the bloody test that i posted in this thread.

I alwasy been extra carefull with my system security .........i'm thinking that xstat is somehow detecting the ndisuio.sys used by linksys router as that but i'm not really sure.............

If you find more info let me know I will do the same

Sony

Yes, occurred to me also it is curious that this is happening with two same model Linksys routers.

I am going to restore this machine to a much earlier image and see what I find there, then decide about a clean install. Hmm. We'll see. I'll be following this thread! :)

Sony, one observation. I notice in your screen shot that the "Process" is Firefox.exe.

The 3 instances where I copied the connection info, all mine were "System".

Not sure what that means.

yeah i have system too
everything that i double click in xstats show as moscow with my internal IP

wondering if it's just a problem with x netstat and our hardware... i really like to test a different software and see

I have been think it is PC#1, but I just found this in the registry of PC#2

I'm wondering if this is simply part of x-netstat

A better view of the registry tree relating to preceeding screen shot. You think we've been chasing our tail on this one?

I think is part of the DNS cache of xnetstats
if you open xnetstats and go to tools > option

click on edit DNS cache

you will notice that in the cache internal IP is equal to the freaking moscow name

close the dns cache

still in option click on clear dns cache

close xnetstat

restart it

now your internal IP should show your computer name !!!! yayay

Off-topic now, put here just to make it clear.

Sorry for that. It was h**p://www.wi.charter.com/ that asked for authentication. moscow weren't there (at least not http, right).