Wireshark-users: Re: [Wireshark-users] Tons of ARP packets...?
From: "Small, James" <JSmall@xxxxxxxxxxxx>
Date: Fri, 13 Jul 2007 18:51:49 -0400
IchBin,

> Still need to find the bugger who is causing that problem. Or more
> interestingly where is this xxz0n3dxx.dyndns.org coming from on my
> machine. I did a global text search for xxz0n3dxx.dyndns.org and only
> found in 5 files but these related to the emails I have sent to this
> newsgroup. Maybe I should look for just xxz0n3dxx or dyndns by
themselves.
> 
> When I see these Standard Queries, in real time, I see the Process-ids
> associated but no associated program initiating that process.

If this is a Windows machine, One thing you can try is installing
ZoneAlarm of Kerio's personal firewall.  This allows you to selectively
block network access on a per process basis.  While it could be time
consuming, you can start with a default deny where when anything wants
network access you must approve it.  The obvious programs like your
browser and E-mail client you can grant access.  For other programs that
request access you can google their process/binary name to learn more
about them.  There is a wealth of information on-line.

Once you find a process you don't like, try using something like the
Sysinternal's Process Explorer to learn more about the process.  Then
hopefully you can uninstall/delete/disable it.

If you didn't already, you may want to try installing Windows Defender
or other anti-spyware programs to check the PC.  If it's just one
program you might be able to kill it.  If it's a nasty one though you
might have to re-image/re-format the machine.  Some nasties are almost
impossible to eradicate.

Good Luck,
  --Jim