So I was looking at my cmd.exe > netstat -ano and I noticed that there were two PID's (4472)(9032) that had the same IP address that was showing as established. When I went to compare the PIDs to the task manager, there is no such thing as PID 4472 or 9032.
I'm trying to find out how to delete or terminate these because I believe my computer might be hacked. Whenever I try netstat -b or -o, it doesn't show any programs or things open with those PIDS. so I can't even try to delete the /im or anything.
Any ideas on how to fix this problem?
procdump -ma 4472
andprocdump -ma 9032
does it also say they are not there or does it create dumps for the process? The dumps if created would be useful. If that doesn't help and netstat still shows the PID, I'd probably run Process Explorer or Process Hacker to confirm they don't see it, maybe TCPView. If no, then LiveKd+Windbg and take a look at the list of processes the kernel think exists.