I have recently seen an increase in network in/out activity on my server and am trying to determine if my AWS/EC2 instance has been compromised, and if so, how to resolve?

In my security group I have:

Inbound: 80 (HTTP) 0.0.0.0/0

Outbound: 80 (HTTP) 0.0.0.0/0 443 (HTTPS) 0.0.0.0/0

Using TCP-UDP Endpoint Viewer:

I see a lot of w3wp.exe TCP processes with varying local ports http and numbered, as well as varying remote ports.

Some processes go red/yellow/green on updates .

I see Remote address for most w3wp processes are my ec2 instance, however I am seeing several to *.deploy.akamaitechnologies.com and *.deploy.static.akamaitechnologies.com with received bytes varying between 4-11 megs.

I also see Ec2Config.exe, remote address: 169.254.169.254

System Process Remote Address: fetcher4-4.p.mail.ru (how can I get rid of this one?!) local port: http remote port: 33432

I am also seeing some system processes from 114.216-244-93-rdns.wowrack.com: Protocol: TCP local port: http remote port: varying

As well as some baiduspider "System Process"'s.

I'm afraid that my system may have been compromised, and wondering if these results are any indication of that.

If so, how can I get eliminate these possible threats?

I have MS Security Essentials installed.