Re 2 firewalls - what I mean is the router has a hardware firewall, which is set to only allow in HTTP and HTTPS. Then on my PCs (I have a couple) I am running the free Zone Alarm so that I can see what is going on, and pick up / block any outgoing rubbish that I may not want. (hence I have been able to pick up these outbound network login attempts)
I also ran the spyware /adware scanner available as an Active X from Sophos (hence you will see the references to activescanner or pps in Hijackthis)
Finally, from the Sophos scanner, I know that I have a couple of odd items that I don't really want but am stuck with, relating to Kodak Easyshare, and also WinMX music downloads.
HijackThis Log file is:
Logfile of HijackThis v1.97.7
Scan saved at 07:38:10, on 28/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\StarOffice7\program\soffice.exe
C:\Documents and Settings\Dave\My Documents\downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.wanadoo.c...rch/default.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wanadoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.ukR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ppctlcab -
http://69.44.122.156...er/ppctlcab.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://69.44.122.156...r/axscanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabJust for good measure, the sort of stuff Zone Alarm has started to pick up (and this only started a couple of days ago) is lots of...
ACCESS,2004/09/26,16:55:18 +1:00 GMT,Windows NT Logon Application was temporarily blocked from connecting to the local zone (192.168.0.1:DNS).,N/A,N/A
ACCESS,2004/09/26,16:55:30 +1:00 GMT,Messenger was blocked from accepting a connection from the local zone (192.168.0.1:Port 2050).,N/A,N/A
ACCESS,2004/09/26,16:55:52 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.94.29.64:HTTP).,N/A,N/A
ACCESS,2004/09/26,16:55:52 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (69.20.20.161:HTTP).,N/A,N/A
ACCESS,2004/09/26,16:57:04 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.74.134.64:HTTP).,N/A,N/A
ACCESS,2004/09/26,16:58:18 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (192.168.0.1:DNS).,N/A,N/A
ACCESS,2004/09/26,16:58:34 +1:00 GMT,Windows NT Logon Application was temporarily blocked from connecting to the Internet (192.168.0.1:DNS).,N/A,N/A
ACCESS,2004/09/26,16:58:40 +1:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (192.168.0.2:Port 68).,N/A,N/A
ACCESS,2004/09/26,16:59:18 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.94.29.14:HTTP).,N/A,N/A
ACCESS,2004/09/26,16:59:18 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (69.20.20.161:HTTP).,N/A,N/A
ACCESS,2004/09/26,16:59:34 +1:00 GMT,Windows NT Logon Application was temporarily blocked from connecting to the local zone (192.168.0.1:DNS).,N/A,N/A
ACCESS,2004/09/26,16:59:38 +1:00 GMT,Messenger was blocked from accepting a connection from the local zone (192.168.0.1:Port 2050).,N/A,N/A
ACCESS,2004/09/26,17:00:32 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.94.29.64:HTTP).,N/A,N/A
ACCESS,2004/09/26,17:07:16 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.74.134.64:HTTP).,N/A,N/A
ACCESS,2004/09/26,17:08:22 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (64.94.29.14:HTTP).,N/A,N/A
ACCESS,2004/09/26,17:08:22 +1:00 GMT,Run a DLL as an App was blocked from connecting to the Internet (69.20.20.161:HTTP).,N/A,N/A
ACCESS,2004/09/26,17:09:14 +1:00 GMT,Windows NT Logon Application was temporarily blocked from connecting to the local zone (192.168.0.1:DNS).,N/A,N/A
Any ideas?
Dave R