Spyware not identified?

[David Jones]

C:\Windows\System32\rundll32.exe and C:\Windows\System32
\winlogon.exe are repeatedly trying to connect to the
Internet, specifically:
TCP Connection to h-213.61.6.3.host.de.colt.net
[213.61.6.3:80]
TCP Connection to hosting-68.76.rev.fr.colt.net
[213.41.76.68:80]
TCP Connection to 4.78.20.4:80
TCP Connection to 208.185.54.9.speedera.com
[208.185.54.9:80]

I understand that both of these exe's are integral parts
of XP, and it's whatever's calling them that's the
problem. I've got Norton Antivirus, and Microsoft Spyware
running and I've scanned my drives with AntiVir but
they've found nothing. I've stopped or disabled as many
services as I can, and done the same with msconfig to
prune the programs that run on startup

I can shutdown the RunDLL32.exe using Task Manager, but
not WinLogon.exe as it's a 'critical system process'

For now, I've just set Kerio Firewall to block both exe's
from accessing the Internet, but I'd like to find a more
permanent solution, because it repeatedly tries to
connect, increasing the local port number each time, until
I get a buffer overflow error and have to reboot.

 

[Monitor]

Submit a Suspected Spyware Report

 

[Bill Sanderson]

I can't tell what's going on here--but this may be legit traffic.

Is your ISP colt.net, or do they use colt.net's facilities?