new firewall attacks

What firewall were you using before?

Do you recognize the below

Code:

 [url="http://samspade.org/t/whois?a=81-174-209-211.pth-as2.dial.plus.net;server=auto"][color=#800080]81-174-209-211.pth-as2.dial.plus.net[/color][/url] = [ [url="http://samspade.org/t/whois?a=81.174.209.211;server=auto"][color=#0000ff]81.174.209.211[/color][/url] ] 
 
PlusNet Technologies Ltd 
	 Technology Building Terry Street Sheffield S9 2BU 
	 Sheffield S Yorkshir S9 2BU 
	 GB 
	 Domain Name: [url="http://samspade.org/t/whois?a=PLUS.NET;server=auto"][color=#0000ff]PLUS.NET[/color][/url] 
	 Administrative Contact: 
		 Plusnet Technologies Ltd [email="hostmaster@plus.net.uk"][color=#0000ff]hostmaster@plus.net.uk[/color][/email]
 
		 Plusnet Technologies Ltd 
		 Internet House Victoria Quays 
		 Sheffield South York S47YA 
		 GB 
		 Phone: 01142200000 
		 Fax: 

What OS do you have?
Have you run ALL the steps in the sticky thread below:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

You said you installed a new firewall. Did you have a different one before Sygate? Or did you really mean that you finally installed a firewall because you did not have one?

What version of WinXP? SP1, SP1a, or SP2? Do you have all of your Windows Updates?

Did you run the READ ME FIRST? You should go thru the steps below:


- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

It could just be, as you said, the firewall doing its job. If you want to be sure there are not other visible malware problems, you should post the HijackThis log I requested and I will look.

 

Your log is clean other than the below items:


O15 - Trusted Zone: http://www.antiquephotographer.com
O15 - Trusted Zone: www.antiquestradegazette.com

We just do not like to see anything added to the Trusted Zone because it is almost never needed and makes it to easy for bad stuff to hide there.

 

You're welcome. You should check out the steps covered in the below thread to help keep you clean:

How to Protect yourself from malware!