In my norton anti-virus log I see:
Details: Rule "Default Block Dmsetup Trojan horse" blocked (18.104.22.168,58).
Inbound TCP connection.
Local address,service is (ORANGE(my ip address),58).
Remote address,service is (22.214.171.124,2079).
Process name is "N/A".
Time: 3/21/2006 11:38:31 PM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=1056)
Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped
The second one gets blocked around 30 to 40 times a day.
Any idea what is going on?