What you are looking for is a startup monitor, right? That is to say, an application that will advise you of ALL applications that are running at startup.
For that purpose you have - at your choice - the following: StartupCPL StartupMonitor Startup_full StartMan I use 1 and 4, if that means anything (the first, goes through Control Panel; and the other, is a comprehensive report tool that tells you where each is installed and how it runs from the Windows Registry). If you are worried that you may have a backdoor trojan running - hard to conceive that it is not loaded at startup - you can get a trojan and backdoor scanner by doing a Google search. Should you wish to get a packet sniffer to check out what is being processed through your stack when connected, then you can get: tcpspy ethereal-setup-0.9.2 Now, if you wish to control and check what changes have been made to any Windows System or other directory file - or any other critical drive and directory for that matter - you may wish to have: Syslog v3.0 <http://www.xs4all.nl/~hneel/> You may want to have Script Defender from AnalogX so as to turn ON/OFF all the those dangerous scripts that you will come across as you surf the web. That should do it... Luck! Ref: Williams, Larry <[EMAIL PROTECTED]>'s message dated 19 Apr 2002, 13:12 hours. >I googled and found this: > >http://www.niresoft.com/tm.asp > >-----Original Message----- >From: Thomas Madhavan >Sent: Friday, April 19, 2002 10:48 >To: [EMAIL PROTECTED] >Subject: Re: Zonealarm log - what is this? > > >I meant really in the background... I know that something's running if it's >in the system tray... ;) > >Can they run beyond the reach of ctrl-alt-del and the taskbar? If so, is >there some way of detecting this (and any other programs) that may be >lurking? > >Thomas >----- Original Message ----- >From: "Tim Donahue" <[EMAIL PROTECTED]> >To: "'Thomas Madhavan'" <[EMAIL PROTECTED]>; ><[EMAIL PROTECTED]> >Sent: Thursday, April 18, 2002 6:40 PM >Subject: RE: Zonealarm log - what is this? > > >> Yes, many of them continue to run in the background. Check in your system >> tray for icons that belong to them. >> >> Tim Donahue >> >> -----Original Message----- >> From: Thomas Madhavan [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, April 17, 2002 3:27 PM >> To: [EMAIL PROTECTED] >> Subject: Re: Zonealarm log - what is this? >> >> >> Thanks a lot for all your replies : Admittedly I should have checked the >> ZoneAlarm readme and port listings, but why would a P2P port be open? I >have >> no file sharing programs running (do they scan in the background?), or is >it >> just other client servers scanning my computer for ports to connect to? If >> so are there any legal implements about scanning in this way? >> >> Thanks for the ZoneLog information, I'll check it out. >> >> Regards, >> Thomas Madhavan >> ----- Original Message ----- >> From: "Scott Bowlus" <[EMAIL PROTECTED]> >> To: "Thomas Madhavan" <[EMAIL PROTECTED]> >> Cc: <[EMAIL PROTECTED]> >> Sent: Monday, April 15, 2002 6:40 PM >> Subject: Re: Zonealarm log - what is this? >> >> >> > 6346 is the server port for gnutella. Those look like gnutella client >> > requests. The "S" you were asking about is the SYN TCP Header flag, >> > which indicates it is the intial client request for a tcp connection. >> > >> > Scott Bowlus >> > ----- Original Message ----- >> > From: "Thomas Madhavan" <[EMAIL PROTECTED]> >> > To: <[EMAIL PROTECTED]> >> > Sent: Saturday, April 13, 2002 6:22 PM >> > Subject: Zonealarm log - what is this? >> > >> > >> > > Hi guys, I was wondering if you could sate my curiousity. >> > > >> > > My Linux box is a bit dead at the moment (argh I'm a newbie) so I'm >> using >> > > Win98. In my log files I came across this group of entries. >> > > >> > > ZoneAlarm Logging Client v2.6.362 >> > > Windows 98-4.10.2222- A -SP >> > > type,date,time,source,destination,transport >> > > FWIN,2002/03/27,22:00:36 +0:00 >> > GMT,65.80.28.184:1734,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:01:10 +0:00 >> > GMT,65.80.28.184:1921,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:01:40 +0:00 >> > GMT,65.80.28.184:2130,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:02:12 +0:00 >> > GMT,65.80.28.184:2337,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:03:25 +0:00 >> > GMT,65.80.28.184:2820,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:04:46 +0:00 >> > GMT,65.80.28.184:3329,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:06:07 +0:00 >> > GMT,65.80.28.184:3769,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:07:23 +0:00 >> > GMT,65.80.28.184:4243,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:08:42 +0:00 >> > GMT,65.80.28.184:4769,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:10:00 +0:00 >> > GMT,65.80.28.184:1333,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:11:18 +0:00 >> > GMT,65.80.28.184:1803,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:12:33 +0:00 >> > GMT,65.80.28.184:2216,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:13:47 +0:00 >> > GMT,65.80.28.184:2685,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:15:02 +0:00 >> > GMT,65.80.28.184:3168,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:16:23 +0:00 >> > GMT,65.80.28.184:3639,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:17:43 +0:00 >> > GMT,65.80.28.184:4119,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:19:00 +0:00 >> > GMT,65.80.28.184:4557,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:20:15 +0:00 >> > GMT,65.80.28.184:1079,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:21:30 +0:00 >> > GMT,65.80.28.184:1546,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:22:48 +0:00 >> > GMT,65.80.28.184:1994,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:24:07 +0:00 >> > GMT,65.80.28.184:2506,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:25:22 +0:00 >> > GMT,65.80.28.184:2988,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:26:45 +0:00 >> > GMT,65.80.28.184:3487,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:28:10 +0:00 >> > GMT,65.80.28.184:3965,62.253.86.237:6346,TCP >> > > (flags:S) >> > > FWIN,2002/03/27,22:29:31 +0:00 >> > GMT,65.80.28.184:4440,62.253.86.237:6346,TCP >> > > (flags:S) >> > > >> > > They're coming from different IPs, but directed to the same port? >> > > >> > > Could anyone tell me what 'Flags : S' is and also what 'FWIN' is >> > > about? >> > I've >> > > done searches for both but I can't get anything that will briefly >> > > tell >> me >> > > what it's about. >> > > >> > > Thanks. >> > > >> > > Thomas >> > > >> > > >> > >> > >> >> > > > > -- Richard H. Cotterell <mailto:[EMAIL PROTECTED]> You better live your best and act your best and think your best today, for today is the sure preparation for tomorrow and all the other tomorrows that follow. -Harriet Martineau, British writer, illustrator
