I have Windows XP set as a server with 6 WinXP and Win2000 workstations. It is behind a hardware firewall and I also use the standard windows firewall. Remote access is enabled.
Yesterday the network was sluggish and internet access slow. I discovered a connection under the network places called "Local Area Connection on Linux IGD". It was active and about 120GB had passed through the connection. I was unable to delete the connection until I had disconnected from the internet.
Under properties it stated SVCHOST(192.168.1.4:1043) 49093 UDP, External Port 49093 UDP, Internal Port 1043.
After rebooting the server the connection reloaded. The log file shows numerous anonymous logins (every minute or so).
I have scanned the server with Kaspersky online, Adware, SpyBot, AVG antivirus and AVG antispyware with no unusual results. Every time I delete the connection it reloads.
I have attached the file from Hijackthis.
I would appreciate some help.