Using the uninstall from program files\disc folder stopped myFTP.exe from accessing the internet via Rockford.discoverconsole.com.
I believed the full problem to be resolved. I was wrong
ZoneAlarm is still blocking daily and regular attempts to access miorsocft.com (this is the correct spelling at easy glance it might be mistaken as Microsoft) at IP 18.104.22.168 via Winlogon.exe.
I believe this to be a key logger of some type.
Beware, if you have an unprotected machine, it may be attempting to steal your accounts and passwords.
I have used Microsoft's RootKitRevealer, Spybot, Norton Anti-virus, Norton SystemWorks and ZoneAlarm to no avail.
Searching the web has not revealed a solution.
ZoneAlarm recently identified win32.backdoor.agent.aro spyware and quarentineed it, but the winlogon.exe attempts to miorsocft.com continues.
I use Microsoft FrontPage to edit a couple of 3rd party hosted web sites.
Those sites were compromized, apparently by miorsocft.com,
and the infection latter 'cleaned' by their anti-virus update as admitted by
I have cleaned up the code, where necessary, both on my computer and web host.
I have not logged on to these sites in the last 2 weeks
I have re-established the FP security protocol on the 3rd party host.
Researching this issue on net has found obscure references to rsbo.exe kb1ss1p.dll kb1ss1p.sys in3.dll - I have found none of the programs on the PC or in the registry.
I have researched winlogon.exe on the net and my files seem to have the right date, time stamps, and byte count - there are 2 versions of the file in the windows/system32 and windows/system32/dllcache folders.
Further help is needed.
The only alternative I can think without help
is to reformat the hard drive and reload using the HP recovery disk set - we all know what an ardous task that can be.
If I have this problem there must be others with it, perhaps unaware of it.