Last night i was using my PC and all seemed fine.
But today i turned it on and when i logged into windows, opened internet explorer and after the internet explorer became visible on screen i was asked to supply the zonealarm password.
This has never happened to me before, as i have technically done nothing that would require me to need enter it.
I received no pop up by zonealarm in the bottom right of the screen telling me that a program was doing anything strange.
I did not enter the zonealarm password because i felt that it should not have asked me to do so... Is something trying to change the settings of zonealarm?
anyway i restarted my pc and i can't remember exactly when but in windows or just before i logged in i got a blue screen in the background with various text that automatically restarted my computer.
When i logged in now i opened zonealarm and checked the logs... well i noticed that the number of alerts, for both standard and high alerts under blocked intrusions in the overview tab was up by quite a lot but this is normal for that to happen... but in the log (firewall) it was completely empty... i have never gone into the logs (that defaults to firewall) and found them completely empty before.
Slowly but surely the firewall logs start to increase again as i watch.
Now i take a look in OS Firewall logs which has only 1 alert in it from today, i don't check these logs regularily so i can't say if there should be more.
This one OS Firewall log says: High, gives a recent time of within the last 20 minutes so must have happened on one of my log ins to the pc today.. Type: Process, Subtype: Spawn process, Data: C:\WINDOWS\system32\rundll32.exe, Program: C:\WINDOWS\explorer.exe, Action taken: is blank, Count: 1.
When i hover over the description it says "Windows Explorer was trying to launch C:\WINDOWS\system32\rundll32.exe, or use another program to gain access to privileged resources"
I take a look in the program logs and there is just one alert in there for zlclient.exe which is connecting to an ip address and the destination dns is something like my internet service provider.
I took a look in windows event viewer, i have set all logs to 5mb... There are no security or internet explorer logs, tbh i don't know if thats normal.
There are application and system logs i can't see anything meaningful in them...
some application logs to say
"Windows saved user PC-1\x registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."
though i have quite a number of those alerts.
So do you think i was hacked?