Do you have an IP Bird?
I have these:
216.207.204.212
204.244.24.129 looks to be a proxy
154.20.7.47 -> ip47.montreal110.dialup.canada.psi.net
66.27.232.88 -> bak-66-27-232-88.bak.rr.com
66.114.140.2 -> pia140-2.pioneernet.net
64.167.25.130 -> adsl-64-167-25-130.dsl.lsan03.pacbell.net
64.167.25.130 1 -> Cust191.tnt4.everett2.wa.da.uu.net
63.22.5.191 1 -> Cust191.tnt4.everett2.wa.da.uu.net
63.11.77.206 -> 1Cust206.tnt12.everett2.wa.da.uu.net
24.51.7.206 -> oh-chillicothe3a-462.chlcoh.adelphia.net
24.161.242.173 -> 24161242hfc173.tampabay.rr.com
24.160.57.20 -> sc-24-160-57-20.socal.rr.com
24.160.58.66 -> sc-24-160-58-66.socal.rr.com

Can anyone confirm if the above UA is used for Microsoft® Agent [microsoft.com]??

For September I have the following:

Microsoft Internet Explorer/4.40.426:
24.9.100.227 -> c1089955-a.desot1.tx.home.com
66.73.6.139
66.88.81.53 -> w053.z066088081.nyc-ny.dsl.cnc.net

EmailSiphon:
207.30.161.195 -> user195.net023.fl.sprint-hsd.net
208.237.123.244
209.219.13.156 -> ocnsd1-blk1-hfc-0251-d1db0d9c.rdc1.sdca.coxatwork.com

Like yours, those look like random dialup/DSL addresses to me.
Could it be that this is actually a worm, that infects and abuses "innocent" Windows machines across the net, with the real perpetrator hidden somewhere else, controlling his "agents" remotely?

i can tell you that the c1089955-a.desot1.tx.home.com
is a home computer. runing on excites@home service. course excite went bankrupt a month ago.

Hey littleman,
As odd as this may sound :-(
Where are you getting the following info?
Is it the result of "pings or tracerts" or does it come in your logs?

Thanks in advance

-> ip47.montreal110.dialup.canada.psi.net
-> bak-66-27-232-88.bak.rr.com
-> pia140-2.pioneernet.net
-> adsl-64-167-25-130.dsl.lsan03.pacbell.net
-> Cust191.tnt4.everett2.wa.da.uu.net
-> Cust191.tnt4.everett2.wa.da.uu.net
-> 1Cust206.tnt12.everett2.wa.da.uu.net
-> oh-chillicothe3a-462.chlcoh.adelphia.net
-> 24161242hfc173.tampabay.rr.com
-> sc-24-160-57-20.socal.rr.com
-> sc-24-160-58-66.socal.rr.com