A port-scan would show up slightly differently to a firewall that's blocking it, though, you'd get LOTS of entries or pop-up windows to show you of the activity hitting sequential ports...

Not saying that the activity noted above isn't a manual attack, but from experience of dealing with this kind of thing in work, it's "normally" the trojan trying to spread itself automatically......you'll probably find, in 99 out of 100 cases, that the person whose computer it is doesn't even know their own computer is doing it.

Also, port-scans tend to go for the more "popular" ports, like 25 (SMTP), 21 (FTP), telnet (23), and so on, as they're more easily abused by someone who knows what to do with them.