Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intrusion Attempts...appears still have problem


  • Please log in to reply
8 replies to this topic

#1 Murphwish

Murphwish

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 13 June 2010 - 11:08 AM

I spent a day with this computer to clean up. It was in very bad shape...ran norton, but determined it had a number of problems that pointed to Malwarebytes...that did a very good job with the visual issues. However now I get a notification from Norton Internet Security that says HIGH - An intrusion attempt by 1iii1i11i1ii.com <this has changed to many different sites> was blocked. Application path \device\harddiskvolume1\windows\system32\svchost.exe. with date and time stamp, status = blocked and no action required.

The Risk name is: HTTPS Tidserv Request 2

I have done some search here and other sites, but I am concerned I haven't gotten an exact match and as I understand it - it is not something I should do with out advice. I am moderately knowledgeable but not expert level - so I need assistance if possible. I am attaching the NIS log file...

system is Microsoft Windows XP Home Edition Version 2002 service pack 3
Thank you

EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Attached Files


Edited by hamluis, 13 June 2010 - 12:02 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 13 June 2010 - 05:10 PM

Is this PC on a network?

Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Now run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Murphwish

Murphwish
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 13 June 2010 - 07:52 PM

Followed directions -
safemode Norton Internet Security - no problems found. note - I did have to reboot after running norton to get the network connection to download TDSSKiller - when starting the browser it did appear to redirect the webpage to a different webpage...so I opened another window and typed in bleepingcomputer.com and hit enter very quickly...got to the site. I noticed that at the end of the instructions it seemed to assume I stayed in safemode and that I should reboot to normal mode - since I had to go into normal mode to download TDSSKiller I may not have had it isolated from the network...I have however not gotten a network notice while updating this entry.

Downloaded TDSSKiller ran it...then ran MalwareBytes as instructed except as noted above - per your request:


"When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here."


19:56:890 3332 ================================================================================
20:19:56:890 3332 SystemInfo:

20:19:56:890 3332 OS Version: 5.1.2600 ServicePack: 3.0
20:19:56:890 3332 Product type: Workstation
20:19:56:890 3332 ComputerName: YOUR-P9V3BEH106
20:19:56:890 3332 UserName: kathleen Winter
20:19:56:890 3332 Windows directory: C:\WINDOWS
20:19:56:890 3332 Processor architecture: Intel x86
20:19:56:890 3332 Number of processors: 2
20:19:56:890 3332 Page size: 0x1000
20:19:56:890 3332 Boot type: Normal boot
20:19:56:890 3332 ================================================================================
20:19:57:781 3332 Initialize success
20:19:57:781 3332
20:19:57:781 3332 Scanning Services ...
20:19:58:031 3332 Raw services enum returned 343 services
20:19:58:046 3332
20:19:58:046 3332 Scanning Drivers ...
20:19:58:328 3332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:19:58:359 3332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:19:58:468 3332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:19:58:515 3332 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:19:58:734 3332 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:19:59:046 3332 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
20:19:59:187 3332 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
20:19:59:218 3332 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
20:19:59:343 3332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:19:59:406 3332 atapi (bca81999c83e2164eaeb3e345dec09f6) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:19:59:406 3332 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: bca81999c83e2164eaeb3e345dec09f6, Fake md5: 9f3a2f5aa6875c72bf062c712cfa2674
20:19:59:406 3332 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 20:20:00:078 3332 Backup copy found, using it..
20:20:00:234 3332 will be cured on next reboot
20:20:00:312 3332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:20:00:375 3332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:20:00:421 3332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:20:00:500 3332 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
20:20:00:609 3332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:20:00:687 3332 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:20:00:781 3332 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys
20:20:00:875 3332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:20:00:906 3332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:20:00:984 3332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:20:01:078 3332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:20:01:125 3332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:20:01:203 3332 cvnd (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\owxbaj.sys
20:20:01:265 3332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:20:01:359 3332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:20:01:484 3332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:20:01:531 3332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:20:01:593 3332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:20:01:656 3332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:20:01:750 3332 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:20:01:781 3332 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:20:01:859 3332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:20:01:953 3332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:20:02:015 3332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:20:02:031 3332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:20:02:109 3332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:20:02:250 3332 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:20:02:265 3332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:20:02:328 3332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:20:02:390 3332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:20:02:484 3332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:20:02:531 3332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:20:02:609 3332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:20:02:687 3332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:20:02:937 3332 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:20:03:250 3332 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
20:20:03:359 3332 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100604.004\IDSxpx86.sys
20:20:03:453 3332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:20:03:640 3332 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:20:03:765 3332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:20:03:796 3332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:20:03:859 3332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:20:03:890 3332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:20:03:937 3332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:20:04:015 3332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:20:04:046 3332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:20:04:109 3332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:20:04:171 3332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:20:04:265 3332 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
20:20:04:296 3332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:20:04:343 3332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:20:04:468 3332 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
20:20:04:515 3332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:20:04:546 3332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:20:04:671 3332 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
20:20:04:812 3332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:20:04:875 3332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:20:04:921 3332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:20:04:968 3332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:20:05:031 3332 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:20:05:093 3332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:20:05:140 3332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:20:05:171 3332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:20:05:218 3332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:20:05:281 3332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:20:05:343 3332 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:20:05:390 3332 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:20:05:515 3332 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:20:05:734 3332 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100613.018\NAVENG.SYS
20:20:05:921 3332 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100613.018\NAVEX15.SYS
20:20:06:062 3332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:20:06:359 3332 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:20:06:421 3332 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:20:06:484 3332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:20:06:515 3332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:20:06:578 3332 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:20:06:625 3332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:20:06:687 3332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:20:06:718 3332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:20:06:765 3332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:20:06:859 3332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:20:06:890 3332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:20:06:921 3332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:20:06:968 3332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:20:07:015 3332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:20:07:093 3332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:20:07:140 3332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:20:07:187 3332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:20:07:234 3332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:20:07:343 3332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:20:07:390 3332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:20:07:437 3332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:20:07:515 3332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:20:07:546 3332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:20:07:593 3332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:20:07:625 3332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:20:07:687 3332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:20:07:750 3332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:20:07:796 3332 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:20:07:875 3332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:20:07:937 3332 RT80x86 (97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32\DRIVERS\RT2860.sys
20:20:08:031 3332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:20:08:078 3332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:20:08:109 3332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:20:08:187 3332 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:20:08:296 3332 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
20:20:08:421 3332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:20:08:468 3332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:20:08:562 3332 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS
20:20:08:625 3332 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS
20:20:08:687 3332 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:20:08:750 3332 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:20:08:843 3332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:20:08:890 3332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:20:08:984 3332 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS
20:20:09:078 3332 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:20:09:156 3332 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS
20:20:09:171 3332 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS
20:20:09:187 3332 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:20:09:218 3332 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:20:09:250 3332 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS
20:20:09:281 3332 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
20:20:09:343 3332 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:20:09:421 3332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:20:09:468 3332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:20:09:515 3332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:20:09:546 3332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:20:09:609 3332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:20:09:687 3332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:20:09:765 3332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:20:09:843 3332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:20:09:921 3332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:20:09:953 3332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:20:10:000 3332 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:20:10:046 3332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:20:10:109 3332 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:20:10:187 3332 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
20:20:10:234 3332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:20:10:296 3332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:20:10:359 3332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:20:10:406 3332 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:20:10:531 3332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:20:10:578 3332 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:20:10:640 3332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:20:10:671 3332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:20:10:703 3332 Reboot required for cure complete..
20:20:10:859 3332 Cure on reboot scheduled successfully
20:20:10:859 3332
20:20:10:859 3332 Completed
20:20:10:875 3332
20:20:10:875 3332 Results:
20:20:10:875 3332 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:20:10:875 3332 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:20:10:875 3332
20:20:10:875 3332 KLMD(ARK) unloaded successfully


==============================================

"After scan click Remove Selected, Post new scan log and Reboot into normal mode. "

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4195

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2010 8:36:54 PM
mbam-log-2010-06-13 (20-36-54).txt

Scan type: Quick scan
Objects scanned: 137661
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 13 June 2010 - 08:10 PM

Despite the difficulties,looks like we got it. Use it a day and then let me know if it's still good and we'll mop up.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Murphwish

Murphwish
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 13 June 2010 - 08:17 PM

Yes - so far behaving...thanks - I'll give you an update tomorrow night. Murphwish! :thumbsup:

Edited by Murphwish, 13 June 2010 - 08:31 PM.


#6 Murphwish

Murphwish
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 14 June 2010 - 07:54 PM

so it looks like it was all good. I used the pc last night didn't notice any issues - or notices...and just got home...looked at the log - and only shows "info" except for one "High" which is related to connection to an unsecure access point (yes I know...)

Here is the log...please note the fixes were before 9am last night 6/13/2010 - this log goes over a longer period of time, but I am not attempting to edit...

Thanks

Category: Firewall - Network and Connections
Date & Time,Severity,Activity,Status,Recommended Action,Category,Gateway Physical Address,Subnet Identifier
6/14/2010 8:35 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport\" (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/14/2010 8:35 PM,High,You are connected to a trusted wireless network that is not secure. (00 0F 66 09 E4 8D),Protected,No Action Required,,00 0F 66 09 E4 8D,
6/14/2010 8:35 PM,High,You are connected to a trusted wireless network that is not secure. (192.168.122.0/255.255.255.0),Protected,No Action Required,,,192.168.122.0/255.255.255.0
6/14/2010 8:35 PM,High,You are connected to a trusted wireless network that is not secure. (0.0.0.0/0.0.0.0),Protected,No Action Required,,,0.0.0.0/0.0.0.0
6/14/2010 8:35 PM,Info,"IP address has disappeared from adapter Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport and is no longer being protected (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/13/2010 9:11 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0
6/13/2010 9:11 PM,High,You are connected to a trusted wireless network that is not secure. (00 0F 66 09 E4 8D),Protected,No Action Required,,00 0F 66 09 E4 8D,
6/13/2010 9:11 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport\" (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/13/2010 8:23 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport\" (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/13/2010 8:21 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0
6/13/2010 8:06 PM,High,You are connected to a trusted wireless network that is not secure. (00 0F 66 09 E4 8D),Protected,No Action Required,,00 0F 66 09 E4 8D,
6/13/2010 8:06 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport\" (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/13/2010 8:06 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0
6/13/2010 8:06 PM,High,You are connected to a trusted wireless network that is not secure. (192.168.122.0/255.255.255.0),Protected,No Action Required,,,192.168.122.0/255.255.255.0
6/13/2010 6:57 PM,High,You are connected to a trusted wireless network that is not secure. (00 0F 66 09 E4 8D),Protected,No Action Required,,00 0F 66 09 E4 8D,
6/13/2010 6:57 PM,Info,"Protecting your connection to a newly detected network on adapter \"Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport\" (IP address: 192.168.122.106).",Detected,No Action Required,Firewall - Activities,,
6/13/2010 6:57 PM,High,You are connected to a trusted wireless network that is not secure. (192.168.122.0/255.255.255.0),Protected,No Action Required,,,192.168.122.0/255.255.255.0
6/13/2010 6:57 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0
6/13/2010 6:57 PM,High,You are connected to a trusted wireless network that is not secure. (0.0.0.0/0.0.0.0),Protected,No Action Required,,,0.0.0.0/0.0.0.0


Category: Firewall - Activities
Date & Time,Severity,Activity,Status,Recommended Action,Category,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
6/14/2010 8:35 PM,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
6/14/2010 8:35 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 10:11 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:41 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:38 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:38 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:38 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:38 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:35 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:35 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:35 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\alg.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:11 PM,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 9:10 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:40 PM,Info,Firewall rules were automatically created for Windows Explorer.,Protected,No Action Required,,Windows Explorer,<path>C:\WINDOWS\explorer.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 1163","Outbound TCP, www-http"
6/13/2010 8:40 PM,Info,Firewall rules were automatically created for Windows Explorer.,Protected,No Action Required,,Windows Explorer,<path>C:\WINDOWS\explorer.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 1164","Outbound TCP, www-http"
6/13/2010 8:40 PM,Info,Firewall configuration updated: 65 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:40 PM,Info,Firewall configuration updated: 64 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:40 PM,Info,Firewall rules were automatically created for Windows Explorer.,Protected,No Action Required,,Windows Explorer,<path>C:\WINDOWS\explorer.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 0","Outbound UDP, Port 53"
6/13/2010 8:40 PM,Info,"An instance of \"<path>C:\WINDOWS\explorer.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:37 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:37 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:23 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:23 PM,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:22 PM,Info,"An instance of \"<path>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:22 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:22 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:22 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\alg.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:21 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:20 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:13 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:13 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:12 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:12 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:12 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:12 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\alg.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 8:06 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:59 PM,Info,"An instance of \"<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:59 PM,Info,"An instance of \"<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:58 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:58 PM,Info,"An instance of \"<path>C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:58 PM,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"An instance of \"<path>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\alg.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:57 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\spoolsv.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:55 PM,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 6:05 PM,Info,"An instance of \"<path>C:\Program Files\Mozilla Firefox\firefox.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 5:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 4:44 PM,Info,Firewall configuration updated: 63 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 4:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 3:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 2:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 1:58 PM,Info,Firewall configuration updated: 65 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 1:58 PM,Info,Firewall rules were automatically created for Microsoft Application Error Reporting.,Protected,No Action Required,,Microsoft Application Error Reporting,<path>C:\WINDOWS\system32\dwwin.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 0","Outbound UDP, Port 53"
6/13/2010 1:58 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\dwwin.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 1:44 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 1:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:17 PM,Info,"An instance of \"<path>C:\WINDOWS\system32\wscript.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall rules were automatically created for Microsoft Help and Support Center.,Protected,No Action Required,,Microsoft Help and Support Center,<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 1725","Outbound TCP, www-http"
6/13/2010 12:09 PM,Info,Firewall configuration updated: 65 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall configuration updated: 64 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall rules were automatically created for Microsoft Help and Support Center.,Protected,No Action Required,,Microsoft Help and Support Center,<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 0","Outbound UDP, Port 53"
6/13/2010 12:09 PM,Info,"An instance of \"<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall rules were automatically created for Microsoft Help Center Hosting Server.,Protected,No Action Required,,Microsoft Help Center Hosting Server,<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 1719","Outbound TCP, www-http"
6/13/2010 12:09 PM,Info,Firewall configuration updated: 63 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall configuration updated: 62 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
6/13/2010 12:09 PM,Info,Firewall rules were automatically created for Microsoft Help Center Hosting Server.,Protected,No Action Required,,Microsoft Help Center Hosting Server,<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe</path>,No Action Required,Automatically create rules,"192.168.122.106, 0","Outbound UDP, Port 53"
6/13/2010 12:09 PM,Info,"An instance of \"<path>C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,


Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Attacker URL
6/13/2010 9:11 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 9:11 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100604.004,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 9:11 PM,Info,Intrusion Prevention is monitoring 1240 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:21 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:21 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100604.004,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:21 PM,Info,Intrusion Prevention is monitoring 1240 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:09 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 1032)",91.212.226.7,"TCP, https",
6/13/2010 8:06 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:06 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100604.004,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 8:06 PM,Info,Intrusion Prevention is monitoring 1240 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 7:00 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 1071)",91.212.226.7,"TCP, https",
6/13/2010 6:57 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 6:57 PM,Info,Intrusion Prevention Engine version: 4.6.0.26 Definitions Set version: 20100604.004,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 6:57 PM,Info,Intrusion Prevention is monitoring 1240 signatures. Driver version: 9.2.0.98,Detected,No Action Required,Intrusion Prevention,,,,,,
6/13/2010 6:31 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3845)",61.61.20.135,"TCP, https",
6/13/2010 6:21 PM,High,"An intrusion attempt by 61.61.20.132 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","YOUR-P9V3BEH106 (192.168.122.106, 3824)",61.61.20.132,"TCP, https",
6/13/2010 6:11 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 3811)",91.212.226.7,"TCP, https",
6/13/2010 6:05 PM,High,"An intrusion attempt by 213.163.89.107 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.107, 80","YOUR-P9V3BEH106 (192.168.122.106, 3771)",213.163.89.107,"TCP, www-http","a76956922.cn/JA12XbAX7s7Yacs0dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT15dWthdGFuK3Blbm5lbmNpbGE=25c"
6/13/2010 6:05 PM,High,"An intrusion attempt by 213.163.89.107 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.107, 80","YOUR-P9V3BEH106 (192.168.122.106, 3764)",213.163.89.107,"TCP, www-http","a74232357.cn/JA12XbAX7s7Yacs0dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT15dWthdGFuK3Blbm5lbmNpbGE=25c"
6/13/2010 6:05 PM,High,"An intrusion attempt by 213.163.89.106 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.106, 80","YOUR-P9V3BEH106 (192.168.122.106, 3746)",213.163.89.106,"TCP, www-http","zl091kha644.com/JA12XbAX7s7Yacs0dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT15dWthdGFuK3Blbm5lbmNpbGE=25c"
6/13/2010 6:04 PM,High,"An intrusion attempt by 213.163.89.106 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.106, 80","YOUR-P9V3BEH106 (192.168.122.106, 3745)",213.163.89.106,"TCP, www-http","lk01ha71gg1.cc/JA12XbAX7s7Yacs0dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT15dWthdGFuK3Blbm5lbmNpbGE=25c"
6/13/2010 6:01 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3743)",61.61.20.135,"TCP, https",
6/13/2010 5:51 PM,High,"An intrusion attempt by 91.212.226.6 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.6, 443","YOUR-P9V3BEH106 (192.168.122.106, 3737)",91.212.226.6,"TCP, https",
6/13/2010 5:41 PM,High,"An intrusion attempt by 61.61.20.132 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","YOUR-P9V3BEH106 (192.168.122.106, 3720)",61.61.20.132,"TCP, https",
6/13/2010 5:31 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3581)",61.61.20.135,"TCP, https",
6/13/2010 5:21 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 3575)",91.212.226.7,"TCP, https",
6/13/2010 4:31 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3475)",61.61.20.135,"TCP, https",
6/13/2010 4:21 PM,High,"An intrusion attempt by 61.61.20.132 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","YOUR-P9V3BEH106 (192.168.122.106, 3467)",61.61.20.132,"TCP, https",
6/13/2010 4:11 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 3459)",91.212.226.7,"TCP, https",
6/13/2010 4:01 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3445)",61.61.20.135,"TCP, https",
6/13/2010 3:51 PM,High,"An intrusion attempt by 91.212.226.6 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.6, 443","YOUR-P9V3BEH106 (192.168.122.106, 3428)",91.212.226.6,"TCP, https",
6/13/2010 3:43 PM,High,"An intrusion attempt by 213.163.89.105 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.105, 80","YOUR-P9V3BEH106 (192.168.122.106, 3423)",213.163.89.105,"TCP, www-http","91jjak4555j.com/DzD27q8l6m4XqGc3dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT1kZWZpbmU6bW9uc29vbg==08c"
6/13/2010 3:43 PM,High,"An intrusion attempt by 213.163.89.106 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.106, 80","YOUR-P9V3BEH106 (192.168.122.106, 3419)",213.163.89.106,"TCP, www-http","lk01ha71gg1.cc/DzD27q8l6m4XqGc3dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT1kZWZpbmU6bW9uc29vbg==08c"
6/13/2010 3:43 PM,High,"An intrusion attempt by 213.163.89.105 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.105, 80","YOUR-P9V3BEH106 (192.168.122.106, 3418)",213.163.89.105,"TCP, www-http","91jjak4555j.com/Okt0SErp7G4jxTs5dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT1kZWZpbmUrbW9uc29vbg==37k"
6/13/2010 3:43 PM,High,"An intrusion attempt by 213.163.89.106 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE</path>",Blocked,No Action Required,,HTTP Tidserv Request,"213.163.89.106, 80","YOUR-P9V3BEH106 (192.168.122.106, 3408)",213.163.89.106,"TCP, www-http","lk01ha71gg1.cc/Okt0SErp7G4jxTs5dmVyPTMuOCZiaWQ9ZWQyOWQyMzYwMzg3OTI5MWY3YTU1MWNiNzBlOTUwNjY0NDc5OTJjNiZhaWQ9MTAwOTYmc2lkPTAmcmQ9MTI3NTk5NzM2NyZlbmc9d3d3Lmdvb2dsZS5jb20mcT1kZWZpbmUrbW9uc29vbg==37k"
6/13/2010 3:41 PM,High,"An intrusion attempt by 61.61.20.132 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","YOUR-P9V3BEH106 (192.168.122.106, 3405)",61.61.20.132,"TCP, https",
6/13/2010 3:31 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 3395)",61.61.20.135,"TCP, https",
6/13/2010 3:21 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 3298)",91.212.226.7,"TCP, https",
6/13/2010 1:30 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 2956)",61.61.20.135,"TCP, https",
6/13/2010 1:20 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 2595)",91.212.226.7,"TCP, https",
6/13/2010 12:30 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 2299)",61.61.20.135,"TCP, https",
6/13/2010 12:20 PM,High,"An intrusion attempt by 61.61.20.132 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.132, 443","YOUR-P9V3BEH106 (192.168.122.106, 2007)",61.61.20.132,"TCP, https",
6/13/2010 12:10 PM,High,"An intrusion attempt by 91.212.226.7 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.7, 443","YOUR-P9V3BEH106 (192.168.122.106, 1749)",91.212.226.7,"TCP, https",
6/13/2010 12:00 PM,High,"An intrusion attempt by 61.61.20.135 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"61.61.20.135, 443","YOUR-P9V3BEH106 (192.168.122.106, 1705)",61.61.20.135,"TCP, https",
6/13/2010 11:50 AM,High,"An intrusion attempt by 91.212.226.6 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.6, 443","YOUR-P9V3BEH106 (192.168.122.106, 1698)",91.212.226.6,"TCP, https",


Category: Scan Results
Date & Time,Severity,Activity,Status,Task Name,Scan Time,Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention
6/13/2010 4:43 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:14 (d:h:m:s),"3,990",795,220,"2,826",16,133,85,0,0,0,0


Category: Norton Product Tamper Protection
Date & Time,Severity,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
6/13/2010 8:24 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Sunday, June 13, 2010 8:24 PM",c:\program files\malwarebytes' anti-malware\mbam.exe,3016,C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe,1776,Access Process Data,Unauthorized access logged
6/13/2010 6:55 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Sunday, June 13, 2010 6:55 PM",c:\windows\explorer.exe,1480,C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe,1660,Send Terminate Message to Window,Unauthorized access blocked
6/13/2010 1:34 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Sunday, June 13, 2010 1:34 PM",c:\windows\system32\drwtsn32.exe,3768,C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe,160,Access Process Data,Unauthorized access logged
6/13/2010 12:40 PM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Sunday, June 13, 2010 12:40 PM",c:\windows\explorer.exe,1480,C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe,1660,Send Terminate Message to Window,Unauthorized access blocked
6/13/2010 11:59 AM,Medium,Unauthorized access blocked (Send Terminate Message to Window),Blocked,No Action Required,"Sunday, June 13, 2010 11:59 AM",c:\windows\explorer.exe,1480,C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\MCUI32.exe,2988,Send Terminate Message to Window,Unauthorized access blocked


Category: Norton Community Watch
Date & Time,Severity,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details
6/13/2010 8:20 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Sunday, June 13, 2010 8:20 PM",Norton Internet Security,Norton Community Watch Feedback,c:\windows\system32\drivers\klmdb.sys
6/13/2010 8:19 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Sunday, June 13, 2010 8:19 PM",Norton Internet Security,Norton Community Watch Feedback,c:\windows\system32\drivers\klmd.sys
6/13/2010 8:12 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Sunday, June 13, 2010 8:12 PM",Norton Internet Security,Norton Community Watch Feedback,c:\program files\mozilla firefox\firefox.exe

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 14 June 2010 - 08:44 PM

Excellent, :thumbsup:
Since there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:( I stole this from quietman7)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Murphwish

Murphwish
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 June 2010 - 07:20 PM

:thumbsup: All Cleaned up ! Thank you so much for the great assistance, and timely replies.

Murphwish !

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 15 June 2010 - 07:39 PM

You're welcome. Thanks for stopping by.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users