Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

intrusion attempts; hijackthis log pasted below

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

intrusion attempts; hijackthis log pasted below

Unread postby kvlnclt » September 24th, 2009, 5:07 pm

I've recently had numerous attempted intrusions and, based on some cursory reading on the web, I believe the intrusions may be generating from within my system. Norton Anti-Virus tells me it's succeeded in stopping all intrusion attempts thus far, but I'm not sure I want to leave it at that.

Here's the both a hijackthis log and an intrusion attempt log for your review and comment.

Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:26 PM, on 9/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carolinamls.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: Seagate 2GE2JNGL Product Registration.lnk = C:\Documents and Settings\Kevin\Application Data\Leadertech\PowerRegister\Seagate 2GE2JNGL Product Registration.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.stokescorod.org/controls/LTOCX14N.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.stokescorod.org/controls/prntpro2.CAB
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.co.rockingham.nc.us/mochahtml/matn5250.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7787 bytes

Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Category
9/24/2009 10:25 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2442","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2442",
9/23/2009 3:59 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3836","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3836",
9/23/2009 1:39 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1731","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1731",
9/23/2009 11:14 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3990","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3990",
9/23/2009 8:32 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3129","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3129",
9/23/2009 6:00 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1511","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1511",
9/23/2009 3:33 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2757","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2757",
9/23/2009 12:58 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4298","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4298",
9/22/2009 10:17 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2146","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2146",
9/22/2009 7:52 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1200","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1200",
9/22/2009 5:25 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3821","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3821",
9/22/2009 3:07 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1509","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1509",
9/22/2009 12:33 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3288","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3288",
9/22/2009 9:50 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3197","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3197",
9/21/2009 5:40 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1766","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 1766",
9/21/2009 2:11 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3606","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3606",
9/21/2009 12:59 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1484","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1484",
9/21/2009 10:29 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1183","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1183",
9/21/2009 8:34 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1634","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1634",
9/21/2009 8:25 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/21/2009 8:25 AM,Info,Intrusion Prevention is monitoring 1456 signatures. Driver version: 9.1.1.7,Detected,No Action Required,,,,,,Intrusion Prevention
9/21/2009 8:25 AM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20090916.003,Detected,No Action Required,,,,,,Intrusion Prevention
9/18/2009 10:11 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1474","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 1474",
9/17/2009 6:57 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4074","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 4074",
9/17/2009 9:58 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1459","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 1459",
9/17/2009 6:20 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1536","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 1536",
9/17/2009 2:29 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4756","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 4756",
9/16/2009 10:43 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2400","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 2400",
9/16/2009 6:20 PM,Info,Intrusion Prevention is monitoring 1456 signatures. Driver version: 9.1.1.7,Detected,No Action Required,,,,,,Intrusion Prevention
9/16/2009 6:20 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/16/2009 6:20 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20090916.003,Detected,No Action Required,,,,,,Intrusion Prevention
9/16/2009 11:50 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3396","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 3396",
9/16/2009 7:59 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1445","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 1445",
9/16/2009 7:59 AM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090911.003,Detected,No Action Required,,,,,,Intrusion Prevention
9/16/2009 7:59 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/16/2009 7:59 AM,Info,Intrusion Prevention is monitoring 1399 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/15/2009 11:59 AM,Info,Intrusion Prevention is monitoring 1456 signatures. Driver version: 9.1.1.7,Detected,No Action Required,,,,,,Intrusion Prevention
9/15/2009 11:59 AM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20090911.001,Detected,No Action Required,,,,,,Intrusion Prevention
9/15/2009 11:59 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/15/2009 11:40 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4387","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 4387",
9/14/2009 8:52 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/14/2009 8:52 AM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090910.003,Detected,No Action Required,,,,,,Intrusion Prevention
9/14/2009 8:52 AM,Info,Intrusion Prevention is monitoring 1399 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 8:40 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3803","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3803",
9/11/2009 8:27 AM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090910.003,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 8:27 AM,Info,Intrusion Prevention is monitoring 1399 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 8:27 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 3:20 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 3:20 AM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090908.006,Detected,No Action Required,,,,,,Intrusion Prevention
9/11/2009 3:20 AM,Info,Intrusion Prevention is monitoring 1398 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/10/2009 1:59 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4481","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4481",
9/10/2009 10:52 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2245","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2245",
9/10/2009 8:40 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3058","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3058",
9/9/2009 5:41 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1805","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1805",
9/9/2009 5:18 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 5:18 PM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090908.006,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 5:18 PM,Info,Intrusion Prevention is monitoring 1398 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 4:56 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4291","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4291",
9/9/2009 2:25 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1054","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1054",
9/9/2009 11:54 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1068","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1068",
9/9/2009 9:30 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4343","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4343",
9/9/2009 6:46 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4623","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4623",
9/9/2009 4:29 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4887","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4887",
9/9/2009 3:20 AM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 3:20 AM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090904.002,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 3:20 AM,Info,Intrusion Prevention is monitoring 1402 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/9/2009 1:55 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3864","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3864",
9/8/2009 11:21 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4165","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4165",
9/8/2009 8:41 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1243","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Backdoor-g-1",
9/8/2009 6:22 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1999","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1999",
9/8/2009 3:56 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3425","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3425",
9/8/2009 1:19 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2479","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2479",
9/8/2009 10:57 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4378","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4378",
9/8/2009 8:34 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4688","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4688",
9/8/2009 5:51 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3518","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3518",
9/8/2009 3:22 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4130","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4130",
9/8/2009 1:05 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2636","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2636",
9/7/2009 10:22 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2153","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2153",
9/7/2009 7:49 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2637","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2637",
9/7/2009 5:28 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2180","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2180",
9/7/2009 2:55 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3702","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3702",
9/7/2009 12:37 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1256","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1256",
9/7/2009 10:19 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4089","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4089",
9/7/2009 7:58 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1342","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1342",
9/7/2009 5:33 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2552","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2552",
9/7/2009 3:01 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3251","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3251",
9/7/2009 12:37 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2479","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2479",
9/6/2009 10:18 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2425","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2425",
9/6/2009 8:00 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2501","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2501",
9/6/2009 5:25 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3662","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3662",
9/6/2009 2:58 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2391","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2391",
9/6/2009 12:38 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3715","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3715",
9/6/2009 10:16 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3090","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3090",
9/5/2009 3:26 PM,Info,Intrusion Prevention is monitoring 1402 signatures. Driver version: 9.0.5.23,Detected,No Action Required,,,,,,Intrusion Prevention
9/5/2009 3:26 PM,Info,Intrusion Prevention Engine version: 4.1.0.61 Definitions Set version: 20090904.002,Detected,No Action Required,,,,,,Intrusion Prevention
9/5/2009 3:26 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,Intrusion Prevention
9/5/2009 2:03 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2985","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 2985",
9/5/2009 9:49 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4263","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 4263",
9/5/2009 5:50 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 2950","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 2950",
9/5/2009 1:58 AM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3271","DELL (70.60.120.215, 139)",70.60.120.49,"TCP, Port 3271",
9/4/2009 10:19 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 3629","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 3629",
9/4/2009 6:39 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 4655","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 4655",
9/4/2009 4:22 PM,High,An intrusion attempt by 70.60.120.49 was blocked. Application path <path>SYSTEM</path>,Blocked,No Action Required,MSRPC Server Service BO,"70.60.120.49, 1426","DELL (70.60.120.215, 445)",70.60.120.49,"TCP, Port 1426",
kvlnclt
Active Member
 
Posts: 3
Joined: September 24th, 2009, 4:58 pm
Advertisement
Register to Remove

Re: intrusion attempts; hijackthis log pasted below

Unread postby MWR 3 day Mod » September 29th, 2009, 1:15 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: intrusion attempts; hijackthis log pasted below

Unread postby deltalima » October 1st, 2009, 3:28 pm

Hi kvlnclt,

Welcome to the Malware Removal forums.
My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

I will post back here once my response has been approved.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: intrusion attempts; hijackthis log pasted below

Unread postby kvlnclt » October 1st, 2009, 5:07 pm

Thank you, deltalima. I look forward to the results of your investigation.
kvlnclt
Active Member
 
Posts: 3
Joined: September 24th, 2009, 4:58 pm

Re: intrusion attempts; hijackthis log pasted below

Unread postby deltalima » October 2nd, 2009, 6:18 am

Hi kvlnclt,

I have checked your HijackThis log and your system does not appear to be infected. The traffic that you see in the Norton log is simply another Windows PC on the same subnet as you sending Windows name resolution traffic. This is not a serious intrusion attempt and is being blocked by the Norton firewall anyway.

I would recommend that you invest in a hardware firewall to place between your computer and modem and this sort of traffic will be stopped by the router before it gets to your computer.

I would also recommend that you update Windows XP to Service Pack 3 and Internet Explorer to version 8.

If you have any questions about the above please feel free to ask.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: intrusion attempts; hijackthis log pasted below

Unread postby askey127 » October 5th, 2009, 10:17 am

This topic is Closed.
We are glad to have been of assistance.
If you are the original poster and need this topic re-opened, pleae send a PM to an administrator.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 471 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware