delphinium, I have spent hours looking at logs and got terribly confused over the terminology. Is an "Unauthorized Access Blocked(Terminate Process)" entry important? "C:\Program Files\McAfee Site Advisor" had a process terminated on November 1 at 7:45 p. m. I thought McAfee Site Advisor was disabled in Foxfire but once while using Norton Safe Search and Foxfire, a McAfee Site Advisor pop up "popped up".Similarily there are entries for SVCHOST.EXE with "Unauthorized Access Blocked(Terminate Process)" notation.
There appears to be nothing of interest in "Resolved Security Risks" at time of this crash and the second crash which occurred on the morning of October 31.
On October 1, I was just reading my usual stuff online and was not trying to download any program files or updates. I got a wierd message about my security settings. I did not know if it had to do with Norton or Internet Explorer 8 settings. I usually block pop ups, but not always.
Looking at Norton's Security History, and then the full history "aspect" of this history; {entry 1} unused port blocking has blocked communication [Inbound TCP connection from xxx.xxx.xxx.xx, local service port (8085)] at 9:49 A. M. on October 1(status is detected) ; and {entry 2} the next entry is IPS Statistical Submission which is submitted at 10:02 A. M.(status submitted). Immediately following those two entries, {entry 3}Norton community Watch feedback has "waiting" status at 10:02 A. M. An instance of "C:\Windows\System32\mspaint.exe" is preparing to access the internet at 10:03 A.M.; this is the next entry {entry 4}. Finally, immediately after entry 4 is the entry on October 1 at 10:04 A. M. :an instance of "C:\Program Files\Internet Explorer\iexplorer.exe" is preparing to access the internet. My question is : where will I find the entry corresponding to the message that was in my browser at the time of the blockage? The message was: "Your current security settings do not allow this file to be downloaded". Looking at the Norton security history and then resolved security risks, I do not find any listing matching the october 1 blocked download.
I have also tried to look at Event viewer and I had a strange "crash" with that. I simply could not close all dialog boxes before closing computer management. This was the morning of October 28. The event viewer described additional problems:(1)"
Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown". (2)
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d5aeabc1-6e71-4e2.
I have run one of the tools you asked for and am unsure that I did the procedure correctly. I ran TDSS Fix Tool 2.00 directly from the thread you referred me to (in your private message) and did not put it on my desktop. I was in normal mode while reading your p. m. and the computer restarted in normal mode. I did not turn off system restore nor did I turn off Comcast Norton while running it. I don't know where restore points are and what the effect of having Norton do backups on D:.
Questions: (1)Was this supposed to run in normal mode?
(2) Do you turn off Comcast Norton to get correct results? If so, is the Norton Firewall supposed to be on?
(3) What about system restore?
The results were: Nothing found.
I may think of other things to mention, but want to post this before I loose the stuff I have written already. Sorry for the delay.
CS