Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/11/2009 4:10 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
12/11/2009 4:10 PM,Info,Intrusion Prevention is monitoring 1521 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
12/11/2009 4:10 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20091111.001,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:24 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:24 PM,Info,Intrusion Prevention is monitoring 1521 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:24 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20091111.001,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:01 PM,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:01 PM,Info,Intrusion Prevention is monitoring 1521 signatures. Driver version: 9.1.2.5,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 6:01 PM,Info,Intrusion Prevention Engine version: 4.5.0.67 Definitions Set version: 20091111.001,Detected,No Action Required,Intrusion Prevention,,,,,,
12/10/2009 5:43 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51039)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51039"
12/10/2009 5:43 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51037)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51037"
12/10/2009 5:43 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51035)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51035"
12/10/2009 5:43 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51032)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51032"
12/10/2009 5:43 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51030)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51030"
12/10/2009 5:42 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51019)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51019"
12/10/2009 5:42 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51017)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51017"
12/10/2009 5:42 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51015)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51015"
12/10/2009 5:41 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51013)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51013"
12/10/2009 5:41 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51011)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51011"
12/10/2009 5:40 PM,High,An intrusion attempt by ALIENWARE was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE</path>,Blocked,No Action Required,,HTTP Zbot Malicious File Download,"ALIENWARE (192.168.1.102, 51003)",bigzhopa.cn/work777/config.bin,"193.104.94.45, 80",192.168.1.102 (192.168.1.102),"TCP, Port 51003"


Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Risk Category,Definitions Version,Component,File Name,ERASER Version,Risk Name,Risk Type,Risk State
12/11/2009 8:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\cfxl.tmp\svchost.exe,,,,
12/11/2009 8:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\udqt.tmp\svchost.exe,,,,
12/11/2009 7:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\wpyx.tmp\svchost.exe,,,,
12/11/2009 7:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\reup.tmp\svchost.exe,,,,
12/11/2009 7:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\nwow.tmp\svchost.exe,,,,
12/11/2009 7:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\qmxs.tmp\svchost.exe,,,,
12/11/2009 7:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\idpw.tmp\svchost.exe,,,,
12/11/2009 7:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\rofv.tmp\svchost.exe,,,,
12/11/2009 7:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\ttvx.tmp\svchost.exe,,,,
12/11/2009 7:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\bukc.tmp\svchost.exe,,,,
12/11/2009 7:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\ynpk.tmp\svchost.exe,,,,
12/11/2009 7:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\qsii.tmp\svchost.exe,,,,
12/11/2009 7:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\tpmt.tmp\svchost.exe,,,,
12/11/2009 7:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\bqtc.tmp\svchost.exe,,,,
12/11/2009 6:55 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\eoxc.tmp\svchost.exe,,,,
12/11/2009 6:50 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\kiyt.tmp\svchost.exe,,,,
12/11/2009 6:45 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\hivi.tmp\svchost.exe,,,,
12/11/2009 6:40 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\udyg.tmp\svchost.exe,,,,
12/11/2009 6:35 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\gxvg.tmp\svchost.exe,,,,
12/11/2009 6:30 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\codh.tmp\svchost.exe,,,,
12/11/2009 6:25 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\rapc.tmp\svchost.exe,,,,
12/11/2009 6:20 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\ospd.tmp\svchost.exe,,,,
12/11/2009 6:15 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\wcuv.tmp\svchost.exe,,,,
12/11/2009 6:10 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\twcy.tmp\svchost.exe,,,,
12/11/2009 6:05 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\jnhr.tmp\svchost.exe,,,,
12/11/2009 6:04 PM,High,Trojan.Zbot!gen3 detected by Auto-Protect,Quarantined,Resolved - No Action,Heuristic Virus,2009.12.11.024,Auto-Protect,,109.2.3.12,Trojan.Zbot!gen3,File Based,Fully removed
12/11/2009 6:00 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\daac.tmp\svchost.exe,,,,
12/11/2009 5:55 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\olhp.tmp\svchost.exe,,,,
12/11/2009 5:50 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\rpwq.tmp\svchost.exe,,,,
12/11/2009 5:45 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\yptw.tmp\svchost.exe,,,,
12/11/2009 5:40 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\qefn.tmp\svchost.exe,,,,
12/11/2009 5:35 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\btvr.tmp\svchost.exe,,,,
12/11/2009 5:30 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\dqic.tmp\svchost.exe,,,,
12/11/2009 5:25 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\sduf.tmp\svchost.exe,,,,
12/11/2009 5:20 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\pyoe.tmp\svchost.exe,,,,
12/11/2009 5:15 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\iymn.tmp\svchost.exe,,,,
12/11/2009 5:10 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\pbii.tmp\svchost.exe,,,,
12/11/2009 5:05 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\vgss.tmp\svchost.exe,,,,
12/11/2009 5:00 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\qtwv.tmp\svchost.exe,,,,
12/11/2009 4:54 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\khsl.tmp\svchost.exe,,,,
12/11/2009 4:49 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\foyf.tmp\svchost.exe,,,,
12/11/2009 4:44 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\vpaw.tmp\svchost.exe,,,,
12/11/2009 4:39 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\qamp.tmp\svchost.exe,,,,
12/11/2009 4:34 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\cnxq.tmp\svchost.exe,,,,
12/11/2009 4:29 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\pmnt.tmp\svchost.exe,,,,
12/11/2009 4:24 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.11.024,Auto-Protect,c:\windows\temp\mubc.tmp\svchost.exe,,,,
12/11/2009 4:19 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\cevi.tmp\svchost.exe,,,,
12/11/2009 4:14 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\bhvj.tmp\svchost.exe,,,,
12/11/2009 6:34 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\qmob.tmp\svchost.exe,,,,
12/11/2009 6:29 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\dohk.tmp\svchost.exe,,,,
12/11/2009 6:24 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\xpvc.tmp\svchost.exe,,,,
12/11/2009 6:19 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\ijqu.tmp\svchost.exe,,,,
12/11/2009 6:14 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.041,Auto-Protect,c:\windows\temp\aaxa.tmp\svchost.exe,,,,
12/11/2009 6:09 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\umbf.tmp\svchost.exe,,,,
12/11/2009 6:04 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\gquo.tmp\svchost.exe,,,,
12/11/2009 5:59 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\eaxq.tmp\svchost.exe,,,,
12/11/2009 5:54 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\eanr.tmp\svchost.exe,,,,
12/11/2009 5:49 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xjec.tmp\svchost.exe,,,,
12/11/2009 5:44 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qwao.tmp\svchost.exe,,,,
12/11/2009 5:39 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\sort.tmp\svchost.exe,,,,
12/11/2009 5:34 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ixax.tmp\svchost.exe,,,,
12/11/2009 5:29 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\evsd.tmp\svchost.exe,,,,
12/11/2009 5:24 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xrif.tmp\svchost.exe,,,,
12/11/2009 5:19 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jaaw.tmp\svchost.exe,,,,
12/11/2009 5:14 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\cfkr.tmp\svchost.exe,,,,
12/11/2009 5:09 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\urva.tmp\svchost.exe,,,,
12/11/2009 5:04 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bkrq.tmp\svchost.exe,,,,
12/11/2009 4:59 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qqpf.tmp\svchost.exe,,,,
12/11/2009 4:54 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kpfb.tmp\svchost.exe,,,,
12/11/2009 4:49 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rchv.tmp\svchost.exe,,,,
12/11/2009 4:44 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kviq.tmp\svchost.exe,,,,
12/11/2009 4:39 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\sxan.tmp\svchost.exe,,,,
12/11/2009 4:34 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\damg.tmp\svchost.exe,,,,
12/11/2009 4:29 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xbfh.tmp\svchost.exe,,,,
12/11/2009 4:24 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tycl.tmp\svchost.exe,,,,
12/11/2009 4:19 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\aobv.tmp\svchost.exe,,,,
12/11/2009 4:14 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\gokr.tmp\svchost.exe,,,,
12/11/2009 4:09 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\vvly.tmp\svchost.exe,,,,
12/11/2009 4:04 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ljdy.tmp\svchost.exe,,,,
12/11/2009 3:59 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\krkj.tmp\svchost.exe,,,,
12/11/2009 3:54 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rbak.tmp\svchost.exe,,,,
12/11/2009 3:49 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ulra.tmp\svchost.exe,,,,
12/11/2009 3:44 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\yfob.tmp\svchost.exe,,,,
12/11/2009 3:39 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rxsl.tmp\svchost.exe,,,,
12/11/2009 3:34 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jkps.tmp\svchost.exe,,,,
12/11/2009 3:29 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kwrm.tmp\svchost.exe,,,,
12/11/2009 3:24 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qoxm.tmp\svchost.exe,,,,
12/11/2009 3:19 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kadk.tmp\svchost.exe,,,,
12/11/2009 3:14 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\btqt.tmp\svchost.exe,,,,
12/11/2009 3:09 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tynd.tmp\svchost.exe,,,,
12/11/2009 3:04 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\scce.tmp\svchost.exe,,,,
12/11/2009 2:59 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jrip.tmp\svchost.exe,,,,
12/11/2009 2:54 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\etge.tmp\svchost.exe,,,,
12/11/2009 2:49 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\wxrj.tmp\svchost.exe,,,,
12/11/2009 2:44 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\vmpv.tmp\svchost.exe,,,,
12/11/2009 2:39 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jcyb.tmp\svchost.exe,,,,
12/11/2009 2:34 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jwik.tmp\svchost.exe,,,,
12/11/2009 2:29 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nunv.tmp\svchost.exe,,,,
12/11/2009 2:24 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\podk.tmp\svchost.exe,,,,
12/11/2009 2:19 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\obqr.tmp\svchost.exe,,,,
12/11/2009 2:14 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ufkk.tmp\svchost.exe,,,,
12/11/2009 2:09 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\cnpt.tmp\svchost.exe,,,,
12/11/2009 2:04 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\irpa.tmp\svchost.exe,,,,
12/11/2009 1:59 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qfmd.tmp\svchost.exe,,,,
12/11/2009 1:54 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nohd.tmp\svchost.exe,,,,
12/11/2009 1:48 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jkyq.tmp\svchost.exe,,,,
12/11/2009 1:43 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tvuh.tmp\svchost.exe,,,,
12/11/2009 1:38 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\hvrj.tmp\svchost.exe,,,,
12/11/2009 1:33 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qnuy.tmp\svchost.exe,,,,
12/11/2009 1:28 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\vyub.tmp\svchost.exe,,,,
12/11/2009 1:23 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\gitq.tmp\svchost.exe,,,,
12/11/2009 1:18 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\epvs.tmp\svchost.exe,,,,
12/11/2009 1:13 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nxrl.tmp\svchost.exe,,,,
12/11/2009 1:08 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\snro.tmp\svchost.exe,,,,
12/11/2009 1:03 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\esph.tmp\svchost.exe,,,,
12/11/2009 12:58 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\soty.tmp\svchost.exe,,,,
12/11/2009 12:53 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\mvcd.tmp\svchost.exe,,,,
12/11/2009 12:48 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\lgjp.tmp\svchost.exe,,,,
12/11/2009 12:43 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bmww.tmp\svchost.exe,,,,
12/11/2009 12:38 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ixei.tmp\svchost.exe,,,,
12/11/2009 12:33 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kuet.tmp\svchost.exe,,,,
12/11/2009 12:28 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\coku.tmp\svchost.exe,,,,
12/11/2009 12:23 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xrfo.tmp\svchost.exe,,,,
12/11/2009 12:18 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\hnvx.tmp\svchost.exe,,,,
12/11/2009 12:13 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ohpm.tmp\svchost.exe,,,,
12/11/2009 12:08 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nqjb.tmp\svchost.exe,,,,
12/11/2009 12:03 AM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tplx.tmp\svchost.exe,,,,
12/10/2009 11:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xwop.tmp\svchost.exe,,,,
12/10/2009 11:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bhvp.tmp\svchost.exe,,,,
12/10/2009 11:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jvto.tmp\svchost.exe,,,,
12/10/2009 11:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\etps.tmp\svchost.exe,,,,
12/10/2009 11:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nbvr.tmp\svchost.exe,,,,
12/10/2009 11:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\afln.tmp\svchost.exe,,,,
12/10/2009 11:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\yrbj.tmp\svchost.exe,,,,
12/10/2009 11:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\yswu.tmp\svchost.exe,,,,
12/10/2009 11:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ursv.tmp\svchost.exe,,,,
12/10/2009 11:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tkxf.tmp\svchost.exe,,,,
12/10/2009 11:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\oqff.tmp\svchost.exe,,,,
12/10/2009 11:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\exuh.tmp\svchost.exe,,,,
12/10/2009 10:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\fkwv.tmp\svchost.exe,,,,
12/10/2009 10:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\vybk.tmp\svchost.exe,,,,
12/10/2009 10:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ebpe.tmp\svchost.exe,,,,
12/10/2009 10:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\yjsv.tmp\svchost.exe,,,,
12/10/2009 10:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bxde.tmp\svchost.exe,,,,
12/10/2009 10:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\qanq.tmp\svchost.exe,,,,
12/10/2009 10:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\niux.tmp\svchost.exe,,,,
12/10/2009 10:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nhnw.tmp\svchost.exe,,,,
12/10/2009 10:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\evpn.tmp\svchost.exe,,,,
12/10/2009 10:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nphh.tmp\svchost.exe,,,,
12/10/2009 10:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\oilh.tmp\svchost.exe,,,,
12/10/2009 10:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rbmn.tmp\svchost.exe,,,,
12/10/2009 9:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\byyd.tmp\svchost.exe,,,,
12/10/2009 9:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\cvsb.tmp\svchost.exe,,,,
12/10/2009 9:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\wwlr.tmp\svchost.exe,,,,
12/10/2009 9:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bndc.tmp\svchost.exe,,,,
12/10/2009 9:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rsfb.tmp\svchost.exe,,,,
12/10/2009 9:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jsvp.tmp\svchost.exe,,,,
12/10/2009 9:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\lcej.tmp\svchost.exe,,,,
12/10/2009 9:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nccv.tmp\svchost.exe,,,,
12/10/2009 9:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\gqyp.tmp\svchost.exe,,,,
12/10/2009 9:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\wxcf.tmp\svchost.exe,,,,
12/10/2009 9:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\mdmq.tmp\svchost.exe,,,,
12/10/2009 9:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\imph.tmp\svchost.exe,,,,
12/10/2009 8:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\vlpa.tmp\svchost.exe,,,,
12/10/2009 8:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bmfi.tmp\svchost.exe,,,,
12/10/2009 8:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xxka.tmp\svchost.exe,,,,
12/10/2009 8:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ctiy.tmp\svchost.exe,,,,
12/10/2009 8:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\malh.tmp\svchost.exe,,,,
12/10/2009 8:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nppt.tmp\svchost.exe,,,,
12/10/2009 8:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nhit.tmp\svchost.exe,,,,
12/10/2009 8:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\wopn.tmp\svchost.exe,,,,
12/10/2009 8:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\itlg.tmp\svchost.exe,,,,
12/10/2009 8:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\xitn.tmp\svchost.exe,,,,
12/10/2009 8:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rniq.tmp\svchost.exe,,,,
12/10/2009 8:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\nltm.tmp\svchost.exe,,,,
12/10/2009 7:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\uvom.tmp\svchost.exe,,,,
12/10/2009 7:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\jjvs.tmp\svchost.exe,,,,
12/10/2009 7:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\yxty.tmp\svchost.exe,,,,
12/10/2009 7:43 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\fpqr.tmp\svchost.exe,,,,
12/10/2009 7:38 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\srlx.tmp\svchost.exe,,,,
12/10/2009 7:33 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\egnc.tmp\svchost.exe,,,,
12/10/2009 7:28 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\iutp.tmp\svchost.exe,,,,
12/10/2009 7:23 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\duhb.tmp\svchost.exe,,,,
12/10/2009 7:18 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\aqof.tmp\svchost.exe,,,,
12/10/2009 7:13 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\puwf.tmp\svchost.exe,,,,
12/10/2009 7:08 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ycbx.tmp\svchost.exe,,,,
12/10/2009 7:03 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\teoc.tmp\svchost.exe,,,,
12/10/2009 6:58 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\odpe.tmp\svchost.exe,,,,
12/10/2009 6:53 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\mnxx.tmp\svchost.exe,,,,
12/10/2009 6:48 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rmpw.tmp\svchost.exe,,,,
12/10/2009 6:29 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\koxc.tmp\svchost.exe,,,,
12/10/2009 6:20 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\pcin.tmp\svchost.exe,,,,
12/10/2009 6:15 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bvtv.tmp\svchost.exe,,,,
12/10/2009 6:10 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rbbj.tmp\svchost.exe,,,,
12/10/2009 6:05 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\istp.tmp\svchost.exe,,,,
12/10/2009 5:39 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rxbk.tmp\svchost.exe,,,,
12/10/2009 5:34 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\asrb.tmp\svchost.exe,,,,
12/10/2009 5:29 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\kmhi.tmp\svchost.exe,,,,
12/10/2009 5:24 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rrob.tmp\svchost.exe,,,,
12/10/2009 5:19 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\fewn.tmp\svchost.exe,,,,
12/10/2009 5:14 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\fxru.tmp\svchost.exe,,,,
12/10/2009 5:09 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ovuv.tmp\svchost.exe,,,,
12/10/2009 5:04 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ppui.tmp\svchost.exe,,,,
12/10/2009 4:59 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\duph.tmp\svchost.exe,,,,
12/10/2009 4:54 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\lhqq.tmp\svchost.exe,,,,
12/10/2009 4:49 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\rvdl.tmp\svchost.exe,,,,
12/10/2009 4:44 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\bnet.tmp\svchost.exe,,,,
12/10/2009 4:39 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\ltnd.tmp\svchost.exe,,,,
12/10/2009 4:34 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\iwny.tmp\svchost.exe,,,,
12/10/2009 4:29 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\tjxa.tmp\svchost.exe,,,,
12/10/2009 4:24 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\cpmf.tmp\svchost.exe,,,,
12/10/2009 4:19 PM,High,Auto-Protect has detected Trojan Horse,"Blocked, Blocked",Resolved - No Action,Virus,2009.12.10.003,Auto-Protect,c:\windows\temp\toqx.tmp\svchost.exe,,,,


Category: Scan Results
Date & Time,Severity,Activity,Status,Task Name,Scan Time,Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Cookie,Cookie Resolved
12/11/2009 4:21 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:47 (d:h:m:s),"5,412",965,308,"3,995",37,107,587,0,0,0,0,,
12/10/2009 12:06 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:04 (d:h:m:s),"7,455","1,131",309,"5,870",37,108,488,0,0,0,0,,
12/8/2009 6:50 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:55 (d:h:m:s),"7,747","1,154",305,"6,144",37,107,492,0,0,0,0,,
12/8/2009 11:34 AM,Info,Full System Scan results,Completed,Full System Scan,0:02:02:23 (d:h:m:s),"600,514","587,755",435,"5,643","6,673",8,"3,698","24,393",1,1,0,1,1
12/8/2009 8:52 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:43 (d:h:m:s),"7,077","1,109",302,"5,522",37,107,490,0,0,0,0,,
12/8/2009 2:55 AM,Info,Full System Scan results,Aborted,Full System Scan,0:02:01:03 (d:h:m:s),"549,673","542,267",434,"5,601","1,363",8,"3,289","15,788",1,1,0,1,1
12/8/2009 1:55 AM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:05:04 (d:h:m:s),"7,865","1,195",301,"6,225",37,107,500,0,0,0,0,,
12/7/2009 6:26 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:02:27 (d:h:m:s),"7,142","1,140",301,"5,557",37,107,494,0,0,0,0,,
12/6/2009 10:49 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:01:12 (d:h:m:s),"6,961","1,111",301,"5,405",37,107,482,0,0,0,0,,
12/5/2009 2:48 PM,Info,Idle Quick Scan results,Completed,Idle Quick Scan,0:00:00:42 (d:h:m:s),"6,995","1,126",301,"5,424",37,107,487,0,0,0,0,,
12/4/2009 8:53 PM,Info,Idle Full System Scan results,Completed,Idle Full System Scan,0:02:08:00 (d:h:m:s),"600,605","588,468",434,"5,076","6,519",108,"3,661","19,878",1,1,0,1,1


Category: Quarantine
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State
12/11/2009 6:04 PM,High,Trojan.Zbot!gen3 detected by Auto-Protect,Quarantined,Resolved - No Action,Auto-Protect,2009.12.11.024,109.2.3.12,Trojan.Zbot!gen3,Heuristic Virus,File Based,Fully removed


Category: System Activity Monitoring
Date & Time,Severity,Activity,Status,Recommended Action,Program,Last Updated,Affected Area,Modified resource,Target file
12/11/2009 4:46 PM,Low,"mbam-setup.tmp made 29 modifications to your computer., Resource, Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\appdata\local\temp\is-rud7l.tmp\mbam-setup.tmp,"Friday, December 11, 2009 4:46 PM","System Configuration, Windows Startup Settings","c:\users\jonathan\appdata\local\temp\is-4mm9t.tmp\_isetup\_regdll.tmp, c:\users\jonathan\appdata\local\temp\is-4mm9t.tmp\_isetup\_shfoldr.dll, c:\users\jonathan\appdata\local\temp\is-4mm9t.tmp\mbam.dll, c:\program files\malwarebytes' anti-malware\is-l4018.tmp, c:\program files\malwarebytes' anti-malware\is-qoet7.tmp, c:\program files\malwarebytes' anti-malware\is-i7oda.tmp, c:\program files\malwarebytes' anti-malware\is-ndbiu.tmp, c:\windows\system32\drivers\mbam.sys, c:\program files\malwarebytes' anti-malware\is-d45pa.tmp, c:\program files\malwarebytes' anti-malware\is-dekcg.tmp, c:\program files\malwarebytes' anti-malware\mbamext.dll, c:\program files\malwarebytes' anti-malware\is-mqofb.tmp, c:\program files\malwarebytes' anti-malware\is-ra91e.tmp, c:\windows\system32\drivers\is-p0iqu.tmp, c:\program files\malwarebytes' anti-malware\is-5gmhj.tmp, c:\program files\malwarebytes' anti-malware\is-q3en6.tmp, c:\program files\malwarebytes' anti-malware\is-d8bod.tmp, c:\program files\malwarebytes' anti-malware\is-7hpom.tmp, c:\program files\malwarebytes' anti-malware\is-annta.tmp, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Malwarebytes' Anti-Malware, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1\UninstallString, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\malwarebytes' anti-malware.lnk, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\malwarebytes' anti-malware.lnk, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\malwarebytes' anti-malware help.lnk, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\malwarebytes' anti-malware help.lnk, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\uninstall malwarebytes' anti-malware.lnk, c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware\uninstall malwarebytes' anti-malware.lnk",
12/10/2009 5:24 PM,Low,"taskmanager17.exe made 7 modifications to your System Configuration., Resource",Detected,"No Action Required, No Action Required",\\alienware\music\p\taskmanager17.exe,"Thursday, December 10, 2009 5:24 PM",System Configuration,"c:\users\owner\appdata\local\temp\wzse0.tmp\uninstal.exe, c:\users\owner\appdata\local\temp\wzse0.tmp\ascode.dll, c:\users\owner\appdata\local\temp\wzse0.tmp\setup.exe, c:\users\owner\appdata\local\temp\wzse0.tmp\spyprodll.dll, c:\users\owner\appdata\local\temp\wzse0.tmp\spyprotector.exe, c:\users\owner\appdata\local\temp\wzse0.tmp\taskman.exe, c:\users\owner\appdata\local\temp\wzse0.tmp\psapi_.dll",
12/10/2009 4:04 PM,Low,"sdra64.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\users\owner\appdata\roaming\sdra64.exe,"Thursday, December 10, 2009 4:04 PM",System Configuration,,C:\Windows\explorer.exe
12/10/2009 3:12 PM,Low,"spybotsd162.tmp made 54 modifications to your computer., Resource, Resource, Resource, Resource",Detected,"No Action Required, No Action Required",c:\users\owner\appdata\local\temp\is-d61r4.tmp\spybotsd162.tmp,"Thursday, December 10, 2009 3:12 PM","System Configuration, Windows Startup Settings, Program Startup Settings, Internet Explorer Settings","c:\users\owner\appdata\local\temp\is-k6isv.tmp\_isetup\_regdll.tmp, c:\users\owner\appdata\local\temp\is-k6isv.tmp\_isetup\_shfoldr.dll, c:\users\owner\appdata\local\temp\is-k6isv.tmp\isxdl.dll, c:\program files\spybot - search & destroy\is-itscf.tmp, c:\program files\spybot - search & destroy\is-qpvh9.tmp, c:\program files\spybot - search & destroy\is-8bptl.tmp, c:\program files\spybot - search & destroy\is-drr0p.tmp, c:\program files\spybot - search & destroy\is-6qtia.tmp, c:\users\owner\appdata\local\temp\is-k6isv.tmp\spybotsd_includes.exe, c:\program files\spybot - search & destroy\is-tn2t7.tmp, c:\program files\spybot - search & destroy\is-bvm31.tmp, c:\program files\spybot - search & destroy\is-qcocc.tmp, c:\program files\spybot - search & destroy\is-ocno9.tmp, c:\program files\spybot - search & destroy\is-1b064.tmp, c:\program files\spybot - search & destroy\is-ekc6h.tmp, c:\program files\spybot - search & destroy\is-50pgq.tmp, c:\program files\spybot - search & destroy\is-m2qdf.tmp, c:\program files\spybot - search & destroy\qovtvpgzoje.scr, c:\program files\spybot - search & destroy\is-bftnc.tmp, c:\program files\spybot - search & destroy\yerscepdcxkcli.scr, c:\program files\spybot - search & destroy\is-ohb8s.tmp, c:\program files\spybot - search & destroy\oekwqowllyltublqk.scr, c:\program files\spybot - search & destroy\is-rk3qg.tmp, c:\program files\spybot - search & destroy\is-v8ig7.tmp, c:\program files\spybot - search & destroy\plugins\is-e2ljv.tmp, c:\program files\spybot - search & destroy\plugins\is-c7dr1.tmp, c:\program files\spybot - search & destroy\plugins\is-86q3i.tmp, c:\program files\spybot - search & destroy\plugins\is-qmv8i.tmp, c:\program files\spybot - search & destroy\dummies\is-ua84q.tmp, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000\Software\Microsoft\Windows\CurrentVersion\Run, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000\Software\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.DisabledFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.SBEFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.SBIFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.SBSFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.TInfoFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.UTIFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\SpybotSD.UTSFile\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\UninstallString, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\spybot - search & destroy.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\spybot - search & destroy.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\update spybot-s&d.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\update spybot-s&d.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\file shredder.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\file shredder.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\uninstall spybot-s&d.lnk, c:\programdata\microsoft\windows\start menu\programs\spybot - search & destroy\uninstall spybot-s&d.lnk, c:\users\owner\appdata\roaming\microsoft\internet explorer\quick launch\spybot - search & destroy.lnk, c:\users\owner\appdata\roaming\microsoft\internet explorer\quick launch\spybot - search & destroy.lnk, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ClsidExtension",
12/10/2009 3:11 PM,Low,"spybotsd162.exe made 2 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",\\alienware\music\p\spybotsd162.exe,"Thursday, December 10, 2009 3:11 PM",System Configuration,"c:\users\owner\appdata\local\temp\is-ub9dc.tmp\spybotsd162.tmp, c:\users\owner\appdata\local\temp\is-d61r4.tmp\spybotsd162.tmp",
12/10/2009 9:11 AM,Low,"helper.exe made 23 modifications to your computer., Resource, Resource",Detected,"No Action Required, No Action Required",c:\program files\mozilla firefox\uninstall\helper.exe,"Thursday, December 10, 2009 9:11 AM","System Configuration, Windows Startup Settings","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.9)\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.9)\UninstallString, \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL\DefaultIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.11)\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.11)\UninstallString, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.3)\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.3)\UninstallString, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.4)\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.4)\UninstallString, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.5)\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.5)\UninstallString, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000_CLASSES\FirefoxHTML\DefaultIcon, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000_CLASSES\FirefoxURL\DefaultIcon, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000_CLASSES\ftp\DefaultIcon, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000_CLASSES\http\DefaultIcon, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000_CLASSES\https\DefaultIcon, c:\users\owner\appdata\local\temp\nsxf5c8.tmp\system.dll, c:\programdata\microsoft\windows\start menu\programs, c:\programdata\microsoft\windows\start menu\desktop.ini, c:\programdata\microsoft\windows\start menu\programs\desktop.ini, c:\users\jonathan\appdata\roaming\microsoft\internet explorer\quick launch\mozilla firefox.lnk, c:\programdata\microsoft\windows\start menu\programs\mozilla firefox\mozilla firefox.lnk",
12/10/2009 9:07 AM,Low,"svchost.exe made 4 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\windows\temp\ccew.tmp\svchost.exe,"Thursday, December 10, 2009 9:07 AM",System Configuration,"\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SPService\ImagePath, \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SPService\Type, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvc, c:\programdata\acccore\sp.dll",
12/10/2009 7:06 AM,Low,"svchost.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\windows\temp\cnih.tmp\svchost.exe,"Thursday, December 10, 2009 7:06 AM",System Configuration,,C:\Windows\System32\winlogon.exe
12/10/2009 5:57 AM,Low,"wow.exe made 16 modifications to your System Configuration., Resource, Resource",Detected,"No Action Required, No Action Required",c:\users\public\games\world of warcraft\wow.exe,"Thursday, December 10, 2009 5:57 AM","System Configuration, Windows Startup Settings","c:\users\public\games\world of warcraft\scan.dll.new, c:\autoexec.bat, c:\users\owner\appdata\local\blizzard entertainment\battle.net\cache\23\45\23451d428a1671e27635e923e9acfd6f8a883acb1f8e6b2a4152f037e5841594.auth, c:\users\owner\appdata\local\blizzard entertainment\battle.net\cache\36\b2\36b27cd911b33c61730a8b82c8b2495fd16e8024fc3b2dde08861c77a852941c.auth, c:\users\owner\appdata\local\blizzard entertainment\battle.net\cache\ab\c6\abc6bb719a73ec1055296001910e26afa561f701ad9995b1ecd7f55f9d3ca37c.auth, c:\programdata\microsoft\windows\start menu\programs\maxis, c:\programdata\microsoft\windows\start menu\programs\maxis\simcity 4 deluxe, c:\programdata\microsoft\windows\start menu\programs\vistacodecs, c:\programdata\microsoft\windows\start menu\programs\vistacodecs\32bit tools, c:\programdata\microsoft\windows\start menu\programs\vistacodecs\32bit tools\mp4 settings, c:\programdata\microsoft\windows\start menu\programs\vistacodecs\32bit tools\mp4 settings\info.lnk, c:\programdata\microsoft\windows\start menu\programs\maxis\simcity 4 deluxe\check for update.lnk, c:\programdata\microsoft\windows\start menu\programs, c:\users\jonathan\appdata\roaming\microsoft\windows\start menu\programs, c:\users\jonathan\appdata\roaming\microsoft\windows\start menu\programs\firaxis games, c:\programdata\microsoft\windows\start menu\programs\delta",
12/10/2009 5:44 AM,Low,"sdra64.exe made 8 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\windows\system32\sdra64.exe,"Thursday, December 10, 2009 5:44 AM",System Configuration,"\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1001\Software\Microsoft\Windows\CurrentVersion\Run, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1001\Software\Microsoft\Windows\CurrentVersion\Run\userinit, c:\users\jonathan\appdata\roaming\sdra64.exe, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000\Software\Microsoft\Windows\CurrentVersion\Run, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1000\Software\Microsoft\Windows\CurrentVersion\Run\userinit, c:\users\owner\appdata\roaming\sdra64.exe",C:\Windows\explorer.exe
12/9/2009 3:06 PM,Low,"svchost.exe made 2 modifications to your computer., Resource, Resource",Detected,"No Action Required, No Action Required",c:\windows\temp\pefd.tmp\svchost.exe,"Wednesday, December 09, 2009 3:06 PM","Program Startup Settings, System Configuration","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{51E15A44-F12F-4767-A7D8-CE3006CD12E9}, c:\windows\system32\wava0.dll",
12/9/2009 1:57 AM,Low,"svchost.exe made 3 modifications to your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\windows\temp\mtrq.tmp\svchost.exe,"Wednesday, December 09, 2009 1:57 AM",System Configuration,"\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit, c:\windows\system32\sdra64.exe",C:\Windows\System32\winlogon.exe
12/8/2009 6:56 PM,Low,"monkeyisland105.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\program files\telltale games\tales of monkey island\rise of the pirate god\monkeyisland105.exe,"Tuesday, December 08, 2009 6:56 PM",System Configuration,,C:\Windows\explorer.exe
12/8/2009 6:56 PM,Low,"dxwsetup.exe made 54 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\appdata\local\temp\ixp000.tmp\dxwsetup.exe,"Tuesday, December 08, 2009 6:56 PM",System Configuration,"c:\windows\system32\directx\websetup\sete26f.tmp, c:\windows\system32\directx\websetup\sete2be.tmp, c:\users\jonathan\appdata\local\temp\ixp000.tmp\dxupdate.dll, c:\windows\system32\directx\websetup\setba97.tmp, c:\windows\system32\directx\websetup\setbb72.tmp, c:\windows\system32\directx\websetup\set6f1.tmp, c:\windows\system32\directx\websetup\set8c6.tmp, c:\windows\temp\old909e.tmp, c:\windows\temp\old9189.tmp, c:\windows\system32\directx\websetup\seta16c.tmp, c:\windows\system32\directx\websetup\seta18c.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\dxupdate.dll, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xactengine3_2.dll, c:\windows\temp\old6ccb.tmp, c:\windows\system32\set6d87.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xaudio2_2.dll, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xapofx1_1.dll, c:\windows\temp\old6ee0.tmp, c:\windows\system32\set70d4.tmp, c:\windows\temp\old7171.tmp, c:\windows\system32\set728b.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\x3daudio1_5.dll, c:\windows\temp\old7569.tmp, c:\windows\system32\set7606.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xactengine3_3.dll, c:\windows\temp\old76c2.tmp, c:\windows\system32\set77cc.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xaudio2_3.dll, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xapofx1_2.dll, c:\windows\temp\old7905.tmp, c:\windows\system32\set79e1.tmp, c:\windows\temp\old7a20.tmp, c:\windows\system32\set7acd.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\d3dx9_42.dll, c:\windows\system32\set7be6.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\d3dx10_42.dll, c:\windows\system32\set7c74.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\d3dx11_42.dll, c:\windows\system32\set7cf2.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\d3dcsx_42.dll, c:\windows\system32\set80aa.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\d3dcompiler_42.dll, c:\windows\system32\set8202.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xactengine3_5.dll, c:\windows\system32\set829f.tmp, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xaudio2_5.dll, c:\users\jonathan\appdata\local\temp\dx4f7b.tmp\xapofx1_3.dll, c:\windows\system32\set853f.tmp, c:\windows\temp\old858e.tmp, c:\windows\system32\set8ea4.tmp, c:\windows\system32\directx\websetup\set7c50.tmp, c:\windows\system32\directx\websetup\set7c80.tmp, c:\windows\system32\directx\websetup\set85b3.tmp, c:\windows\system32\directx\websetup\set8602.tmp",
12/8/2009 6:54 PM,Low,"tomi_riseofthepirategod_setup.exe made 3 modifications to your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\documents\tomi_riseofthepirategod_setup.exe,"Tuesday, December 08, 2009 6:54 PM",System Configuration,"c:\users\jonathan\appdata\local\temp\nskd74e.tmp\userinfo.dll, c:\users\jonathan\appdata\local\temp\nskd74e.tmp\system.dll, c:\users\jonathan\appdata\local\temp\nskd74e.tmp\nsdialogs.dll",
12/8/2009 5:50 PM,Low,"au_.exe made 49 modifications to your System Configuration., Resource, Resource, Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\appdata\local\temp\~nsu.tmp\au_.exe,"Tuesday, December 08, 2009 5:50 PM","Internet Explorer Settings, System Configuration, Windows Startup Settings","c:\users\jonathan\favorites\desktop.ini, c:\users\jonathan\appdata\local\temp\nsp2884.tmp\ns28d3.tmp, c:\users\jonathan\appdata\local\temp\nsp2884.tmp\nsexec.dll, \REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon, c:\users\jonathan\appdata\local\temp\nsr8db3.tmp\system.dll, c:\users\jonathan\appdata\local\temp\nsr8db3.tmp\version.dll, c:\users\jonathan\appdata\local\temp\nsr8db3.tmp\psapihelper.dll, c:\users\jonathan\appdata\local\temp\nsr8db3.tmp\nsis_rayvplugin.dll, \REGISTRY\USER\S-1-5-21-2799694843-353797481-686840779-1001\Software\Microsoft\Windows\CurrentVersion\Run\RayV, c:\users\jonathan\appdata\local\temp\nsq7d2c.tmp\ns7d3d.tmp, c:\users\jonathan\appdata\local\temp\nsq7d2c.tmp\nsexec.dll, c:\users\jonathan\appdata\local\temp\nsa74c6.tmp\installoptions.dll, c:\users\jonathan\appdata\local\temp\nssa3dd.tmp\system.dll, c:\users\jonathan\appdata\local\temp\nssa3dd.tmp\userinfo.dll, c:\users\jonathan\appdata\local\temp\nspbb02.tmp\system.dll, c:\users\jonathan\appdata\local\temp\nspbb02.tmp\nsdialogs.dll, c:\users\jonathan\appdata\local\temp\nsn81ca.tmp\system.dll, c:\users\jonathan\appdata\local\temp\nsg2ae8.tmp\ns2b27.tmp, c:\users\jonathan\appdata\local\temp\nsg2ae8.tmp\nsexec.dll, c:\programdata\microsoft\windows\start menu\programs\rayv\uninstall rayv.lnk, c:\programdata\microsoft\windows\start menu\programs\rayv\blizzconlive.lnk, c:\programdata\microsoft\windows\start menu\programs\rayv, c:\programdata\microsoft\windows\start menu\programs, c:\programdata\microsoft\windows\start menu\programs\lazy man's mkv, c:\programdata\microsoft\windows\start menu\programs\autogk\autogk.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\catalan tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\english tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\french tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\greek tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\italian tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\portuguese tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials\russian tutorial.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk\tutorials, c:\programdata\microsoft\windows\start menu\programs\autogk\uninstall.lnk, c:\programdata\microsoft\windows\start menu\programs\autogk, c:\programdata\microsoft\windows\start menu\programs\interplay\uninstall.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout\read-me.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout\fallout manual.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout 2.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout 2\read-me.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout 2\fallout 2 manual.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\fallout tactics editor.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\fallout editor end user license agreement.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\editor readme.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\fallout tactics manual.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\patch readme.lnk, c:\programdata\microsoft\windows\start menu\programs\interplay\fallout tactics\fallout tactics readme.lnk",
12/8/2009 12:47 PM,Low,"hijackthis.exe made 9 modifications to your computer., Resource, Resource, Resource",Detected,"No Action Required, No Action Required",c:\program files\trend micro\hijackthis\hijackthis.exe,"Tuesday, December 08, 2009 12:47 PM","System Configuration, Network Related Activity, Windows Startup Settings","\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\UninstallString, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis\DisplayIcon, c:\windows\system.ini, c:\windows\win.ini, c:\program files\trend micro\hijackthis\backups\backup-20091208-124738-829.dll, c:\program files\trend micro\hijackthis\backups\backup-20091208-124746-226.dll, c:\windows\system32\drivers\etc\hosts, c:\programdata\microsoft\windows\start menu\programs\startup\launch killertray.exe.lnk, c:\programdata\microsoft\windows\start menu\programs\startup\logitech setpoint.lnk",
12/8/2009 12:35 PM,Low,"blizzard updater.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\users\public\games\world of warcraft\updates\wow-3.2.2-to-3.3.0-enus-win-patch\blizzard updater.exe,"Tuesday, December 08, 2009 12:35 PM",System Configuration,c:\users\public\games\world of warcraft\battle.net.dll.temp,
12/8/2009 12:34 PM,Low,"wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe,"Tuesday, December 08, 2009 12:34 PM",System Configuration,c:\users\public\games\world of warcraft\updates\wow-3.2.2-to-3.3.0-enus-win-patch\blizzard updater.exe.part,
12/8/2009 1:13 AM,Low,"setup.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\appdata\local\temp\7zsd91c.tmp\setup.exe,"Tuesday, December 08, 2009 1:13 AM",System Configuration,c:\users\jonathan\appdata\local\temp\nsj225c.tmp\system.dll,
12/8/2009 1:09 AM,Low,"uninstaller.exe modified your System Configuration., Resource",Detected,"No Action Required, No Action Required",c:\program files\mozilla firefox\uninstall\uninstaller.exe,"Tuesday, December 08, 2009 1:09 AM",System Configuration,c:\users\jonathan\appdata\local\temp\~nsu.tmp\au_.exe,
12/8/2009 1:09 AM,Low,"unwise.exe made 7 modifications to your computer., Resource, Resource",Detected,"No Action Required, No Action Required",c:\program files\lavasoft\ad-aware 6\unwise.exe,"Tuesday, December 08, 2009 1:09 AM","System Configuration, Windows Startup Settings","c:\users\jonathan\appdata\local\temp\glb1a2b.exe, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Professional\DisplayIcon, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Professional\UninstallString, c:\programdata\microsoft\windows\start menu\programs\lavasoft ad-aware 6\ad-aware 6.lnk, c:\programdata\microsoft\windows\start menu\programs\lavasoft ad-aware 6\ad-watch 3.lnk, c:\programdata\microsoft\windows\start menu\programs\lavasoft ad-aware 6\uninstall ad-aware 6.lnk, c:\programdata\microsoft\windows\start menu\programs\lavasoft ad-aware 6\ad-aware 6 manual.lnk",
12/8/2009 1:02 AM,Low,"ad-aware.exe modified your Windows Startup Settings., Resource",Detected,"No Action Required, No Action Required",c:\program files\lavasoft\ad-aware 6\ad-aware.exe,"Tuesday, December 08, 2009 1:02 AM",Windows Startup Settings,c:\programdata\microsoft\windows\start menu\cfp00000000.tmp,
12/8/2009 1:00 AM,Low,"aaw6pro.exe made 6 modifications to your computer., Resource",Detected,"No Action Required, No Action Required",c:\users\jonathan\documents\downloads\adaware 6.0 professional + serial\aaw6pro.exe,"Tuesday, December 08, 2009 1:00 AM",System Configuration,"c:\users\jonathan\appdata\local\temp\glc1b1a.tmp, c:\users\jonathan\appdata\local\temp\glj201b.tmp, c:\users\jonathan\appdata\local\temp\glk221e.tmp, c:\users\jonathan\appdata\local\temp\glf278e.tmp, c:\program files\lavasoft\ad-aware 6\unwise.exe, \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Professional\UninstallString",


Category: Silent Mode
Date & Time,Severity,Activity,Status,Recommended Action
12/11/2009 7:06 PM,Info,Silent Mode turned on.,Completed,No Action Required
12/11/2009 7:02 PM,Info,Silent Mode turned off.,Completed,No Action Required
12/11/2009 5:31 PM,Info,Silent Mode turned on.,Completed,No Action Required
12/11/2009 4:11 PM,Info,Silent Mode turned off.,Completed,No Action Required
12/11/2009 6:09 AM,Info,Silent Mode turned on.,Completed,No Action Required
12/11/2009 6:09 AM,Info,Silent Mode turned off.,Completed,No Action Required
12/11/2009 12:09 AM,Info,Silent Mode turned on.,Completed,No Action Required
12/11/2009 12:08 AM,Info,Silent Mode turned off.,Completed,No Action Required
12/10/2009 6:08 PM,Info,Silent Mode turned on.,Completed,No Action Required
12/10/2009 5:24 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/10/2009 5:24 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/10/2009 3:03 PM,Info,Silent Mode turned off.,Completed,No Action Required
12/10/2009 7:26 AM,Info,Silent Mode turned on.,Completed,No Action Required
12/10/2009 7:23 AM,Info,Silent Mode turned off.,Completed,No Action Required
12/10/2009 1:23 AM,Info,Silent Mode turned on.,Completed,No Action Required
12/9/2009 11:37 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/9/2009 11:14 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/8/2009 10:18 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/8/2009 9:56 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/8/2009 9:42 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/8/2009 6:57 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/7/2009 8:48 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/7/2009 8:37 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/7/2009 7:11 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/7/2009 7:01 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/7/2009 7:01 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/7/2009 6:53 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/6/2009 5:34 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/6/2009 5:34 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/6/2009 5:08 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 11:47 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 11:01 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 6:57 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 6:14 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 2:32 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 1:55 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 1:54 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 1:32 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 1:32 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 12:59 PM,Info,Light Silent Mode turned on.,Completed,No Action Required
12/5/2009 12:59 PM,Info,Light Silent Mode turned off.,Completed,No Action Required
12/5/2009 12:36 PM,Info,Light Silent Mode turned on.,Completed,No Action Required


Category: Norton Product Tamper Protection
Date & Time,Severity,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction,Terminal Session
12/11/2009 7:06 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 7:06 PM",c:\program files\malwarebytes' anti-malware\mbam.exe,2540,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2136,Access Process Data,Unauthorized access logged,1
12/11/2009 7:00 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 7:00 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1736,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2136,Access Process Data,Unauthorized access logged,
12/11/2009 4:48 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 4:48 PM",c:\program files\malwarebytes' anti-malware\mbam.exe,7016,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2160,Access Process Data,Unauthorized access logged,1
12/11/2009 4:11 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 4:11 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1720,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2160,Access Process Data,Unauthorized access logged,
12/11/2009 6:35 AM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Friday, December 11, 2009 6:35 AM",c:\windows\system32\services.exe,688,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2500,Access Thread Data,Unauthorized access logged,
12/11/2009 2:50 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 2:50 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,292,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2500,Access Process Data,Unauthorized access logged,
12/11/2009 2:49 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Friday, December 11, 2009 2:49 AM",c:\program files\lavasoft\ad-aware\ad-awareadmin.exe,576,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2500,Access Process Data,Unauthorized access logged,
12/10/2009 6:44 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 6:44 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1708,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2500,Access Process Data,Unauthorized access logged,
12/10/2009 6:25 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 6:25 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1740,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,3032,Access Process Data,Unauthorized access logged,
12/10/2009 6:02 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 6:02 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1748,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2632,Access Process Data,Unauthorized access logged,
12/10/2009 5:41 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 5:41 PM",c:\program files\security task manager\taskman.exe,6192,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2704,Access Process Data,Unauthorized access logged,1
12/10/2009 4:05 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 4:05 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1712,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2704,Access Process Data,Unauthorized access logged,
12/10/2009 4:02 PM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Thursday, December 10, 2009 4:02 PM",c:\windows\system32\services.exe,688,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2084,Access Thread Data,Unauthorized access logged,
12/10/2009 3:03 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 3:03 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1712,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2084,Access Process Data,Unauthorized access logged,
12/10/2009 3:02 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 3:02 PM",c:\windows\system32\rundll32.exe,4460,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2084,Access Process Data,Unauthorized access logged,1
12/10/2009 3:02 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 3:02 PM",c:\windows\explorer.exe,3608,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2084,Access Process Data,Unauthorized access logged,1
12/10/2009 7:29 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:29 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,4124,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:25 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:25 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2116,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:20 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:20 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,4124,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:16 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:16 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2116,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:11 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:11 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,4124,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:07 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:07 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,4188,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 7:07 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Thursday, December 10, 2009 7:07 AM",c:\windows\system32\svchost.exe,908,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2116,Allocate Virtual Memory,Unauthorized access blocked,
12/10/2009 5:44 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 5:44 AM",c:\windows\explorer.exe,2776,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2116,Access Process Data,Unauthorized access logged,2
12/10/2009 5:02 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 5:02 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,1740,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2116,Access Process Data,Unauthorized access logged,
12/10/2009 4:58 AM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Thursday, December 10, 2009 4:58 AM",c:\windows\system32\services.exe,728,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2080,Access Thread Data,Unauthorized access logged,
12/10/2009 3:01 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Thursday, December 10, 2009 3:01 AM",c:\windows\system32\mrt.exe,3776,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2080,Access Process Data,Unauthorized access logged,
12/9/2009 12:58 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Wednesday, December 09, 2009 12:58 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1752,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2080,Access Process Data,Unauthorized access logged,
12/9/2009 3:20 AM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Wednesday, December 09, 2009 3:20 AM",c:\windows\system32\services.exe,728,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Access Thread Data,Unauthorized access logged,
12/9/2009 2:06 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Wednesday, December 09, 2009 2:06 AM",c:\windows\system32\svchost.exe,916,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Allocate Virtual Memory,Unauthorized access blocked,
12/9/2009 2:02 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Wednesday, December 09, 2009 2:02 AM",c:\windows\system32\svchost.exe,916,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Allocate Virtual Memory,Unauthorized access blocked,
12/9/2009 1:58 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Wednesday, December 09, 2009 1:58 AM",c:\windows\system32\svchost.exe,916,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,3744,Allocate Virtual Memory,Unauthorized access blocked,
12/9/2009 1:58 AM,Medium,Unauthorized access blocked (Allocate Virtual Memory),Blocked,No Action Required,"Wednesday, December 09, 2009 1:58 AM",c:\windows\system32\svchost.exe,916,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Allocate Virtual Memory,Unauthorized access blocked,
12/8/2009 5:56 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 5:56 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1696,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Access Process Data,Unauthorized access logged,
12/8/2009 5:55 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 5:55 PM",c:\program files\lavasoft\ad-aware\ad-awareadmin.exe,3768,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Access Process Data,Unauthorized access logged,1
12/8/2009 5:49 PM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 5:49 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1744,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2088,Access Process Data,Unauthorized access logged,
12/8/2009 5:45 PM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Tuesday, December 08, 2009 5:45 PM",c:\windows\system32\services.exe,720,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2452,Access Thread Data,Unauthorized access logged,
12/8/2009 12:30 PM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, December 08, 2009 12:30 PM",c:\program files\lavasoft\ad-aware\aawservice.exe,1792,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2452,Open Process Token,Unauthorized access blocked,
12/8/2009 11:35 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, December 08, 2009 11:35 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,1792,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2452,Open Process Token,Unauthorized access blocked,
12/8/2009 8:35 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 8:35 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,1792,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2452,Access Process Data,Unauthorized access logged,
12/8/2009 8:28 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, December 08, 2009 8:28 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,1760,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,3344,Open Process Token,Unauthorized access blocked,
12/8/2009 8:26 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 8:26 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,1760,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,3344,Access Process Data,Unauthorized access logged,
12/8/2009 2:55 AM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Tuesday, December 08, 2009 2:55 AM",c:\windows\system32\services.exe,728,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Access Thread Data,Unauthorized access logged,
12/8/2009 2:52 AM,Medium,Unauthorized access blocked (Open Process Token),Blocked,No Action Required,"Tuesday, December 08, 2009 2:52 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,2632,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Open Process Token,Unauthorized access blocked,
12/8/2009 2:51 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 2:51 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,2632,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Access Process Data,Unauthorized access logged,
12/8/2009 2:50 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 2:50 AM",c:\program files\lavasoft\ad-aware\aawservice.exe,5252,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Access Process Data,Unauthorized access logged,
12/8/2009 2:50 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 2:50 AM",c:\program files\lavasoft\ad-aware\ad-awareadmin.exe,1376,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Access Process Data,Unauthorized access logged,1
12/8/2009 2:47 AM,Medium,Unauthorized access logged (Access Process Data),Logged,No Action Required,"Tuesday, December 08, 2009 2:47 AM",c:\program files\lavasoft\ad-aware\ad-awareadmin.exe,4252,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2108,Access Process Data,Unauthorized access logged,1
12/7/2009 3:37 AM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Monday, December 07, 2009 3:37 AM",c:\windows\system32\services.exe,684,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,360,Access Thread Data,Unauthorized access logged,
12/4/2009 9:31 PM,Medium,Unauthorized access logged (Access Thread Data),Logged,No Action Required,"Friday, December 04, 2009 9:31 PM",c:\windows\system32\services.exe,712,C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe,2552,Access Thread Data,Unauthorized access logged,


Category: Norton Community Watch
Date & Time,Severity,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details,Detailed Status
12/11/2009 8:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 8:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cfxl.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 8:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 8:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\udqt.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 8:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 8:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49372  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 04:03:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49348  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:58:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wpyx.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 7:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\reup.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 7:53 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49346  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:53:56 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nwow.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 7:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49344  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:48:56 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qmxs.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 7:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49326  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:43:56 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\idpw.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 7:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rofv.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 7:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ttvx.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 7:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49298  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:28:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bukc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 7:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 7:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49296  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 03:23:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 7:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ynpk.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 7:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qsii.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 7:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tpmt.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 7:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 7:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bqtc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:56 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 6:56 PM",Norton AntiVirus,Norton Community Watch Feedback,c:\windows\system32\drivers\jmjox.sys,
12/11/2009 6:55 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:55 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\eoxc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:50 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:50 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kiyt.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50175  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 02:50:11 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:45 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:45 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\hivi.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50173  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 02:45:10 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:40 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:40 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\udyg.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:35 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:35 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\gxvg.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:30 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:30 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\codh.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:25 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:25 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rapc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50121  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 02:25:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:20 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:20 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ospd.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:15 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:15 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wcuv.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:10 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:10 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\twcy.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:05 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:05 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jnhr.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:03 PM,Info,Statistical Submission: Trojan.Zbot!gen3,Processing,No Action Required,"Friday, December 11, 2009 6:03 PM",Norton AntiVirus,Statistical Submission: Trojan.Zbot!gen3,"c:\windows\temp\cnih.tmp\svchost.exeDetection Digest:  03 00 EA AF 04 01 00 01 00 00 00 00 00 1C FB 68 ...............h  C2 44 3B 4E 9A 00 00 00 00 C7 18 C5 20 04 03 00 .D;N........ ...  00 32 19                                        .2.               ",
12/11/2009 6:00 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:00 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\daac.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:55 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:55 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\olhp.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:50 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:50 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rpwq.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:45 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:45 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yptw.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:40 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:40 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qefn.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49989  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 01:40:04 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:35 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:35 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\btvr.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49973  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 01:35:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:30 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:30 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\dqic.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:25 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:25 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\sduf.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49910  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 01:25:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:20 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:20 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\pyoe.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49898  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 01:20:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:15 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\iymn.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49878  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 01:15:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:10 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:10 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\pbii.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:05 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:05 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vgss.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 5:00 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:00 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qtwv.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49808  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 00:59:59 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:55 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:55 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\khsl.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49746  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 00:54:59 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:50 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:50 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\foyf.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:46 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:46 PM",Norton AntiVirus,Norton Community Watch Feedback,c:\windows\system32\drivers\mbam.sys,
12/11/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49676  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE  Offending URL: software-files-l.cnet.com/s/software/11/12/70/26/mbam-setup.exe?e=1260600309&h=c9a12b5496d67e548eb1f4ab90cdc534&lop=link&ptype=1901&ontid=8022&siteId=4&edId=3&spi=ae2148005c3d6d4668d74f7732d66d06&pid=11127026&psid=10804572&fileName=mbam-setup.exe  Date Detected: Sat, 12 Dec 2009 00:45:49 GMT  Application File Checksum: 1B6362BB14FCEB9E76BCF9A953B04788  Application File Information: 8.0.6001.18865  Network Data: 434D50520014000078DAEDD0CB4AE4401406E093D1998DA3030E08BE40EDD27549A5920C046934832EBCA575E32C9A74AA9A0E93748229519F4C5FC677B1BAD1065DE952381F1487B3F8E1FC7572B03F5CFF0EB00F006B009EE7E637F71673DDBD9D7F008FDB6EF336E187DB67B00379767E998D2EC687D9F020CBC779F637CBB37C666DF78752DDDECEEBB6D083726EECA06C1B1A30C6FD980931963E67319361240633DBD47B7D57A585115CC68C8565A095964AC53A92D3280A84564A3345BAE2DAA6BA5E45C1FBB9BC64177EBFBFE4F07474D1B7537B5B5C1B7F5AD5A6F7EBD51DE0FD5AE61E606B953B1BE6C3E3D19E49B9504C3116B084CCD23229B8988432515A452694B199F0A92C26092B75190692D46D97D6D5FC3FE9EC7DE7C209E3A49DDB4AA78B9AA4AFAC39D2A92446BB11908FD57469CEB98898704BBFD85E0A93459393A2316933291ABF37F6A61B983B03DEDAB2D0136CAC0A5DE647B4A7AF7F4039A75CD08851A1E8DBF017ED7C7C0508218410420821841042E8339E013603B861  Sub-signature ID: 70328  Remote Address: 208.111.148.7  ",
12/11/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49674  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE  Offending URL: software-files-l.cnet.com/s/software/11/12/70/26/mbam-setup.exe?e=1260600309&h=c9a12b5496d67e548eb1f4ab90cdc534&lop=link&ptype=1901&ontid=8022&siteId=4&edId=3&spi=ae2148005c3d6d4668d74f7732d66d06&pid=11127026&psid=10804572&fileName=mbam-setup.exe  Date Detected: Sat, 12 Dec 2009 00:45:39 GMT  Application File Checksum: 1B6362BB14FCEB9E76BCF9A953B04788  Application File Information: 8.0.6001.18865  Network Data: 434D50520014000078DAEDD0414AC3401406E017AB6E140505C10BCCAECDCC6432491641421B6817AD9AB61B5D942433C160D20413514FA697F12EA6150B1EA1F03E181EFFE25FFC331B0D83C323802100F4000CA3BB07DD337E335C3D027C5D74C93885E32E5FC32544E1FD329C2F56E3301885D16A7C3B5F3455D6BEC52FBA9FE5856EFAC5205DEB7690562518E7DBDE279CED7A7741144CE737DA675C5249A9453DF2E4A75ECC78620B4F2AE9685BB83A619988138FA62AB52D418AAAF68B7CFD4CEAF6A3EECA1E65A45AB7B9F25DCA3969F2564F942F8856DDB14853E77EAC39132EA5766A29A98494AE7244E6381657522A2A49DDB51963DCA1BC0BCD2651970ADBE164B3641697DA2F93B8EC37BA7DAD07FA5D83D1DB0EFA8693DDA06534311BF3EF0F4CC64CC64D879A5C9AFFCB7BBA79FA0008218410420821841042683FFD0027469362  Sub-signature ID: 70328  Remote Address: 208.111.148.7  ",
12/11/2009 4:44 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:44 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vpaw.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49471  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 00:39:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:39 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:39 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qamp.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:34 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cnxq.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49447  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 00:34:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:29 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:29 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\pmnt.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49328  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Sat, 12 Dec 2009 00:24:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:24 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\mubc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260518932  25464  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260519232  25464  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260519533  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260519833  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260520133  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260520434  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260520734  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260521034  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260521335  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260521635  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260521935  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260522236  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260522536  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260522836  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260523137  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260523437  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260523737  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260524038  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260524338  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260524638  25464  1  DLL Association Count:32  DA[1]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[2]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[3]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[4]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[5]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[6]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[7]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[8]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[9]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[10]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[11]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe  DA[12]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  e60a7d8090fdf7ea5f8ad2ed6eb2e957f14ac33ca62718c2667b1a89d796d1d5  DA[13]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  ea2b8cf8238f1806451305391d926eb6852d51344580afd419fd1b6e08ed56ac  DA[14]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[15]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  03ef9253313d9161e1acc3727d720933d9f11fbac05ef8fdde19e211dae2c023  DA[16]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[17]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[18]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  a659963b55dbf26657920b718e6598f0b64975b292ba9ab5fcfb4485b5cf9ddf  DA[19]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  4d4bceedaa3b293b599ced5777e3695c8b1a07805fe84223a72a5785ca68e6f4  DA[20]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  e9884e7565baa72cef0b805908b1b78c759074e9402cb5cc563a2f73b875dcba  DA[21]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  ca1859155e0187388e3c774b796a27b773c026e4d06c9193ef6b23c6990e4e8e  DA[22]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  55db91edd0339d2434c06445f8a716a48ea90925b0ff7ebf45bb79d4b54b80bf  DA[23]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  96b444cf2fa218447a29bc5bf4308e3a5a47203555a460e79056ee6ac4875f9a  DA[24]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[25]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[26]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  6df82f7c1d0c54091be6860d7d8ade858f173253d882ed72281c1a06c326d2db  DA[27]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[28]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[29]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  DA[30]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9dc8618557b0d852eea1163cf312eb68f8df42486e4e76a74926cf99db06ac92  DA[31]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9f0ee70460ffa43e869c3821f0af6646d97e0f463a87b50b167ecad44df2e523  DA[32]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260512924  25464  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260513224  25464  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260513524  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260513825  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260514125  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260514426  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260514726  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260515027  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260515327  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260515628  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260515928  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260516228  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260516529  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260516829  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260517130  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260517430  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260517731  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260518031  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260518331  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260518632  25464  1  DLL Association Count:32  DA[1]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  28ed17bcae5db58885547213b5241f8e6599ade3bb7834a54ac2f10d3285c45f  DA[2]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[3]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[4]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  b7dfb14db60d84062b7e2a2293a4f3f5ef986108ef3c9c1e1cdc284f61981731  DA[5]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5deea3b8937b9c3dd716060819e78a1c12ad00a7d0ec8cb47823b7ee856ccfe1  DA[6]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  1bf29e5e1c541f36dedcd0ddccca0f35d19e94d2655055ee2477439940baaff1  DA[7]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[8]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  471693bf0ed3f9d07d0353cdfd2f88d5bc6886a2fa6d0f5b46ddcd6b8437935b  DA[9]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[10]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[11]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5fbde0193f6c6752c8bab88d945f536d1259b3290073fe73e97fd4d9603d9ad6  DA[12]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[13]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[14]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[15]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[16]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[17]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[18]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[19]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[20]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[21]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[22]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[23]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[24]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[25]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[26]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[27]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[28]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[29]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[30]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[31]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[32]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260506917  25464  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260507217  25464  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260507518  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260507818  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260508118  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260508418  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260508719  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260509019  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260509319  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260509620  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260509920  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260510220  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260510521  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260510821  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260511122  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260511422  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260511722  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260512023  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260512323  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260512623  25464  1  DLL Association Count:32  DA[1]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  DA[2]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  f66a772d2b2c7b8b91efb5b7e32fac63bbd17b5e835dd0566c943bdad1057786  DA[3]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6467de36c7db6502af17210148194f16be76a9ba793105fac763536cc14ce693  DA[4]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9c7ade37c9f2f9cc5a79d75260736c3791c7a73fb84be6b7e575ca31a4b99667  DA[5]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e7b852e949d0db9c3d63c4f49decf9c93781142eac6f6d66c9fc8e0027e904f4  DA[6]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  544a63148756ad0e993dd79f0656e73e23386bf0da54394000044fd0972c838d  DA[7]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  571d43bbb0d0d54a7d508e9d0e70cdf5f1f3b147b4f6b15eb3d893401bb6f40f  DA[8]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  4437abf328ded2f9337103a4e7d3892aa4a871a67f1890f12504ea79edd0a07d  DA[9]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6b3cbf69e9f637618da103cddde197091a95791ecc86b65a8b44e5240aa9e503  DA[10]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[11]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  cbe1f5b357aae3ea03e8e0ae2e1a1de4edf8f35ad056dcf1dc4e413284c86fc3  DA[12]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  746bdba233c41b3806280de5212daf2e09a77c059629f471178dfbf058134e15  DA[13]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2cc3632d39484c959855b8a27dded12a44765d7723ccf150e9f8b70015f1aa2e  DA[14]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[15]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9fc3a7c512b065f18b520fe93b821717bb8b4c36bd976e8d014f71116073cf50  DA[16]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[17]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d903cb3ae812efbb595a95b131920efc32fd01b490e723e4ffd75ba3651d8a4d  DA[18]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  b59c692fe8d19a2d9615d12c6026854c3467b25b3630183d766a32a9584c3115  DA[19]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[20]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  94e0b8590268bd21b035297f5b0c01a4e8958a1db39a5aa654ea1805bd30cec2  DA[21]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  07924f0966a05a992130d29bbf634214d0dfe4081851ed18b1e334437dd008d0  DA[22]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e158ad22f1905b41d7975e3725d7a870fb192d7258c4330df06cd4ac02a7cfe4  DA[23]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  90ef02dca67c68afbeb8e2be2e1bd6e400f2a386c3ce8af5573e9f89b7636688  DA[24]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  35159d86706441ed94895b4629411b4445fcb4526afd1f7036ee647931b7a94d  DA[25]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  f380b9a28d56dec902154a0251b58bd3576355ede2cd13cf47d7f4dbe3d61c97  DA[26]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d781c5f22bebb5c51b7792ebb4421c170f2cc5fe28e9245e9d6b9d22e33423ab  DA[27]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  f45c1429bd60eeab7be8c2114b9c819ced7583249cee1ab234a8a05a484528a9  DA[28]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  921ab6b88444b364f05d8edf0eddfa0892353a862cd3580f7eda311e4fdc26b6  DA[29]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[30]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[31]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[32]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260500904  25464  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260501205  25464  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260501506  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260501805  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260502109  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260502409  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260502710  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260503010  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260503310  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260503611  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260503912  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260504213  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260504513  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260504814  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260505114  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260505415  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260505715  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260506016  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260506316  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260506617  25464  1  DLL Association Count:32  DA[1]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3b085c27a91bf708b475250630545ecf0d57c454f8c4b21fdd40c81c0b9621b6  DA[2]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  71691d9b0fad6496dae86eebc6dfb328c14dfc6bdb1b59de5e4a88b129824740  DA[3]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8a6309c992acf5be4356b83832d5293a106c96f13cd228f30c2aa3d01c325220  DA[4]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3b990771cc7074a4d5350bd64238724a55fb49bc0da2fead83c0c37d6339ecb4  DA[5]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  15363cf764c2f2119b6f99156233ca672f405ee2f438c23d9480551edf92dd09  DA[6]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  02635287787412c2075f48a1bba60b2705c13f5e0d82f82c8c048ed9d8ab5f26  DA[7]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  885bda2c8836eede2205e080e642ba547e4ec5f408e4be9def2e6f958f6ecd7e  DA[8]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8b9fc6c6388316854f101b99f0c15597dac20ce43a4b9b151748f98070e9df8a  DA[9]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  02d5a718ae02f07b304377b4a1ff7bc4456489f020cfe797b6e98a0344ea63de  DA[10]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e23be78f4f510b8bb29f5d95c5dcd3d8db8f305eb5a66fcd3185d99ecdbbf06a  DA[11]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5709ad24e8858e0f59fe2d07242ab12eb7a10cde300e7404f8075d9429101228  DA[12]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7effa9d4561674633b2ffb35f629947b061afe5da756da6d02e0584fce221445  DA[13]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  22c194288db7fe6902e4be183856a07456b764d3b123c346a63f49ae55b4ef88  DA[14]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  64da78bc39dfeccb74584bb795155ef13be8a0f35c245fa967f38ac633fdd195  DA[15]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  c630390430bd36f40ff4d2f318878d25e7f1064493d06a77d27a8a28e7a9b02c  DA[16]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  96ba96aa2b3ac055fb473f81a67a534735b498d6e36dce813efbdcd1ca817ac4  DA[17]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  12a9ca74619ae147fc097a8a2142b6df9318ae8ed0adaf04a783bc0995039071  DA[18]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bc59a39d28d9d42982f4457edebe3eb6eaa83887d692ef082d981ab8a618c048  DA[19]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6fb614d4b60789927c456cd0691753b6be561304392feb18bec707030c4034ac  DA[20]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e119585f9ab2553a3b55f2b7c8f93610b13f917dc322038f7f4a25111b4484fd  DA[21]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  15099fc7a90b2e8d718d46e02d56026d56b3f043124c3455e79b7b44a027dd11  DA[22]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  0dcf1219ab9b2d843e7a2393d0cd7f2c0585fd99170ca3afde4e3acfe5d3bc42  DA[23]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  596b0cdb80274d52bd631605fd74030df1579ad7cf8cb209cb3983fef3675114  DA[24]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[25]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  a7f2f00e97a8eb6aa46f0fc8d8b6515e4a13f4b76dd17e5db92a73bc2299e897  DA[26]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3e2ee6c03aea754d1de49252197211efc871f45b1f77fcde5ffb074bfba67ab5  DA[27]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[28]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[29]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6df82f7c1d0c54091be6860d7d8ade858f173253d882ed72281c1a06c326d2db  DA[30]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[31]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[32]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260492572  25464  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260492873  25464  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260493173  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260493474  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260493774  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260494074  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260494374  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260494675  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260494975  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260495276  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260495579  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260497104  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260497405  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260497705  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260498005  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260498542  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260499703  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260500003  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260500304  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260500604  25464  1  DLL Association Count:32  DA[1]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  deec40472758a2d332db016a18a1d2329c7c01d315456cd42e88b8ef354a1986  DA[2]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  b6cd066ccf4ef68abe204d7aefbd73f01d41edb6f855051fba55697f1310470f  DA[3]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5091403c73d8d385e911c734bba328d5e842919a17b3c55df6ca0f8b9b565362  DA[4]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d1d49ec1887dcca3c91fba18d2a50f1737ab31aa81b5bf5d1e78ca7a6e37ba34  DA[5]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  40bd2bbf4170748258337ceedf59022e6c32be6085c7fa8272ee1c5c081b113f  DA[6]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  109ecfaceaf95e6f9b21fd008b2487df645528ec660af15c7077651627e7ab59  DA[7]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d15791005d59ac91112a73d15f6d1da4d76c5596de9835c97232d05c03d7fe9b  DA[8]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  aee783cdc18aad0001ecf723a5c69be016426c96cb55eaa8da178ce6b79a07e6  DA[9]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  066d0ab8dc7eba1a647e68a9b53ef73210854ffe3d4b59036a8c821a08f5a06e  DA[10]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7252ffb38db708b148a2c76d8d1225661f5deccb46c24f81bbf376b6337e90e3  DA[11]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8e53c311c0f818da407e47a8d6bff61738f17a514ab5f4575b82c178537bf3fb  DA[12]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d8394b8bd8919d3caca73ecb23b156b460d18e463fcf7436e4856208f17434af  DA[13]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  68fa4e365b48d852d2159cf172388f78c818bc5a9f81c03e3e2767c489018946  DA[14]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  03ef9253313d9161e1acc3727d720933d9f11fbac05ef8fdde19e211dae2c023  DA[15]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[16]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[17]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[18]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  b419c8a944f060620b6c5ab735f6e9cb870522a7c8e88e67d797a2d3f2f9cc27  DA[19]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  64ef0f725587ef745f297a84539dbe0a62857293f1743a8f185fd2ab411e6d0f  DA[20]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2755eaf82469d9f549534f0a20edaa8ca46ad0d08d3d3c60c985df82f30eae40  DA[21]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9b0abb7b1e7142d1e58b246820860e589ac7596aa4bb506b371aa4e3fbf381ad  DA[22]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  436758145d19f47d81e413fe62f73e30c644811f91e68dade8be8d5742dbbef9  DA[23]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  64196f325f2af0c8d358b9e83136f041aa22f7d4dbe08c07816c65ba5002e5d8  DA[24]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  3e6266ffbd868783adf1fbdba0aaa339025898413bdd425b4441d7ef5746329b  DA[25]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  945b3f789682a41b80814640c2e3b2fd70a0136d69c9762ae2732f8830ba099e  DA[26]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6681cddb3de0986c6551bb392ef678e555d5f2228a691b6c4a9e92985f1e7deb  DA[27]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  4fe7bac2f1820d3cd99fd4908adcdfcbcd6f17fc3b970d285ac84bfdbdd4a900  DA[28]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  9fd297207d33d500db026a2d3c4ee97d2760e33217ec7925c88fbc47f3a38436  DA[29]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  64a5e248fa06377313ecab3e637ec538ba13d9aeff5b15667a6b916301a170ab  DA[30]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  e44f62dd6060556034756a6f1a508660e1ad757dfd50b74e045b4aabf29b335b  DA[31]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  2a13193f7569abf35875cccc7ca94c934e780bdb9f93f9fc9fc16ab0caaedbcc  DA[32]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  74cda20b299c2258154fab3958f589b0f6396b2134ff0dd70e7bdab26411373f  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260486440  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260486740  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260487041  25464  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260487341  25464  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260487642  25464  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260487942  25464  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260488243  25464  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260488543  25464  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260488843  25464  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260489144  25464  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260489444  25464  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260489744  25464  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260490170  25464  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260490470  25464  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260490770  25464  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260491071  25464  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260491371  25464  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260491671  25464  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260491972  25464  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260492272  25464  1  DLL Association Count:32  DA[1]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[2]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[3]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[4]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[5]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[6]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[7]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[8]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[9]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[10]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[11]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[12]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[13]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[14]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[15]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[16]  735c69942e295cb27ae25c9d7c5fdb06735bc46edda5ffeccf8c3941ceb0f778  fc383d5a58dc085dbf68bf133f6911ce4a7892e5fce8be6d81b906ba8e1a5261  DA[17]  735c69942e295cb27ae25c9d7c5fdb06735bc46edda5ffeccf8c3941ceb0f778  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[18]  735c69942e295cb27ae25c9d7c5fdb06735bc46edda5ffeccf8c3941ceb0f778  613f0d184e08cbe1ffeeb8f845adca79577fb3cf59ea1fee6b2346d9930763ab  DA[19]  735c69942e295cb27ae25c9d7c5fdb06735bc46edda5ffeccf8c3941ceb0f778  0c93e63372d619393d9ddd3efca2317a6652276a9fde0530cd2a06135ee6b46d  DA[20]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d89d2e508fce30935e95e8eb3b8bb68e7b725ff813bc32fa4fd243e7e383f3d1  DA[21]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  d9a41a553f4813fa3f81400eda2b4dccf3cde75c9769e4685945cf9d052559f4  DA[22]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  6287d34911335ceb2e5c1669c76c518fce59fd88496cce8fbee083264cb936a7  DA[23]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  db7467fc8e4e980381e5938abf55cb5d93544789f6ef98ed70539743f187e17f  DA[24]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  bd7ddd28e88961832582719f98425226460f55bb14d330a67d9e5a524ddce4da  DA[25]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5ad25ced0a94652c27fff493f925b7e8af421c5b65c1038b4e90d179725a03c6  DA[26]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  803a4e53f158eb15a4cd77308de4099b14969c1d3b970113f98f68c5e5c21c07  DA[27]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  5928cac1387ca2ac59a9d7947e4cf11e76c9e4fd3c975d8a6e501ce2e242b896  DA[28]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  8016b4d6dedbd30a5bebe73f2fe7934bffb5d10c2e8dfd5dcfd171aee1b5f6af  DA[29]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  7984c0e87f1f1ab3fdcf4d8c923f31389fbd4e424f2b81ba521248370574aac0  DA[30]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  c8be77dd4e93abd3730127d3f41e64f353a70eae0c7d1d1dcb62c79f1dc3dc68  DA[31]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  4d08de9882de2590b8cc0cf5ec51a8a70d7a8b4acc0173e4764d37f968e754be  DA[32]  35b8fc703ae064800c08578ba21bc79ad501fe002786ca0aee883199f3e956bb  1c390129fbbeffc481bea7293674687a02f7ac12f2355bf2bb7c01a4290e795b  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260460008  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260460309  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260460610  23932  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260460911  23932  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260461212  23932  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260461513  23932  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260461813  23932  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260462114  23932  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260462415  23932  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260462716  23932  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260463017  23932  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260463318  23932  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260463619  23932  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260463919  23932  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260464220  23932  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260464521  23932  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260464821  23932  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260465123  23932  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260465425  23932  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260465725  23932  1  DLL Association Count:32  DA[1]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[2]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[3]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  d903cb3ae812efbb595a95b131920efc32fd01b490e723e4ffd75ba3651d8a4d  DA[4]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  72c59bbd1590ead91d92c07b3434be308639ce773e8a2e72751e5396b4b10ba5  DA[5]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  90ef02dca67c68afbeb8e2be2e1bd6e400f2a386c3ce8af5573e9f89b7636688  DA[6]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[7]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  4460a2e8b27eb74e951df328dabfc6c905dd1538d2f2bee59b2fda05482ce9f7  DA[8]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[9]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[10]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[11]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[12]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[13]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  b7dfb14db60d84062b7e2a2293a4f3f5ef986108ef3c9c1e1cdc284f61981731  DA[14]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[15]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[16]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[17]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  5fbde0193f6c6752c8bab88d945f536d1259b3290073fe73e97fd4d9603d9ad6  DA[18]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[19]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[20]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[21]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[22]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[23]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[24]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[25]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[26]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[27]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[28]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[29]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[30]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[31]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[32]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260453992  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260454292  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260454593  23932  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260454894  23932  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260455195  23932  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260455496  23932  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260455797  23932  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260456097  23932  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260456398  23932  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260456698  23932  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260456999  23932  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260457300  23932  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260457601  23932  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260457903  23932  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260458204  23932  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260458505  23932  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260458806  23932  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260459106  23932  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260459407  23932  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260459708  23932  1  DLL Association Count:32  DA[1]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[2]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[3]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[4]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[5]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[6]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[7]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[8]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[9]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[10]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[11]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[12]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  fc383d5a58dc085dbf68bf133f6911ce4a7892e5fce8be6d81b906ba8e1a5261  DA[13]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2a12eb65731de984615050836bd122bcbc3ae5494d43921bb2be14c143eeda83  DA[14]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  bc59a39d28d9d42982f4457edebe3eb6eaa83887d692ef082d981ab8a618c048  DA[15]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  f50b0f830fb98a1405953ce4867e5fa923730d4168e7110d968dae6b603ae5fe  DA[16]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[17]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  258b920bfa67a5f5a85a455ec7ccf18119c786f94a708087f09f3b5660cd783c  DA[18]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  e8aa356380e11a75da0b51da9c8bd9d3ea05885206ab9d4d1a69a96d8e9777ae  DA[19]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  55f71740fba3a079b81a045c81088c39176d44358ed28f568c198f338400e017  DA[20]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2db2979baf792da74584e380055f233b9cef51bcbf992ca84a79ad81a23c1663  DA[21]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  613f0d184e08cbe1ffeeb8f845adca79577fb3cf59ea1fee6b2346d9930763ab  DA[22]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  2d8bea00c4393a8289614e3b07adc74eec8c97e4f81ef370e390dfda0e7f7e66  DA[23]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[24]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  0c93e63372d619393d9ddd3efca2317a6652276a9fde0530cd2a06135ee6b46d  DA[25]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  37e8858211d7bf9de90cbd22863b18a939c43ba64cad06229e994a417bd46b0d  DA[26]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  6467de36c7db6502af17210148194f16be76a9ba793105fac763536cc14ce693  DA[27]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  c89ae8dd76ec8f669b5ffa9f8cbb4531743d3e1d8975b416ef2cb5ab35db4ef2  DA[28]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  e7b852e949d0db9c3d63c4f49decf9c93781142eac6f6d66c9fc8e0027e904f4  DA[29]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  544a63148756ad0e993dd79f0656e73e23386bf0da54394000044fd0972c838d  DA[30]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  571d43bbb0d0d54a7d508e9d0e70cdf5f1f3b147b4f6b15eb3d893401bb6f40f  DA[31]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[32]  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  746bdba233c41b3806280de5212daf2e09a77c059629f471178dfbf058134e15  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260447751  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260448051  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260448352  23932  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260448653  23932  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260448954  23932  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260449255  23932  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260449555  23932  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260449856  23932  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260450377  23932  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260450678  23932  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260450979  23932  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260451280  23932  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260451581  23932  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260451882  23932  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260452182  23932  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260452488  23932  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260452789  23932  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260453089  23932  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260453390  23932  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260453691  23932  1  DLL Association Count:32  DA[1]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[2]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  596b0cdb80274d52bd631605fd74030df1579ad7cf8cb209cb3983fef3675114  DA[3]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[4]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  f66a772d2b2c7b8b91efb5b7e32fac63bbd17b5e835dd0566c943bdad1057786  DA[5]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  c89ae8dd76ec8f669b5ffa9f8cbb4531743d3e1d8975b416ef2cb5ab35db4ef2  DA[6]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[7]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[8]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[9]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[10]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  70dab5cbeb5b2855784a9f6e3a52fd36c6fe18415fb01176481f85aef5b3e67b  DA[11]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[12]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  b7dfb14db60d84062b7e2a2293a4f3f5ef986108ef3c9c1e1cdc284f61981731  DA[13]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[14]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[15]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[16]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[17]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[18]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[19]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[20]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[21]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[22]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[23]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[24]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[25]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[26]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[27]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[28]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[29]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[30]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[31]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[32]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260441736  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260442037  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260442338  23932  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260442638  23932  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260442939  23932  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260443240  23932  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260443540  23932  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260443841  23932  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260444142  23932  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260444443  23932  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260444743  23932  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260445044  23932  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260445345  23932  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260445645  23932  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260445946  23932  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260446247  23932  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260446547  23932  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260446848  23932  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260447149  23932  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260447450  23932  1  DLL Association Count:32  DA[1]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[2]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[3]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[4]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[5]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[6]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[7]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[8]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[9]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[10]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[11]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[12]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[13]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[14]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[15]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[16]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[17]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[18]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[19]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[20]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[21]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[22]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[23]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[24]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  ed34d37b575c91a56704218eb9f6abbefda8b7de0e2ed44c96191abd0f9915a5  DA[25]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  b18b5bace4b9c00f09fe22f9359a48e23f23410d92bb1068b841161cc460c94e  DA[26]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  189fd4d2fc2086c55b26e003a279fa71413a19d613b322db546f40078f1538b4  DA[27]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  8ed9b269e5195bd11ff7ed6ebbc19fa32027ad068df357660c9e5084922329b5  DA[28]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  d8394b8bd8919d3caca73ecb23b156b460d18e463fcf7436e4856208f17434af  DA[29]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  02d5a718ae02f07b304377b4a1ff7bc4456489f020cfe797b6e98a0344ea63de  DA[30]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  444b26b20d942c572322b8922c8ab317a2187d300b4139cea2eaf6d5cc3c7914  DA[31]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  54e519ea810e2b8521f6fd5a8670dc65ee00297e616d2361d09b8c8debfdd99f  DA[32]  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  9dd6d263a8993aec1d4d935f8c93155f0369b8155d126c3d15c09cf3b1b2a4f1  ",
12/11/2009 4:22 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,Norton Community Watch Feedback,"File Vote Count:0  Threat Count:20  TR[1]  d4bf04d5d14364699a0f1e0d6139b441  1260435725  23932  1  TR[2]  d4bf04d5d14364699a0f1e0d6139b441  1260436025  23932  1  TR[3]  d4bf04d5d14364699a0f1e0d6139b441  1260436326  23932  1  TR[4]  d4bf04d5d14364699a0f1e0d6139b441  1260436626  23932  1  TR[5]  d4bf04d5d14364699a0f1e0d6139b441  1260436927  23932  1  TR[6]  d4bf04d5d14364699a0f1e0d6139b441  1260437227  23932  1  TR[7]  d4bf04d5d14364699a0f1e0d6139b441  1260437528  23932  1  TR[8]  d4bf04d5d14364699a0f1e0d6139b441  1260437828  23932  1  TR[9]  d4bf04d5d14364699a0f1e0d6139b441  1260438129  23932  1  TR[10]  d4bf04d5d14364699a0f1e0d6139b441  1260438430  23932  1  TR[11]  d4bf04d5d14364699a0f1e0d6139b441  1260438731  23932  1  TR[12]  d4bf04d5d14364699a0f1e0d6139b441  1260439031  23932  1  TR[13]  d4bf04d5d14364699a0f1e0d6139b441  1260439332  23932  1  TR[14]  d4bf04d5d14364699a0f1e0d6139b441  1260439632  23932  1  TR[15]  d4bf04d5d14364699a0f1e0d6139b441  1260439933  23932  1  TR[16]  d4bf04d5d14364699a0f1e0d6139b441  1260440233  23932  1  TR[17]  d4bf04d5d14364699a0f1e0d6139b441  1260440534  23932  1  TR[18]  d4bf04d5d14364699a0f1e0d6139b441  1260440835  23932  1  TR[19]  d4bf04d5d14364699a0f1e0d6139b441  1260441135  23932  1  TR[20]  d4bf04d5d14364699a0f1e0d6139b441  1260441436  23932  1  DLL Association Count:32  DA[1]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  DA[2]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  9c7ade37c9f2f9cc5a79d75260736c3791c7a73fb84be6b7e575ca31a4b99667  DA[3]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  9ea58407433f86baac3b4a6c334fb3bc59032ff4eb50efa7cd639aa56d96e908  DA[4]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  6b3cbf69e9f637618da103cddde197091a95791ecc86b65a8b44e5240aa9e503  DA[5]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  657ebc48f8ae297f76898c5417797c3542b086c40f84d32f7d76fa14893b2c08  DA[6]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[7]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  2cc3632d39484c959855b8a27dded12a44765d7723ccf150e9f8b70015f1aa2e  DA[8]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[9]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[10]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[11]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  94e0b8590268bd21b035297f5b0c01a4e8958a1db39a5aa654ea1805bd30cec2  DA[12]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  e158ad22f1905b41d7975e3725d7a870fb192d7258c4330df06cd4ac02a7cfe4  DA[13]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  35159d86706441ed94895b4629411b4445fcb4526afd1f7036ee647931b7a94d  DA[14]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  f380b9a28d56dec902154a0251b58bd3576355ede2cd13cf47d7f4dbe3d61c97  DA[15]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  d781c5f22bebb5c51b7792ebb4421c170f2cc5fe28e9245e9d6b9d22e33423ab  DA[16]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  f45c1429bd60eeab7be8c2114b9c819ced7583249cee1ab234a8a05a484528a9  DA[17]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[18]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[19]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[20]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[21]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[22]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[23]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  1bf29e5e1c541f36dedcd0ddccca0f35d19e94d2655055ee2477439940baaff1  DA[24]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[25]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[26]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[27]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[28]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[29]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[30]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[31]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[32]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  ",
12/11/2009 4:19 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:19 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cevi.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 4:15 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:15 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bhvj.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50406  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 14:34:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:34 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:34 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qmob.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 6:29 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:29 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\dohk.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 6:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50404  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 14:29:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:24 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:24 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xpvc.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:19 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:19 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ijqu.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50390  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 14:19:22 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:14 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:14 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\aaxa.tmp\svchost.exeDetection Digest:  03 00 EA AF 01 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50372  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 14:14:22 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 6:09 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:09 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\umbf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 6:04 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 6:04 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\gquo.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 6:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 6:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50356  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 14:04:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:59 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:59 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\eaxq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50354  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 13:59:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:54 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:54 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\eanr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  04 32 19                                        .2.               ",
12/11/2009 5:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50352  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 13:54:19 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 5:49 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:49 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xjec.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:44 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:44 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qwao.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:39 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:39 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\sort.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:34 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:34 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ixax.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:29 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:29 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\evsd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:24 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:24 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xrif.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  04 32 19                                        .2.               ",
12/11/2009 5:19 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:19 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jaaw.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:14 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:14 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cfkr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:09 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:09 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\urva.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:04 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 5:04 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bkrq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 5:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 5:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50278  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 13:04:16 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:59 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:59 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qqpf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:54 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:54 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kpfb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50274  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 12:54:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:49 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:49 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rchv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50270  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 12:49:14 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:44 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:44 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kviq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:39 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:39 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\sxan.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:34 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:34 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\damg.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:29 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:29 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xbfh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50238  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 12:29:12 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:24 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:24 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tycl.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:19 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:19 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\aobv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 4:14 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:14 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\gokr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 4:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 4:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50206  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 12:09:11 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 4:09 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:09 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vvly.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 4:04 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 4:04 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ljdy.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 3:59 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:59 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\krkj.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 3:54 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:54 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rbak.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 3:49 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:49 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ulra.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 3:44 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:44 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yfob.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 3:39 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:39 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rxsl.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 3:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 3:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50163  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 11:39:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 3:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 3:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50157  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 11:34:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 3:34 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:34 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jkps.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 3:29 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:29 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kwrm.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 3:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 3:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50141  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 11:24:08 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 3:24 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:24 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qoxm.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 3:19 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:19 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kadk.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 3:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 3:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50139  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 11:19:07 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 3:14 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:14 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\btqt.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 3:09 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:09 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tynd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 3:04 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 3:04 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\scce.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 3:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 3:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50101  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 11:04:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:59 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:59 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jrip.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 2:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50099  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:59:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:54 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:54 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\etge.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 2:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50097  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:54:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:49 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:49 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wxrj.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 2:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50093  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:49:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:44 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:44 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vmpv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50067  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:44:04 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:39 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:39 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jcyb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:34 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:34 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jwik.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:29 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:29 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nunv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:24 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:24 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\podk.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50051  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:24:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:19 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:19 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\obqr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 2:14 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:14 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ufkk.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 2:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50029  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:14:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:09 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:09 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cnpt.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 2:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50027  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:09:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 2:04 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 2:04 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\irpa.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 2:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 2:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50017  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 10:04:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:59 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:59 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qfmd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 1:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50015  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:59:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:54 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:54 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nohd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 1:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50013  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:54:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23168  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50010  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/install.48441.exe  Date Detected: Fri, 11 Dec 2009 09:48:59 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310AC2401404D05913B548B0D07BACECB2682C43B2100B153749932658A408041B2D2C3D8237F34A6E2C3C81E53C183E0303FF98676938053200012084BFB1CF78273ECF0678CF7D133166BE2FB082B3E7DA96555BD834B7AE2D4E65B553522B2DB5DE48B54D2082EF7889E837AEDD7EDD5F6FF7CB30489318A364F7E80ECD6BFC8A10444444444444444444F47F1F66B81693  Sub-signature ID: 67535  Remote Address: 91.212.226.178  ",
12/11/2009 1:48 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:48 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jkyq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50009  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:48:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49983  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:43:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:43 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:43 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tvuh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:38 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:38 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\hvrj.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:33 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:33 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qnuy.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:28 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:28 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vyub.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:23 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:23 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\gitq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:23 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:23 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49965  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:23:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 1:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49963  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 09:18:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 1:18 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:18 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\epvs.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:13 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:13 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nxrl.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:08 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:08 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\snro.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 1:03 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 1:03 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\esph.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:58 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:58 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\soty.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:53 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:53 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\mvcd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:48 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:48 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\lgjp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 12:43 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:43 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bmww.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 12:38 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:38 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ixei.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  03 32 19                                        .2.               ",
12/11/2009 12:33 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:33 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kuet.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 12:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49896  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 08:33:53 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 12:28 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:28 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\coku.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 12:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49894  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 08:28:53 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 12:23 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:23 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xrfo.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:18 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:18 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\hnvx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/11/2009 12:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Friday, December 11, 2009 12:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49882  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 08:18:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/11/2009 12:13 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:13 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ohpm.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/11/2009 12:08 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:08 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nqjb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/11/2009 12:03 AM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Friday, December 11, 2009 12:03 AM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tplx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 11:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xwop.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 11:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bhvp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 11:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jvto.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 11:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\etps.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 11:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nbvr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 11:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49816  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:38:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\afln.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 11:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49814  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:33:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yrbj.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 11:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49812  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:28:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49782  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:23:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yswu.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 11:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ursv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 11:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tkxf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 11:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49762  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:13:47 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\oqff.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 11:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 11:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49760  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 07:08:47 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 11:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 11:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\exuh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 10:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\fkwv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vybk.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 10:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 10:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49744  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 06:48:45 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 10:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ebpe.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  02 32 19                                        .2.               ",
12/10/2009 10:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yjsv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 10:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49716  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 06:38:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 10:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bxde.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 10:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\qanq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 10:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49714  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 06:33:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 10:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 10:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49712  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 06:28:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 10:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\niux.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nhnw.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\evpn.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nphh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\oilh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 10:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rbmn.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 10:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 10:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49672  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 06:03:42 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\byyd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49670  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:58:41 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cvsb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 9:53 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49668  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:53:41 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wwlr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 9:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49664  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:48:41 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bndc.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49635  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:38:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rsfb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49633  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:33:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jsvp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\lcej.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49631  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:28:39 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nccv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49619  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 05:18:39 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\gqyp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wxcf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 9:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\mdmq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 9:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 9:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\imph.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\vlpa.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bmfi.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xxka.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ctiy.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 8:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\malh.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nppt.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nhit.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\wopn.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\itlg.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\xitn.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49513  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 04:08:33 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rniq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 8:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 8:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nltm.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\uvom.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49499  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 03:58:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\jjvs.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yxty.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49493  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 03:48:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:43 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:43 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\fpqr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:38 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:38 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\srlx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:33 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:33 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\egnc.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:28 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:28 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\iutp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:23 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:23 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\duhb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:18 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:18 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\aqof.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49421  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 03:13:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:13 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:13 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\puwf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:08 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:08 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ycbx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 7:03 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 7:03 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\teoc.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:58 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:58 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\odpe.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 6:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49284  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 02:58:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 6:53 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:53 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\mnxx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:48 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:48 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rmpw.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 6:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49228  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\LOGITECH\SETPOINT\LU\LOGITECHUPDATE.EXE  Offending URL: logitech-sjca.navisite.net/logitech/controldevices/setpoint/4.60.122/10/_vi/32/setpoint.exe?hit=2&hcd1=100005f&lu.hp=sp&lu.hpo=10&lu.hv=4.60.122&lu.hl=enu&lu.uv=1.65.148&lu.uos=vi&lu.ubi=32&lu.ugu=c62612119db747148476010c79c19fc4  Date Detected: Fri, 11 Dec 2009 02:45:31 GMT  Application File Checksum: EA7D1523A20F774FCFB32F92953651C6  Application File Information: 1.65.148.0  Network Data: 434D50520014000078DAEDCFDD4AC3301407F053A7DE280A0A5EF800BB3369BAAE751741CA569817F3A3DB6EF4A26C69B6464A5BEC073E834FE43BF852C68CF51904CF0F42CE3F39819387C938383C021803400FC0B2F47EA097B5CB70F50AF075A193750AC73A5FC32544E1F3329C2FE269184CC2289E3ECE1759B155B514E94DF52656245FB5AAD299E4B206EBDC3CFC84B3EEE1531005B3F95DAA6AEEF4539130CE6C6DB8E9670D494B5E95BBA2D0E7A66AB94B3C9B30C73131E3326F7EABA6E58C7843C2DC5B138B8AB7CA546BC507A6B9D9365C788EC71CC646C9DA777DDDECFA9ECD6CE18F041B6D840B56CFCCF80D27DD8CCBE89EEE7F454591D7EF4596C8560959D14AD665A1F29AEEA7A2CCA671ABE8C0E9EE88FC907FE787B3174008218410420821841042FFD10FC14883DC  Sub-signature ID: 70328  Remote Address: 207.211.224.198  ",
12/10/2009 6:29 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:29 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\koxc.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 6:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49232  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 02:28:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 6:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 6:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49240  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 02:20:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 6:20 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:20 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\pcin.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:15 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:15 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bvtv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 6:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49224  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 02:10:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 6:10 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:10 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rbbj.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 6:05 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 6:05 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\istp.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51039  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51039  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51037  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51037  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51035  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51035  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51032  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51032  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51030  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51030  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:43:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51019  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51019  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51017  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51017  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51015  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51015  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:42:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51013  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:41:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51013  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:41:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51011  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:41:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51011  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:41:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51003  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51003  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51001  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51001  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50999  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50999  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50994  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50994  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50991  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50991  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:40:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rxbk.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50971  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 01:39:39 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50958  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50958  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50956  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50956  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50954  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50954  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50951  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50951  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50949  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50949  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:39:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50938  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:38:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50938  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:38:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50936  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50936  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50934  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50934  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50932  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50932  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50930  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50930  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:37:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50924  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50924  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50922  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50922  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50916  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50916  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50911  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50911  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50907  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50907  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:36:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50892  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50892  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50890  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50890  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50886  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50886  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50882  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50882  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:35:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50880  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:34:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50880  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:34:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:34 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:34 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\asrb.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50878  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 01:34:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50872  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50872  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50864  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50864  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50862  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50862  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50860  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50860  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:33:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50854  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50854  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50852  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50852  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50846  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50846  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50843  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50843  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50841  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50841  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:32:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50835  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:31:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50835  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:31:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50834  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50834  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50833  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50833  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50817  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50817  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50798  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50798  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50787  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50787  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50786  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50786  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:30:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:29 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:29 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\kmhi.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50777  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:29:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50777  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:29:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50775  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:29:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50775  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:29:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50773  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50773  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50771  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50771  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50769  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50769  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50768  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50768  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:28:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50757  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50757  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50755  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50755  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50752  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50752  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50750  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50750  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50748  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50748  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:27:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50727  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50727  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50724  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50724  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50719  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50719  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:25:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50718  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50718  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50716  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50716  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50715  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50715  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:24:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:24 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rrob.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50714  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 01:24:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50699  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50699  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50698  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50698  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50693  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50693  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50689  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50689  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50687  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50687  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50678  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50678  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50677  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50677  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50673  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50673  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:23:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50660  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50660  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50658  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50658  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50656  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50656  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:22:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50654  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:21:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50654  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:21:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50651  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:21:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50651  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:21:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50643  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50643  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50641  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50641  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50637  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50637  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50635  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50635  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50630  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50630  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50629  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50629  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:20:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:19 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:19 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\fewn.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50626  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:19:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50626  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:19:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50624  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50624  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50622  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50622  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50620  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50620  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50618  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50618  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:18:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50612  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50612  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50609  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50609  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50607  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50607  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50604  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50604  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50603  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50603  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50602  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50602  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:17:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50595  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:16:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50595  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:16:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50592  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:16:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50592  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:16:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50590  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50590  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50588  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50588  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50584  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50584  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50583  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50583  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:15:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50577  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 01:14:34 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 5:14 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\fxru.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50575  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50575  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50572  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50572  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50568  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50568  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50565  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50565  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50564  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50564  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:14:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50562  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:13:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50562  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:13:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50556  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50556  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50553  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50553  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50551  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50551  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50549  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50549  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50541  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50541  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:12:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50534  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:11:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50534  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:11:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50532  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:11:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50532  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:11:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50530  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50530  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50527  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50527  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50525  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50525  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:10:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50509  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50509  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50506  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50506  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ovuv.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50507  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 01:09:34 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50503  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50503  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50501  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50501  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50498  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50498  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:09:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50491  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50491  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50490  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50490  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50487  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50487  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:08:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50486  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50486  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50485  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50485  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50482  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50482  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50481  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50481  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50478  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50478  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:07:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50468  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50468  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50463  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50463  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50462  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50462  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50458  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50458  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:06:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50437  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:05:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50437  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:05:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:04 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 5:04 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ppui.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50425  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50425  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50423  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50423  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50421  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50421  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50420  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50420  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50418  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50418  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50417  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50417  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50415  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50415  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:03:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50410  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:02:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50410  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:02:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50408  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:02:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50408  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:02:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50406  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50406  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50404  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50404  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50402  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50402  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:01:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50400  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50400  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50398  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50398  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50396  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50396  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50391  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50391  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50389  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 5:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50389  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 01:00:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\duph.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50380  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:59:33 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50379  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50379  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50378  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50378  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50376  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50376  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50374  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50374  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50372  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50372  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:59:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50371  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:58:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50371  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:58:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50370  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:58:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50370  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:58:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50366  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50366  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50364  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50364  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50362  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50362  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50360  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50360  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50358  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50358  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:57:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50351  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50351  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50349  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50349  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50346  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50346  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:56:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50344  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50344  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50343  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50343  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50342  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50342  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:55:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50329  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50329  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50328  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50328  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50326  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50326  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\lhqq.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50323  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50323  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50321  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50321  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50316  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50316  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:54:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50309  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50309  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50306  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50306  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50305  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50305  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50303  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50303  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50301  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50301  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50297  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50297  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:52:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50290  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50290  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50288  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50288  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50286  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50286  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50283  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50283  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50282  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50282  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:51:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50281  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:50:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50281  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:50:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50266  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50266  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50264  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50264  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50262  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50262  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50258  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50258  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rvdl.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50256  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50256  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:49:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50249  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50249  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50248  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50248  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50246  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50246  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:48:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50244  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50244  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50242  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50242  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50239  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50239  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:47:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50236  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50236  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50234  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50234  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50232  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50232  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50231  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50231  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50230  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50230  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50226  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50226  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:46:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50215  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50215  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50213  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50213  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50211  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50211  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50205  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50205  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:45:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50203  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:44:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50203  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:44:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50200  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:44:32 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:44 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\bnet.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50195  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50195  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50193  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50193  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50189  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50189  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50187  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50187  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50185  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50185  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:43:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50181  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50181  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50180  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50180  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50174  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50174  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50172  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50172  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50170  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50170  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50168  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50168  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:42:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50161  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50161  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50159  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50159  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50156  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50156  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50155  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50155  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50154  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50154  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50152  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50152  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:40:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50136  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50136  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\ltnd.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50135  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:39:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50133  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50133  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50130  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50130  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50128  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50128  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50125  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50125  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:39:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50118  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:38:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50118  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:38:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50116  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50116  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50113  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50113  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50111  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50111  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50109  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50109  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:37:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50104  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50104  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50101  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50101  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50094  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50094  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50091  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50091  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50090  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50090  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50083  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50083  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:36:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50067  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:35:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50067  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:35:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50066  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:35:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50066  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:35:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50065  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50065  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50064  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50064  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50062  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50062  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50061  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:34:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:34 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\iwny.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50057  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50057  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50056  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50056  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50055  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50055  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:34:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50046  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50046  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50044  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50044  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50041  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50041  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50039  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50039  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:32:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50035  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:31:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50035  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:31:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50030  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50030  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50028  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50028  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50026  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50026  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50022  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50022  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50019  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50019  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:30:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\tjxa.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50007  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50007  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50005  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50005  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50004  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50004  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:29:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50002  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50002  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50000  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50000  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49999  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49999  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49997  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49997  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:28:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49988  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49988  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49986  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49986  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49983  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49983  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49980  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49980  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49978  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49978  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:27:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49971  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49971  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49969  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49969  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49967  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49967  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:26:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49965  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:25:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49965  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:25:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49962  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:25:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49962  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:25:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49943  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49943  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49941  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49941  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49940  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49940  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49939  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49939  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\cpmf.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49936  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49936  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49932  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49932  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:24:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49925  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:23:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49925  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:23:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49923  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49923  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49922  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49922  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49921  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49921  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49918  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49918  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49916  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49916  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:22:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49909  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49909  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49907  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49907  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49905  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49905  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49902  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49902  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49900  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49900  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:21:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49892  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49892  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49890  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49890  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49884  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49884  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:20:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49882  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:19:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49882  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:19:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49879  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:19:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49879  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:19:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49878  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:19:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:19 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\toqx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49874  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49874  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49873  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49873  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49870  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49870  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49865  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49865  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49863  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49863  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49861  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49861  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:18:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49856  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49856  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49853  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49853  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49851  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49851  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49850  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49850  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:17:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49848  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:16:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49848  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:16:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49845  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:16:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49845  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:16:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49839  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49839  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49838  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49838  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49835  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49835  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49834  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49834  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:15:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49821  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49821  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49820  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49820  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49817  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49817  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:14:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49814  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:14:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:14 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:14 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\yvcr.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49811  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49811  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49809  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49809  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49808  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49808  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49807  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49807  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49806  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49806  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49805  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49805  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49804  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49804  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49803  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49803  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:13:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49504  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:12:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49504  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:12:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49473  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49473  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49439  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49439  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49382  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49382  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49381  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49381  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49350  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49350  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:11:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49263  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49263  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49262  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49262  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49260  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49260  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49257  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49257  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49249  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49249  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:10:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49248  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:09:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49248  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:09:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49247  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:09:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49247  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:09:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:09 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\rypi.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49244  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:09:29 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49241  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49241  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49240  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49240  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49239  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49239  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49238  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49238  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49237  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49237  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49235  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49235  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49233  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49233  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:08:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49231  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49231  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49230  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49230  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49229  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49229  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49228  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49228  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:07:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49226  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49226  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49224  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49224  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49222  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49222  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:06:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49204  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49204  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49200  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49200  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49197  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49197  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49186  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49186  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49185  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49156  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49185  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49156  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:05:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50116  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50116  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50110  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50110  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50108  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50108  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\sqwi.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50109  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Fri, 11 Dec 2009 00:02:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50107  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50107  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:02:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50092  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50092  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50087  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50087  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50084  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50084  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50080  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 4:01 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50080  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:01:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50078  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:00:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 4:00 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50078  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Fri, 11 Dec 2009 00:00:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50047  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50047  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50044  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50044  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50041  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50041  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50039  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50039  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50037  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:59 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50037  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:59:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50031  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50031  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50028  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50028  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50027  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50027  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50026  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50026  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50024  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50024  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50022  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:58 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50022  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:58:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50019  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 23:57:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 3:57 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:57 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\nbyx.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 3:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50018  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:57:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:57 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50018  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:57:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50017  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50017  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50016  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50016  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50011  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:56 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50011  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:56:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49995  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:55:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:55 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49995  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:55:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49984  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49984  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49981  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49981  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49978  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49978  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49977  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:54 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49977  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:54:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:53 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49966  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:53:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:53 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49966  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:53:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49940  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49940  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49935  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 23:52:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 3:52 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\njub.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49928  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49928  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49926  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:52 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49926  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:52:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49924  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:51:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49924  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:51:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49922  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:51:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:51 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49922  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:51:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49905  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49905  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49902  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49902  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49900  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49900  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49894  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49894  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49886  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:50 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49886  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:50:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49867  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49867  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49865  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49865  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49862  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:49 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49862  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:49:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49859  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:48:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:48 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49859  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:48:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49832  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49832  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49826  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49826  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49823  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49823  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49819  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49819  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49817  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49817  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:47:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:47 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49812  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 23:47:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 3:47 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\buir.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49785  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49785  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49783  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49783  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49781  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49781  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49778  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49778  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49776  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:46 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49776  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:46:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49759  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49759  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49754  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49754  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49750  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:45 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49750  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:45:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49743  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49743  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49742  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49742  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49735  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:44 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49735  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:44:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49720  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49720  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49719  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49719  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49717  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49717  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49715  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49715  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49711  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49711  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49709  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:43 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49709  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:43:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49690  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 23:42:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 3:42 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\liru.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49688  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49688  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49686  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49686  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49685  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49685  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49684  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49684  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49680  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:42 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49680  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:42:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49677  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:41:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:41 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49677  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:41:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49672  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49672  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49669  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49669  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49665  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49665  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49663  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49663  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49660  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:40 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49660  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:40:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49652  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49652  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49650  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49650  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49648  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49648  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49646  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49646  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49645  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:39 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49645  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:39:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49642  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:38:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:38 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49642  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:38:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49632  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49632  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49628  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49628  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49626  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49626  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\eldt.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49622  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49622  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49620  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:37 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49620  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:37:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49612  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49612  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49610  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49610  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49608  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:36 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49608  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:36:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49606  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49606  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49605  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49605  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49604  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:35 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49604  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:35:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49602  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49602  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49600  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49600  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49597  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49597  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49593  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49593  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49591  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:34 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49591  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:34:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49570  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49570  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49567  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49567  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49565  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49565  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49563  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49563  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49561  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:33 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49561  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:33:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:32 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\iosc.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  01 32 19                                        .2.               ",
12/10/2009 3:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49552  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:32:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49552  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:32:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49550  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:32:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:32 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49550  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:32:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49548  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49548  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49546  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49546  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49544  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49544  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49541  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:31 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49541  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:31:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49535  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49535  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49532  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49532  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49530  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49530  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49528  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49528  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49526  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:30 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49526  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:30:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49520  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49520  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49518  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49518  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49515  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:29 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49515  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:29:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49512  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:28:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49512  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:28:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49510  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:28:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:28 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49510  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:28:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49502  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49502  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49497  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49497  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49495  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49495  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49493  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49493  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\eijo.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49490  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:27 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49490  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:27:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49484  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49484  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49481  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49481  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49477  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:26 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49477  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:26:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49475  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:25:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49475  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:25:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49473  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:25:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:25 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49473  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:25:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49470  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49470  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49468  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49468  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49467  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49467  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49464  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49464  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49462  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49462  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49460  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:24 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49460  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:24:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49455  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49455  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49453  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49453  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49450  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49450  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49448  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49448  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49439  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:23 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49439  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:23:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:22 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:22 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\brhy.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49431  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:22:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:22 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49431  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:22:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49429  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49429  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49427  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49427  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49425  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49425  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49423  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:21 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49423  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:21:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49419  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49419  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49417  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49417  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49414  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49414  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49412  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49412  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49409  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:20 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49409  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:20:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49403  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49403  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49400  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49400  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49399  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:19 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49399  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:19:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49393  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49393  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49392  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49392  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49389  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:18 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49389  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:18:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49383  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49383  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49381  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49381  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,Statistical Submission: Trojan Horse,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,Statistical Submission: Trojan Horse,"c:\windows\temp\btes.tmp\svchost.exeDetection Digest:  03 00 EA AF 09 01 01 01 00 5B 90 A0 D9 3C DE 38 .........[...<.8  33 A7 9B 80 16 49 1E C9 44 B0 00 00 00 9D F5 28 3....I..D......(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 04 03 00 .h;.n....1......  00 32 19                                        .2.               ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49380  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 23:17:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49378  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49378  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49376  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:17 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49376  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:17:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49374  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:16:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:16 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49374  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:16:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49370  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49370  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49368  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49368  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49366  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49366  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49364  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49364  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49362  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:15 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49362  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:15:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49353  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49353  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49349  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49349  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49347  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:14 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49347  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:14:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49345  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:13:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49345  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:13:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49341  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:13:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:13 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49341  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:13:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49323  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49323  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49318  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49318  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49317  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49317  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49316  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49316  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49315  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49315  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49314  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49314  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49312  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:12 PM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\hpgr.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 3:12 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49312  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:12:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49304  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49304  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49301  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49301  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49300  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49300  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49297  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:11 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49297  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:11:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49286  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:10:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49286  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:10:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49284  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:10:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:10 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49284  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:10:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49283  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49283  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49282  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49282  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49280  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49280  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49277  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49277  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49275  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49275  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49273  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:09 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49273  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:09:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,Sample Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,Sample Submission: Suspicious.MH690.A,c:\windows\temp\pqqt.tmp\svchost.exe,
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49268  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49268  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49266  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49266  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49263  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:08 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49263  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:08:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49261  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:07:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49261  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:07:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49259  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:07:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:07 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49259  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:07:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:07 PM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 3:07 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\pqqt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49247  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49247  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49245  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49245  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49243  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49243  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49241  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49241  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49239  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:06 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49239  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:06:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49238  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:05:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49238  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:05:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49236  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:05:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:05 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49236  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:05:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49234  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49234  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49232  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49232  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49226  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49226  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49223  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:04 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49223  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:04:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,Norton Community Watch Feedback,c:\program files\electronic arts\eadm\core.exe,
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49199  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49199  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49196  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49196  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49193  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49193  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49184  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:03 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49184  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:03:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 3:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49178  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:02:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 3:02 PM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 3:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49178  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 23:02:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52482  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52482  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52480  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52480  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52478  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52478  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52475  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52475  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52473  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52473  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:22:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:22 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 9:22 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ikkk.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52468  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52468  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52466  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52466  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52464  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52464  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52462  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52462  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52460  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52460  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:21:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52456  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:20:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52456  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:20:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52453  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:20:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52453  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:20:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52451  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52451  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52449  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52449  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52447  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52447  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:19:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52443  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52443  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52441  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52441  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52439  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52439  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52436  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52436  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52434  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52434  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:18:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52430  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52430  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52428  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52428  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wvlv.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52427  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52427  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:17:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52425  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52425  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52423  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52423  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52422  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52422  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52420  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52420  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:16:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52416  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52416  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52414  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52414  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52412  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52412  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52410  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52410  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52407  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52407  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:15:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52404  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52404  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52401  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52401  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52399  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52399  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52396  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52396  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:14:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52394  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:13:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52394  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:13:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52390  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52390  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52388  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52388  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52386  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52386  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52383  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52383  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52381  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52381  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:12:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:12 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cqxx.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 9:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 52346  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 17:12:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52327  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52327  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52323  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52323  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52321  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52321  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,Norton Community Watch Feedback,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,Norton Community Watch Feedback,c:\program files\mozilla firefox\uninstall\helper.exe,
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52304  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52304  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52300  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52300  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:11:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52254  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52254  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52252  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52252  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52250  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52250  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52248  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52248  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52246  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52246  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:09:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52241  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52241  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52239  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52239  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52236  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52236  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52234  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52234  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52232  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52232  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:08:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52229  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:07:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52229  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:07:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52227  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:07:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52227  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:07:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23168  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52226  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/Bot172.exe  Date Detected: Thu, 10 Dec 2009 17:07:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310E82401005D0BF825A406CBCC79A9D02B044D8040B352ED0D05051DB58587A046FE6951C4C3C82DD7F939FC9243F99735D95F112A800448031BA53CDBC179AE700BCD77A99142BBD37D822F86BEFDB6E6C7C59FB303697B6DB3B2B4EAC48665D5EC044DF72A2F32BF7E1B83BDCEE2E173B3DA6D3F09ADF2106111111111111111111FDCD07A9461421  Sub-signature ID: 67535  Remote Address: 91.212.226.178  ",
12/10/2009 9:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 52226  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/Bot172.exe  Date Detected: Thu, 10 Dec 2009 17:07:02 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310E82401005D0BF8236120A4D3CC69A9D42A444D8040B352CD06841456D63E1313C8EC77330F10876FF4D7E2693FC64CE5559C473A0041001C6E84E34D39E693637E0BDD2CB2458E89D628DE09BDEB7DD50FBA2F261A82F6D973B2B4EACC8CEBA6C0F137DCB4B9D5FB90FC7EDE1FE7099D8F1399EAEAFE91D62101111111111111111D1DF7C00938313AC  Sub-signature ID: 70328  Remote Address: 91.212.226.178  ",
12/10/2009 9:07 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 9:07 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ejfv.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52223  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52223  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52221  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52221  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52218  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52218  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:06:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52215  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52215  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52213  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52213  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52211  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52211  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52209  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52209  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52207  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52207  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:05:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52191  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52191  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52189  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52189  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52187  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52187  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52185  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52185  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52183  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52183  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:04:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52179  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:03:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52179  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:03:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52177  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52177  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52175  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52175  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52169  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52169  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52167  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52167  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:02:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:02 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nuhm.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 9:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 52157  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 17:02:00 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52153  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52153  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52151  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52151  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52149  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52149  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52146  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52146  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52144  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52144  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:01:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52082  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52082  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52080  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52080  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52078  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 9:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 9:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52078  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 17:00:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52076  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:59:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52076  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:59:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52073  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:59:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52073  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:59:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52070  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52070  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52067  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52067  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52065  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52065  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52063  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52063  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52061  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52061  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:58:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52057  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52057  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52055  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52055  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52053  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52053  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52050  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52050  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52048  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52048  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:57:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:57 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\avrt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 52047  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:57:00 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52043  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:56:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52043  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:56:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52041  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:56:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52041  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:56:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52039  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52039  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52037  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52037  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52035  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52035  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:55:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52031  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52031  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52029  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52029  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52026  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52026  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52024  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52024  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52022  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52022  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:54:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52017  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52017  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52015  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52015  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52013  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52013  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52011  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52011  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:53:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52008  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:52:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52008  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:52:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nkit.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 52005  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:51:59 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52003  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52003  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 52001  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 52001  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51999  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51999  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51997  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51997  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51995  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51995  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:51:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51991  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51991  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51989  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51989  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51986  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51986  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51984  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51984  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51982  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51982  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:50:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51978  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51978  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51976  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51976  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51974  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51974  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:49:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51972  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:48:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51972  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:48:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51970  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:48:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51970  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:48:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51966  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51966  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51963  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51963  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51961  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51961  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51959  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51959  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51957  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51957  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:47:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ljkc.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51952  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51952  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51950  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51950  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51948  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51948  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51945  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51945  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51943  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51943  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:46:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51939  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:45:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51939  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:45:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51937  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51937  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51935  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51935  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51933  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51933  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51931  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51931  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:44:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51927  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51927  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51925  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51925  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51922  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51922  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51920  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51920  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51918  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51918  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:43:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51914  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51914  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51912  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51912  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51910  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51910  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51908  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51908  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:42:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:41 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:41 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\oojm.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51906  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:41:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51904  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:41:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51904  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:41:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51900  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51900  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51898  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51898  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51896  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51896  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51894  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51894  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51892  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51892  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:40:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51888  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51888  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51886  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51886  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51884  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51884  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51881  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51881  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51879  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51879  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:39:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51875  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:38:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51875  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:38:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51873  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:38:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51873  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:38:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51871  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51871  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51867  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51867  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:37:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\umcr.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51864  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:36:56 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51862  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51862  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51851  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51851  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51846  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51846  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51843  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51843  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51841  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51841  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:36:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51837  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51837  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51835  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51835  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51833  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51833  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51830  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51830  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51828  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51828  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:35:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51824  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:34:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51824  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:34:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51821  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51821  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51819  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51819  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51817  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51817  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51815  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51815  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:33:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51811  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51811  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51809  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51809  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51806  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51806  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51804  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51804  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51802  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51802  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:32:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\inhl.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51800  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:31:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51797  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51797  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51795  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51795  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51793  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51793  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:31:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51791  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:30:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51791  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:30:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51788  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:30:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51788  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:30:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51785  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51785  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51782  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51782  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51780  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51780  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51778  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51778  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51776  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:29 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:29 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51776  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:29:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51772  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51772  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51770  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51770  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51768  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51768  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51765  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51765  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51763  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51763  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:28:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51759  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:27:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51759  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:27:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51757  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51757  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ioyf.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51754  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51754  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51756  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:26:54 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51752  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51752  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51750  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:26 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51750  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:26:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51746  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51746  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51744  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51744  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51741  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51741  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51739  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51739  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51737  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:25 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51737  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:25:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51733  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51733  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51731  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51731  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51729  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51729  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51727  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:24 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:24 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51727  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:24:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:23 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:23 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51724  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:23:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:23 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:23 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51724  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:23:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51720  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51720  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51718  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51718  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51716  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51716  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51714  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51714  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51712  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:22 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51712  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:22:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wqjx.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51709  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:21:53 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51707  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51707  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51705  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51705  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51702  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51702  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51700  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51700  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51698  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:21 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51698  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:21:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51646  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:20:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51646  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:20:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51644  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:20:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:20 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51644  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:20:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51642  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51642  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51640  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51640  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51637  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:19 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51637  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:19:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51632  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51632  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51629  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51629  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51627  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51627  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51625  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51625  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51623  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:18 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:18 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51623  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:18:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51611  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51611  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51609  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51609  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51607  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51607  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51604  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51604  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51602  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:17 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:17 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51602  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:17:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:16 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:16 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\gvgb.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51601  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:16:53 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51556  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:16:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:16 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:16 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51556  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:16:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51553  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51553  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51551  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51551  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51549  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51549  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51547  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:15 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51547  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:15:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51543  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51543  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51540  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51540  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51538  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51538  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51536  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51536  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51534  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:14 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:14 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51534  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:14:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51527  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51527  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51525  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51525  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51523  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:13 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:13 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51523  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:13:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51521  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:12:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51521  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:12:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51514  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:12:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:12 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:12 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51514  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:12:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ytwn.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51497  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51497  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51494  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51494  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51485  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51485  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51473  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51473  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51452  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:11 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:11 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51452  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:11:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51313  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51313  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51297  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51297  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51278  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51278  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51255  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51255  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51239  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:10 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51239  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:10:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51224  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:09:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51224  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:09:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51222  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:09:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:09 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:09 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51222  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:09:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51220  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51220  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51218  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51218  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51215  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:08 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:08 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51215  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:08:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51212  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51212  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51209  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51209  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51207  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51207  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51205  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51205  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51203  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:07 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:07 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51203  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:07:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\oudt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51197  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51197  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51195  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51195  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51193  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51193  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51190  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:06 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:06 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51190  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:06:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51186  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:05:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:05 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:05 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51186  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:05:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51176  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51176  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51174  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51174  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51172  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51172  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51170  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51170  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51168  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:04 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:04 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51168  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:04:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51164  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51164  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51162  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51162  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51159  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51159  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51157  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51157  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51155  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:03 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:03 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51155  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:03:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51151  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51151  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51149  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51149  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51147  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:02 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:02 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51147  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:02:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51145  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:01:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51145  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:01:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:01 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\qibi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 8:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51142  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:01:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51142  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:01:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:01 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:01 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51141  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 16:01:50 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51137  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51137  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51135  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51135  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51133  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51133  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51131  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51131  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51129  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 8:00 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 8:00 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51129  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 16:00:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51125  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51125  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51123  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51123  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51121  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51121  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51118  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51118  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51116  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:59 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:59 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51116  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:59:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51112  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:58:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:58 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:58 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51112  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:58:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51110  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51110  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51108  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51108  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51106  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51106  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51104  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:57 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:57 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51104  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:57:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\igdr.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51101  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:56:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51099  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51099  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51096  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51096  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51094  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51094  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51092  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51092  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51090  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:56 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:56 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51090  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:56:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51084  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51084  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51082  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51082  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51080  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51080  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51077  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:55 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:55 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51077  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:55:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51075  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:54:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:54 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:54 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51075  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:54:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51070  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51070  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51068  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51068  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51066  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51066  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51064  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51064  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51062  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:53 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:53 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51062  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:53:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51058  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51058  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51056  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51056  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51053  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51053  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51051  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51051  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51049  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:52 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:52 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51049  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:52:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:51 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nteo.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51047  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:51:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51044  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:51:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51044  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:51:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51042  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:51:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:51 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:51 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51042  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:51:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51040  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51040  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51038  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51038  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51035  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:50 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:50 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51035  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:50:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51032  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51032  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51029  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51029  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51027  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51027  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51025  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51025  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51023  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:49 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:49 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51023  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:49:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51019  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51019  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51017  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51017  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51015  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51015  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51012  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51012  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51010  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:48 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:48 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51010  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:48:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51006  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:47:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:47 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:47 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51006  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:47:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51004  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51004  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51002  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51002  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51001  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:46:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:46 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\bhge.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50999  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50999  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50997  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:46 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:46 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50997  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:46:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50993  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50993  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50990  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50990  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50988  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50988  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50986  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50986  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50984  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:45 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:45 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50984  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:45:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50980  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50980  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50978  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50978  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50976  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:44 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:44 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50976  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:44:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50974  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:43:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50974  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:43:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50971  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:43:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:43 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:43 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50971  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:43:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50967  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50967  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50965  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50965  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50963  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50963  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50961  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50961  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50959  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:42 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:42 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50959  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:42:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tuie.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50954  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50954  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50952  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50952  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50949  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50949  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50947  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50947  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50945  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:41 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:41 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50945  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:41:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50941  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:40:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:40 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:40 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50941  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:40:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50939  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50939  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50937  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50937  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50935  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50935  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50932  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:39 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:39 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50932  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:39:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50928  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50928  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50926  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50926  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50924  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50924  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50922  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50922  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50920  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:38 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:38 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50920  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:38:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50916  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50916  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50914  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50914  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50911  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50911  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50909  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:37 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:37 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50909  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:37:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50907  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:36:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50907  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:36:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:36 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:36 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\yixq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:36 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:36 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50906  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:36:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50902  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50902  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50900  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50900  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50898  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50898  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50896  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50896  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50894  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:35 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50894  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:35:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50882  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50882  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50879  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50879  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50877  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50877  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50875  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50875  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50873  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:34 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50873  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:34:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:33:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:33:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50867  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:33:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:33 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:33 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50867  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:33:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50865  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50865  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50863  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50863  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50861  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:32 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:32 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50861  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:32:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50860  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:31:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20  ",
12/10/2009 7:31 AM,Info,Statistical Submission: Suspicious.MH690.A,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\sitm.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.         ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50858  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50858  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50856  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50856  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50854  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50854  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50852  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50852  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50850  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:31 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:31 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50850  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:31:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50848  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50848  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50846  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50846  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50844  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50844  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50842  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50842  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50840  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:30 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:30 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50840  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:30:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50838  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50838  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50836  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50836  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50834  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50834  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50832  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50832  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50830  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:28 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50830  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:28:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50828  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50828  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50826  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50826  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50824  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Processing,No Action Required,"Thursday, December 10, 2009 7:27 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50824  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45  ",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50822  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:31:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50822  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:31:48 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50820  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:31:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:27 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50820  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:27:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:31:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:26 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Friday, December 11, 2009 5:31 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\hluo.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:30:56 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50817  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:30:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50817  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:30:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50815  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:27:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50815  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:27:21 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50813  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:26:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:26 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50813  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:26:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:27:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:25 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50811  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:25:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:24:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:25 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50811  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:25:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:26:08 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:25 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50809  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:25:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:24:08 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:25 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50809  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:25:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:24:06 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50807  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:23:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50807  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:23:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50804  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:22:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50804  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:23:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50802  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:22:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50802  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:22:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50800  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:17:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50800  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:19:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50798  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:16:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50798  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:24:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:16:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50792  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:15:56 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50792  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:16:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50790  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:15:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50790  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:15:46 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50788  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:15:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50788  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:14:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50786  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:14:31 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50786  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:14:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50784  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:11:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50784  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:23:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:10:17 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50782  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:22:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:09:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:22 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50782  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:22:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:10:06 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50780  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:09:19 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50780  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:09:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50778  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:09:17 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50778  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:06:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50776  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:05:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50776  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:06:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Friday, December 11, 2009 5:05 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\xwvh.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:05:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50773  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:04:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50773  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:21:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:05:17 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50771  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:04:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50771  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:04:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50769  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50769  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:51 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50767  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50767  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50765  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:23 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50765  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50763  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50763  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:20:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:03:08 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50761  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:02:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50761  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:02:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50759  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:02:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50759  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50757  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50757  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50755  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:39 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50755  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:19:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:25 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50753  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:18:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:18 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50753  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:18:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50751  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:01:00 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50751  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:00:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50747  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:58:40 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50747  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 01:00:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50744  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:57:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:58 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50744  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:58:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50741  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:57:29 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50741  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:57:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50739  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:56:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50739  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:17:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:56:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50736  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:16:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:56:23 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:16 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Friday, December 11, 2009 4:56 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\txxc.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:56:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50734  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:56:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50734  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:55:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50732  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50732  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:55:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50730  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50730  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:45 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50728  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:21 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50728  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:14 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50726  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:53:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50726  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:16:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:54:12 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50724  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:15:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:53:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:15 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50724  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:15:10 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:53:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50722  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:15:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:52:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50722  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:15:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:53:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50720  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:52:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50720  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:52:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50718  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:51:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50718  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:51:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50716  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:51:27 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:14 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50716  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:14:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:51:37 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50714  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:50:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50714  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:47 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:51:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50712  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:48:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50712  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:48:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50710  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:46:46 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50710  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:47:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50708  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:46:34 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50708  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:46:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50706  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:46:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:13 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50706  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:13:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:45:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50704  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:45:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50704  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:24 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:45:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50702  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:45:26 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50702  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:44:37 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50700  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:44:11 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50700  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:44:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50698  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:43:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50698  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:43:42 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50696  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:43:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50696  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:12:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:43:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:11 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Friday, December 11, 2009 4:42 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\louo.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:42:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50693  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:11:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:42:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50693  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:11:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:42:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50691  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:41:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50691  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:41:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50689  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:41:11 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50689  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:41:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50687  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:38:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50687  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:38:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50685  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:38:03 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:10 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50685  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:10:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:37:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50683  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:37:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50683  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:37:48 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50681  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:36:39 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50681  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:37:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50679  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:36:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50679  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:35:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50677  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:35:24 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50677  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:35:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50675  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:35:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50675  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:09:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:35:19 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50671  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:34:32 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50671  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:34:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50669  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:34:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50669  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:34:31 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50667  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:33:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:08 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50667  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:08:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:33:52 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:07 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50665  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:07:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:33:19 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:07 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50665  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:07:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:33:30 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50663  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:07:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:30:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:07 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50663  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:07:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:30:34 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50647  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:30:19 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50647  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:30:29 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50645  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:28:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50645  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:28:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Friday, December 11, 2009 4:28 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\miyw.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:25:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50640  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:24:52 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50640  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:25:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23168  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50641  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/money3.exe  Date Detected: Thu, 10 Dec 2009 15:06:41 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310E82401005D0BF825A4868BCC79A5D139592C02658A8718186866A4BB595CE237833AFE460C211ECFE9BFC4C26F9C99CCB228FE74001200294929D48C63D93BC3AE0B3944B2558C89D620DEFAEADAB9BBE7279E97C5F5DEA2633DA1AABADDD69B33F4045BFF24A662AB7FEB8B93DEE61D8EAF00CA7EE3DBE430C222222222222222222FA9B2F95F114BD  Sub-signature ID: 67535  Remote Address: 91.212.226.178    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:25:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50639  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:06:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:24:32 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50637  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:24:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50637  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:23:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50635  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:23:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50635  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:06:30 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:23:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50626  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:22:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50626  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:23:04 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50624  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:22:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50624  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:22:10 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Friday, December 11, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50622  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:21:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Friday, December 11, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50622  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sat, 12 Dec 2009 00:21:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50620  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:43:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50620  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:43:38 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50616  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:43:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50616  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:05:07 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:42:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50560  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:04:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:42:54 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50560  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:04:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:42:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50558  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:04:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:39:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50558  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:04:01 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:37:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50556  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:37:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50556  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:36:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50554  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:36:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50554  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:33:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50552  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:33:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50552  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:03:44 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:33:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50550  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:32:36 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50550  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:32:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50548  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:31:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50548  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:32:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50546  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:31:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50546  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:31:34 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50544  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:28:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50544  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:28:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50542  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:27:56 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50542  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:02:21 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:28:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wyat.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:27:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50539  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 15:01:39 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:27:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50537  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:26:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50537  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:26:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50535  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:25:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50535  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:26:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50533  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:25:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50533  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:25:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50531  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:24:55 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50531  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:01:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:24:21 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 7:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50529  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:00:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:24:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 7:00 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50529  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 15:00:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:23:40 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50527  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:22:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50527  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:23:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50525  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:22:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50525  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:22:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50523  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:21:21 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50523  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:21:48 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50521  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:21:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50521  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:20:55 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50519  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:18:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50519  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:59:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:17:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50517  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:17:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50517  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:17:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50515  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:17:05 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50515  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:16:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50513  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:16:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50513  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:16:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50511  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:14:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50511  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:15:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50509  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:14:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50509  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:58:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:14:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50507  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:14:02 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50507  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:13:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50505  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:13:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50505  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:13:26 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50503  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:12:23 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50503  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:57:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:13:13 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50501  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:56:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:12:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:56 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50501  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:56:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:12:03 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50499  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:56:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:11:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:56 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50499  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:56:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:11:59 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:56 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nqtn.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:11:17 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50496  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:10:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50496  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:10:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50494  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:10:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50494  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:09:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50492  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:09:18 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50492  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:09:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50490  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:08:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50490  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:08:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50488  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:08:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:55 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50488  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:55:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:08:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50486  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:07:52 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50486  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:07:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50484  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:07:17 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50484  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:07:38 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50482  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:06:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50482  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:04:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50480  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:03:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50480  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:03:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50478  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:03:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50478  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:54:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:03:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50476  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:53:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:00:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50476  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:53:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 01:00:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 5:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50474  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:59:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:59 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50474  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:57:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:57 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50472  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:56:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50472  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:56:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50470  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:55:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50470  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:56:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50468  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:55:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50468  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:52:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:55:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50466  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:54:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50466  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:54:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50465  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:51:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:53:45 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:51 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 4:54 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cfpo.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:54:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50463  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:53:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50463  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:53:34 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50461  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:52:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50461  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:52:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50459  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:52:25 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50459  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:52:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50457  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:51:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50457  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:51:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:52:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50455  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:51:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50455  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:51:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50453  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:50:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50453  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:50:52 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50451  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:50:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50451  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:50:08 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50449  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:50:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:49:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50447  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:49:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:49:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50447  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:49:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:48:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50445  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:48:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50445  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:48:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50443  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:47:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50443  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:47:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50441  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:44:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50441  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:44:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50439  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:44:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50439  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:43:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50437  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:43:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:48 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50437  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:48:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:43:48 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50435  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:43:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50435  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:42:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50433  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:42:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50433  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:42:20 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50431  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:41:56 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50431  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:41:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50429  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:41:54 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50429  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:41:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50427  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:40:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50427  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:47:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:41:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\clbt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:40:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50426  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:46:37 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:40:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50424  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:46:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:39:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50424  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:46:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:39:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50422  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:46:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:38:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:46 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50422  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:46:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:39:15 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50420  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:38:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50420  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:38:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50418  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:37:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50418  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:37:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50416  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:36:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50416  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:45:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:37:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50414  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:36:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50414  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:36:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50412  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:35:45 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:36 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50412  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:35:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50410  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:33:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50410  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:32:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50408  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:32:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50408  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:32:31 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50406  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:31:37 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50406  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:44:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:31:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50404  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:31:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50404  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:30:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50402  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:30:46 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50402  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:30:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50400  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:30:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50400  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:29:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50398  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:29:10 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50398  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:29:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50396  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:28:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:43 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50396  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:43:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:28:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50394  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:28:23 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50394  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:28:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50392  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:27:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50392  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:27:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50390  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:26:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50390  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:26:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50388  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:25:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50388  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:26:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\iflx.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:25:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50385  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:24:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50386  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:41:37 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:24:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50385  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:41:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:25:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50383  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:24:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50383  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:24:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50381  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:23:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50381  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:23:26 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50379  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:22:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50379  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:23:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50377  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:22:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50377  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:22:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50375  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:21:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:40 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50375  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:40:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:21:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50373  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:21:09 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50373  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:20:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50371  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:19:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50371  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:19:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50369  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:19:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:39 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50369  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:39:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:18:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:38 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50367  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:38:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:18:37 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:38 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50367  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:38:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:18:33 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:38 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50365  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:38:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:18:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:38 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50365  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:38:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:17:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50363  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:17:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50363  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:50 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:17:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50361  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:17:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:17 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50361  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:16:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50359  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:16:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50359  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:16:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50357  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:02:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50357  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:15:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50355  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:02:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50355  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:37:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:02:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 4:02 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cecf.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 50354  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:36:36 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50352  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50352  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50350  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50350  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50348  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50348  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50346  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50346  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50344  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50344  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:36:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:35 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50342  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:35:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:35 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50342  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:35:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50340  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:01 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50340  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:01:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50338  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50338  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:53 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50336  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50336  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50334  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:34 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50334  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:34:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50332  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50332  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50330  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50330  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:36 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50328  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50328  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50326  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50326  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50324  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:33 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50324  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:33:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50322  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:28 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50322  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50320  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50320  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:13 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50318  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50318  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50316  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50316  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:32:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:31 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50314  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:31:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:31 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50314  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:31:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Fri, 11 Dec 2009 00:00:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:31 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 4:00 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\fqob.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:59:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:26 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\dypp.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:59:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:21 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\jwwb.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:59:19 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:16 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:59 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\gtlm.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:56:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:11 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tkfc.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:56:06 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 6:08 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 50028  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:08:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:56:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:08 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:56 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 50028  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:08:27 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49982  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49982  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49975  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49975  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49965  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49965  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49962  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49962  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49958  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:07 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49958  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:07:04 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:55:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:06 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:55 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ycyu.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49937  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:06:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49911  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:06:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49911  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:06:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49889  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49889  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:58 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:17 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:52 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:54:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:54 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49864  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49864  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:46 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49861  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:05 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49861  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:05:41 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49857  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49857  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49855  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49855  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:35 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49853  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49853  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:29 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49851  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49851  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49849  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:04 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49849  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:04:18 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49847  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49847  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49845  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49845  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:12 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49843  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:53:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:53 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49843  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:06 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49841  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:03 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49841  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:03:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49839  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:02:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49839  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:02:55 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49837  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49837  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49835  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49835  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49833  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49833  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49831  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49831  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:38 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49829  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49829  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:01:32 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:52:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:52 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\irea.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:01 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49828  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 14:01:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49826  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49826  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49824  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49824  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49822  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49822  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49820  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49820  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:15 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49818  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 6:00 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49818  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 14:00:09 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49816  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:59:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49816  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:59:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:51:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49814  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:59:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:59 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:51 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49814  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:59:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49812  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49812  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49810  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49810  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:49 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49808  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:58 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49808  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:58:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49806  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:43 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49806  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49804  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49804  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49802  Local Port: 1119  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\USERS\PUBLIC\GAMES\WORLD OF WARCRAFT\WOW.EXE  Offending URL: auth.us.depot.battle.net:1119/abc6bb719a73ec1055296001910e26afa561f701ad9995b1ecd7f55f9d3ca37c.auth  Date Detected: Thu, 10 Dec 2009 13:57:32 GMT  Network Data: 434D50520014000078DAEDCDB16EC2301405D097D27681894A6CFD05E397C8B6CC8620151D6845020B0CC8761C31540509F36F7C1E69A576E213EE919EAEEE70F53EE6B3E9E313D18C887A4459D6E543777F39DA115D875DCB06F4DCF5577AA1AA5C6DCA7ABD5F94D37959ED179FF5DA5DD2415CCEA289A76312DEA5F415C5774C1366B694F57EB76FD4FFDF6EAAF7B1F3417B6FD83A53C4C052A9DC6A29D9B28CB976AD539A5B23D935D65AE53986C6B44AB5B629822B4C103F5F975B02000000000000000080FB6EB6D72B26  Sub-signature ID: 70328  Remote Address: 12.129.242.35    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49800  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49800  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49798  Local Port: 1119  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\USERS\PUBLIC\GAMES\WORLD OF WARCRAFT\WOW.EXE  Offending URL: auth.us.depot.battle.net:1119/23451d428a1671e27635e923e9acfd6f8a883acb1f8e6b2a4152f037e5841594.auth  Date Detected: Thu, 10 Dec 2009 13:57:30 GMT  Network Data: 434D50520014000078DAEDCDBD0E01411405E0BB160D1589CE2B0C33B33FB33A618502B1682864D6CE4621488C77F3788684CA239C2FB939F7143777311E0DAB35A21111F9449EE7B2E2E69B9D3DD1B3E59AD7A4BAEB5D6A5396AEB6E97A7398A6C3719A1DA6CBF5463FEC893DEEAC30B7AB65B9B6F66CD8C5D801E73C21CFFFDC4EA8F1BBDD66B39E9041C88B4028CDA3981B11473234899026D1C7B2884AA59592FA98F3529928173AE0A128FB3236A1726B12B0F7D7F98E000000000000000000E0BF17E9DF2A48  Sub-signature ID: 70328  Remote Address: 12.129.242.35    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49795  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49795  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:26 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:50:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49791  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:57 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49791  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:57:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\xrjp.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:25 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49783  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49783  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:20 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49781  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49781  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:21 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49779  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:49:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49779  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49777  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:56 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49777  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:56:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49775  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:55:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:55 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49775  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:55:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49756  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49756  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:57 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49754  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49754  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49745  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49745  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49743  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49743  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49741  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:54 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49741  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:54:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49717  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49717  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:34 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49714  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49714  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49704  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:48 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49704  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:22 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:48:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49702  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49702  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49700  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:53 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49700  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:53:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49642  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49642  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49640  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49640  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49636  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49636  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:52:00 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49634  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:51:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49634  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:51:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49632  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:51:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:51 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49632  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:51:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:51 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\jbfi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:02 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49590  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:47:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49590  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:48 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49588  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49588  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:42 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49586  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49586  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:37 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49576  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49576  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:31 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49574  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:50 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49574  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:50:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49513  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:47 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49513  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:25 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49509  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49509  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49505  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49505  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:14 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49502  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49502  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:08 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49500  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:49 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49500  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:49:03 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49442  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:48:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:48 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49442  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:48:02 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49440  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49440  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:56 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:46:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49438  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49438  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:51 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49436  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49436  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:45 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49434  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:47 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49434  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:47:40 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49432  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49432  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:39 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49430  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49430  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:33 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wnrb.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49427  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49427  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:28 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49429  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:46:28 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49425  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49425  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:23 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49423  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:19 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:45:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:46 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49423  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:46:17 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49410  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49410  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:16 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49408  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49408  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:11 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49406  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:45 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49406  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:45:05 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49404  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:44:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49404  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:44:59 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 49402  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:44:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:44 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49402  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Thu, 10 Dec 2009 13:44:54 GMT  Application File Checksum: D07D4C3038F3578FFCE1C0237F2A1253  Application File Information: 6.0.6002.18005  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:41 AM,Info,Norton Community Watch Feedback,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,Norton Community Watch Feedback,"Signature ID: DLLMM  Signature Set Version: 20091111.001  Application Name: C:\Windows\system32\mshtml.dll  Date Detected: Thu, 10 Dec 2009 13:41:37 GMT  Application File Checksum: 062B81F34EADEEF652E759BF93691C50  Application File Information: 8.0.6001.18865  Flags: 0x00000001    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:41 AM,Info,IPS Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Statistical Submission,"Signature ID: DLLMM  Signature Set Version: 20091111.001  Application Name: C:\Windows\system32\mshtml.dll  Date Detected: Thu, 10 Dec 2009 13:41:37 GMT  Application File Checksum: C5239A137D2D2035D3E52B9AA076F28A  Application File Information: 8.0.6001.18865  Flags: 0x00000001    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:41 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tdns.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:41 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49254  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:41:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:44:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:36 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:44 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\gxxa.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:36 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49248  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:36:22 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:52 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:31 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\xrsr.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:26 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\lifv.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:20 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 5:26 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49246  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:26:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:21 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\diyq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:05 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 5:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49242  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:21:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:43:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:16 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:43 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\xtid.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:42:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:11 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\gmpq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:42:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49238  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:11:18 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:42:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:06 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tpps.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:42:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 5:06 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49206  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 13:06:17 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:42:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:57 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:42 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\kdtw.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:41:54 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 4:52 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\chvp.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:41:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 54278  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 12:52:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:41:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:47 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\upgi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:41:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:42 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:41 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\hnrn.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:40:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:37 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\hodw.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:40:26 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:32 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\bhxj.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:40:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:27 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 54205  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 12:27:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:40:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:27 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:40 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nbee.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:39:57 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 4:22 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\oysv.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:39:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:17 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tyul.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:39:30 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 4:12 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\qfel.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:39:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:07 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:39 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\psbd.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:38:55 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 4:02 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:38 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\bnsa.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:38:34 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 4:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 54117  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 12:02:27 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:38:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:57 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:38 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\pxlf.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:52 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\mcxi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:47 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\btpq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:42 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\shjf.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:24 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:42 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 54067  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 11:42:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:37 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\hsok.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:37:00 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:32 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:37 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\aaic.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:36:55 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:27 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\fenf.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:36:52 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:22 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:36 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\awgy.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:34:10 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:17 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:34 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\jeio.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:33:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:12 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wboi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:33:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 3:07 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\fird.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:33:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:02 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wewk.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:33:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 3:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53972  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 11:02:19 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:32:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:57 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ptha.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:32:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:52 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:32 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\jiwi.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:31:59 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:52 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53940  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 10:52:17 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:31:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:47 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\iion.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:31:12 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 2:42 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:31 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cwid.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:30:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:42 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53918  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 10:42:16 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:30:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:37 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cqsp.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:30:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53912  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 10:37:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:29:44 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:32 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53904  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 10:32:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:29:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:32 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\wsca.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:29:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:27 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:29 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\tyhq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:28:57 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 2:22 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\psnq.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:28:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:17 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\klcp.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:28:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:12 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:28 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\bvky.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:27:55 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 2:07 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\nedt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:27:48 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 2:02 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:27 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\lpnm.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:26:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 2:02 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53818  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 10:02:11 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:26:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:57 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\iglu.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:26:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:52 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\yyea.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:26:15 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:47 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:26 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\smdh.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:23:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:47 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53768  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:47:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:23:34 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:42 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\fcrr.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:23:13 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:42 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53753  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:42:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:20:31 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:37 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cieo.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:20:17 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:37 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53747  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:37:08 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:19:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:32 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53739  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:32:08 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:19:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:32 AM,Info,Statistical Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\cptl.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:19:30 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:27 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\vasx.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:19:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:22 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:19 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\yvon.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:18:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:22 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53703  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:22:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:18:43 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53693  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:17:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:18:29 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:17 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\sucu.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:18:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:12 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:18 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\jofh.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:15:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Thursday, December 10, 2009 3:15 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 53639  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: ldss.site40.net/x136.scr  Date Detected: Thu, 10 Dec 2009 09:12:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCA3B0AC2400084E159A38228080A1E235114FB902CC442C53C1A2D52680A412CDC141ECDE3B9087A03BBFF836118985D9AC4DD9E94480A24637C777CBE3D3B49AF895F66A4BEDF634D95DB43658BB2CE6C9CDABCCEF64579BB3817BA6BDBACE6E1BD696582CF7BA0E1EF5DE59BE8B958AE43777E6C8F02000000000000F0776F4B8F1512  Sub-signature ID: 70328  Remote Address: 64.235.57.20    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:14:40 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:07 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\oibt.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:14:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 1:03 AM,Info,Sample Submission: Suspicious.MH690.A,Submitted,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,Sample Submission: Suspicious.MH690.A,"c:\windows\temp\ikrc.tmp\svchost.exe  OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:14:15 GMT  Product:Norton AntiVirus 16.7.2.11",
12/10/2009 1:02 AM,Info,Statistical Submission: Suspicious.MH690.A,Pending,No Action Required,"Thursday, December 10, 2009 3:14 PM",Norton AntiVirus,Statistical Submission: Suspicious.MH690.A,"c:\windows\temp\ikrc.tmp\svchost.exeDetection Digest:  03 00 EA AF 0A 01 00 02 00 B0 00 00 00 9D F5 28 ...............(  B3 68 3B F3 6E 00 00 00 00 31 8F 00 AD 01 03 00 .h;.n....1......  01 66 00 04 03 00 00 32 19                      .f.....2.           OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Thu, 10 Dec 2009 23:13:54 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[2]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[3]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[4]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[5]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[6]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[7]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[8]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[9]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[10]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[11]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[12]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[13]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[14]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[15]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  68fa4e365b48d852d2159cf172388f78c818bc5a9f81c03e3e2767c489018946  DA[16]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  15363cf764c2f2119b6f99156233ca672f405ee2f438c23d9480551edf92dd09  DA[17]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  54e519ea810e2b8521f6fd5a8670dc65ee00297e616d2361d09b8c8debfdd99f  DA[18]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  7effa9d4561674633b2ffb35f629947b061afe5da756da6d02e0584fce221445  DA[19]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  64da78bc39dfeccb74584bb795155ef13be8a0f35c245fa967f38ac633fdd195  DA[20]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  3aa79e62edcfb994200b29a89c267e5391bbf4da6e5508814da52db801c80fe2  DA[21]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  12a9ca74619ae147fc097a8a2142b6df9318ae8ed0adaf04a783bc0995039071  DA[22]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  a659963b55dbf26657920b718e6598f0b64975b292ba9ab5fcfb4485b5cf9ddf  DA[23]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  4d4bceedaa3b293b599ced5777e3695c8b1a07805fe84223a72a5785ca68e6f4  DA[24]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  15a579fde0288bc732df0c092a8269159d4d7b8aac13e78b1d444899ee1ce478  DA[25]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  bc59a39d28d9d42982f4457edebe3eb6eaa83887d692ef082d981ab8a618c048  DA[26]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  f50b0f830fb98a1405953ce4867e5fa923730d4168e7110d968dae6b603ae5fe  DA[27]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[28]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[29]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[30]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[31]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[32]  5505c837828dcd976e195c52d0282b853d5067730cf91e31e9708f72416eba02  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  f45c1429bd60eeab7be8c2114b9c819ced7583249cee1ab234a8a05a484528a9  DA[2]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  921ab6b88444b364f05d8edf0eddfa0892353a862cd3580f7eda311e4fdc26b6  DA[3]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[4]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[5]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[6]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[7]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[8]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[9]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  1bf29e5e1c541f36dedcd0ddccca0f35d19e94d2655055ee2477439940baaff1  DA[10]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[11]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[12]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[13]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[14]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[15]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[16]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[17]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[18]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[19]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[20]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[21]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[22]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[23]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[24]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[25]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[26]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[27]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[28]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[29]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[30]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[31]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[32]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[2]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[3]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[4]  12b80f326b0408c883cab63cb11eeee1f89f2a919e54d408c56ffd628dfcfa47  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[5]  12b80f326b0408c883cab63cb11eeee1f89f2a919e54d408c56ffd628dfcfa47  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[6]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[7]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[8]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  f9f20d4ad8144b17f53927af4d901092b2047e1c4300620b6b31232703304356  DA[9]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  9fc3a7c512b065f18b520fe93b821717bb8b4c36bd976e8d014f71116073cf50  DA[10]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[11]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  d903cb3ae812efbb595a95b131920efc32fd01b490e723e4ffd75ba3651d8a4d  DA[12]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  90ef02dca67c68afbeb8e2be2e1bd6e400f2a386c3ce8af5573e9f89b7636688  DA[13]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  921ab6b88444b364f05d8edf0eddfa0892353a862cd3580f7eda311e4fdc26b6  DA[14]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  28ed17bcae5db58885547213b5241f8e6599ade3bb7834a54ac2f10d3285c45f  DA[15]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[16]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[17]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  471693bf0ed3f9d07d0353cdfd2f88d5bc6886a2fa6d0f5b46ddcd6b8437935b  DA[18]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[19]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[20]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[21]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[22]  8e42133ed5ee5eec414a8b11c1035385c6141e445ea9677f947d20768f25a877  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[23]  8e42133ed5ee5eec414a8b11c1035385c6141e445ea9677f947d20768f25a877  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[24]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  989b0274ffd50a1990ef3ae5555681625a7815299cd0251522202064160c7748  DA[25]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  2e0b6b8bc8a9356366b7337881c60eb9d1a95fc10a7d27f28dc7ae3bc229cd53  DA[26]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[27]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[28]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[29]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[30]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  eabb20f803862ff398aec4b8079fc14c68aa0bf4c87f098bacd45c4f0d77eb3e  DA[31]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[32]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  54e519ea810e2b8521f6fd5a8670dc65ee00297e616d2361d09b8c8debfdd99f  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  f50b0f830fb98a1405953ce4867e5fa923730d4168e7110d968dae6b603ae5fe  DA[2]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[3]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  685282e64ca23feeee97795ed47520a5c2304b12e9f5dc7065c4d2055cd1a92d  DA[4]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  13ec3c9af5c408e8358600c2bb4be610707ba353670166e99568369e5500cacc  DA[5]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  55db91edd0339d2434c06445f8a716a48ea90925b0ff7ebf45bb79d4b54b80bf  DA[6]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  96b444cf2fa218447a29bc5bf4308e3a5a47203555a460e79056ee6ac4875f9a  DA[7]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[8]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[9]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[10]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[11]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[12]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  DA[13]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  DA[14]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  9c7ade37c9f2f9cc5a79d75260736c3791c7a73fb84be6b7e575ca31a4b99667  DA[15]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  e7b852e949d0db9c3d63c4f49decf9c93781142eac6f6d66c9fc8e0027e904f4  DA[16]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  544a63148756ad0e993dd79f0656e73e23386bf0da54394000044fd0972c838d  DA[17]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  571d43bbb0d0d54a7d508e9d0e70cdf5f1f3b147b4f6b15eb3d893401bb6f40f  DA[18]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[19]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  65ee7016e6235880c4443119bf32cf12d4a9a9ca3810b974b575ad31d380a7fb  DA[20]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  746bdba233c41b3806280de5212daf2e09a77c059629f471178dfbf058134e15  DA[21]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[22]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  9fc3a7c512b065f18b520fe93b821717bb8b4c36bd976e8d014f71116073cf50  DA[23]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[24]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  d903cb3ae812efbb595a95b131920efc32fd01b490e723e4ffd75ba3651d8a4d  DA[25]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[26]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  94e0b8590268bd21b035297f5b0c01a4e8958a1db39a5aa654ea1805bd30cec2  DA[27]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  07924f0966a05a992130d29bbf634214d0dfe4081851ed18b1e334437dd008d0  DA[28]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  e158ad22f1905b41d7975e3725d7a870fb192d7258c4330df06cd4ac02a7cfe4  DA[29]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  90ef02dca67c68afbeb8e2be2e1bd6e400f2a386c3ce8af5573e9f89b7636688  DA[30]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  35159d86706441ed94895b4629411b4445fcb4526afd1f7036ee647931b7a94d  DA[31]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  f380b9a28d56dec902154a0251b58bd3576355ede2cd13cf47d7f4dbe3d61c97  DA[32]  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  d781c5f22bebb5c51b7792ebb4421c170f2cc5fe28e9245e9d6b9d22e33423ab  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[2]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[3]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[4]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[5]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[6]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[7]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[8]  93f3ea0baad54b7abf6558b15818bfd239bbfda395bc909bf9d987c72bc1d1fb  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[9]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[10]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[11]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[12]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[13]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[14]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[15]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[16]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  60f9ab5ed4ed56721eca612033501639bcf294274675fa3919d4c868aa4cf7fb  DA[17]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  2cc3632d39484c959855b8a27dded12a44765d7723ccf150e9f8b70015f1aa2e  DA[18]  72336a7dc97e407381262a98311601515ae39d8003eef6e136114836b382485f  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[19]  72336a7dc97e407381262a98311601515ae39d8003eef6e136114836b382485f  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[20]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[21]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[22]  ee6e5eae00f577d7c3ffb8c0d8ee484552a337ceaa27fcb107174a9879fe7362  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[23]  ee6e5eae00f577d7c3ffb8c0d8ee484552a337ceaa27fcb107174a9879fe7362  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[24]  54712a4fa296ae28cf834f90b77b2eeb69020e3d5b5cf24674bd8daca25195b9  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[25]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[26]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[27]  2b0ef14cc0a7fd853fa821faf3e09c3940f388ad6aef0ab4d6079f49fe93926c  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[28]  2b0ef14cc0a7fd853fa821faf3e09c3940f388ad6aef0ab4d6079f49fe93926c  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[29]  2b0ef14cc0a7fd853fa821faf3e09c3940f388ad6aef0ab4d6079f49fe93926c  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[30]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[31]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[32]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\ad-awarecommand.exe  1254427582  8fa7438a6782dd6f94c6f646f770e804  222a2385ec5d642dea2ec3442568f7a8dd1b77765badf3ecc04572f0b4dcbbea  c75721de36268f09d5c1b74d1d4eb1a9d6b7132426ffa1b43f4d5b4b15eacf1c  Lavasoft AB  FV[2]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\neutralize.dll  1251993602  8f15b98dc5c20924b9d90684219db1ad  06547db2d4314d29516ac9d02ffc753cdb1ca9f3be53def0e02249d0f40f6f9d  0fa36411a20e601280616ad5c4485cef66defc48b80fc9a0e4b4ef5e62a1c420  Lavasoft AB  FV[3]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\toolbox\autostart manager\so.dll  1251994670  40551405367cefc63cd46e60ac0dced3  809012c91958e8d9bbafeae74742d74d1d7e062631417c667d74b8b9a8e0952c  6700734abe7f15800e93a8ec29d9f8da2c33064884c139483e7a70a50f716faa  Lavasoft AB  1.0.0.236  FV[4]  CSIDL_WINDOWS\installer\{2c9ee786-1ddb-4c98-8fa4-b1b9b5a66b77}\gameforwindowslivedash.exe  1258774046  754c210f2d96a42881659465cff398ba  c2816185efeaec2470ac3585f9e4f2388a3e751747507de59cde92947bef6258  0000000000000000000000000000000000000000000000000000000000000000  FV[5]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\toolbox\lt\processwatch.dll  1251993603  69f799152372e52cfb24fb7da31d7dc9  de77dcecaeecd3d848440b2a3afdd8a8d7d8f975eab795414769bee2087ff766  764b0229aa0ee089658432f6b36741b820ad21f124297b78142bd9a63d206ddc  Lavasoft AB  8.0.0.0  FV[6]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\unrar.dll  1251993474  a3922cd380f968b898da4bb414c38900  5b9f49ea0d5199c0f2fc0c76913ef06b82f2031b11c99d1f32b86eafe245f7eb  c9b6193ddaee7fda4f1e05c9f9a9e9e436123d963cab05fe740fb7ff1ee8ec93  3.80.2.166  FV[7]  CSIDL_COMMON_APPDATA\lavasoft\ad-aware\update\lsdelete.exe  1260298004  ecc60d89980c47b7fcc27c798c4f6d02  4120e7bbc7dc5031a1ebe1992f86db0883c97117ee7a7ef72fd5004c0197bf80  51b0ed31f58112f47aec4a154ebbfc6e647bbd6ed2efc32b259e472d57dddb57  Lavasoft AB  FV[8]  CSIDL_COMMON_APPDATA\lavasoft\ad-aware\update\aawapi.dll  1260298002  c7479320b785c2a296ca1cb34778d0b1  017afb2c929195a61cb9e42cb168bcbb09187936228ba9956ea264afc1b3da04  eed7001b22077e2f3944c9d8fbde84a136cc400756c86d7f441c15fda85f196d  Lavasoft AB  1.0.0.1  FV[9]  CSIDL_SYSTEM\bcdprov.dll  1214358319  29d678cbce9bee878971ace41e9eee47  9df2ebe8b6b88374ccb9fe067ae35cd275399f3f4bead1067fd973a2f61ce52f  51df8d2721a0ebf7b6ea0f411b9238c57872553982d738e862b35531d8878ab9  Microsoft Corporation  6.0.6001.18000  FV[10]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aebb.dll  1253717738  0c82754d7ff191e55525f7d2679657ba  3f3d77ccd8f188c3a2de7a8cd300d171bf70e83eff7e7adc4aed816d44ed7299  99a991e17bb670f3da2757f13a738209e36a784594c1f2df204e16d626c9a834  8.1.0.3  FV[11]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\unacev2.dll  1253717738  f9622b84d0050d590ce71fd882a130ee  aeb9621b60e48a1be339d46571d7cc66fc3d2a5142f919d2a157cd1a96b58a02  c64b7fbe94278d95c4f87edf20f10426375d0b71ea00e16d1c24020f0b18c0de  2.6.0.2  FV[12]  CSIDL_WINDOWS\temp\mtrq.tmp\svchost.exe  1260381467  040fbac2ab7518903f42d23626cbf3d4  8ee2d18f4a110dc1d6560f91ffb737c0eb4f5bca2076a814e80cf30ca68cb65d  c86a638d2fd5639c8e78bd80f4030bbbcfd51b74e7cfe96ddeb6d610e245fa84  FV[13]  CSIDL_WINDOWS\temp\pefd.tmp\svchost.exe  0  00000000000000000000000000000000  a208656f2c90533cb201557ef5ddd44356bc56e0021561dc0957b78eb7923a6e  0000000000000000000000000000000000000000000000000000000000000000  FV[14]  CSIDL_SYSTEM\chgusr.exe  1253323407  540630a2007672221972c32346213266  88449ef30f440a6cbfefee41cefe67dc057094e765e226941706ba01b1e93e1c  1abb319ab8a52ee5d62bd983da86dbb96e6f36c25477ab34a7710db60340dfb4  Microsoft Corporation  6.0.6002.18005  FV[15]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aerdl.dll  1253717738  58fce2ff4b120079a780eee973f7b28f  1c2b785b87153cf1068c75d0602e26ee67660d53a53056427a8d1a370a0a8f74  638853e4081cdc1f823918e05699b300371ba3a6942d8ac25ca7a7cd27bb8e72  8.1.1.3  FV[16]  CSIDL_SYSTEM\bthudtask.exe  1253323410  7f5936a3ff5e83272ea1dc8985b2a228  16855012f24dbc2928e2af01ef1ae0fa63af6fcc408e829b5868d8dd11e42188  135c436756ed2d576e344d9624bae6462a9d3fa6a6e818f186b0660435b117dc  Microsoft Corporation  6.0.6002.18005  FV[17]  CSIDL_SYSTEM\chglogon.exe  1253323405  703ad64c0b506520dc7bb8437b5fb9b5  ed2a8e32a90d23f06b26aa8d6b7536f93df635e4343b3297c8ec9476159795b3  50d5a9d00e448315d9490c39408d037211cf8829454b1d2d3ad203a86514b5a8  Microsoft Corporation  6.0.6002.18005  FV[18]  CSIDL_SYSTEM\cbsra.exe  1253323406  701e62ee60dafd5b6951b6999cb01f95  c4f5ecf6a3599460483a0bb69996ad0ab296b9cdbce5b9098805de12f52b9aba  09f49deef227ae3e800f2b20839959a0e57de0f174df9f3c0bebcef7aac3e87d  Microsoft Corporation  6.0.6002.18005  FV[19]  CSIDL_SYSTEM\cipher.exe  1253323417  9e447b628cbf81f006218e7b6127b7e2  a56e066701303cc7405da6e8c791ce9b7ec23f88beb5c57ab6deb9d806131d27  a7baea71cb252d1330551132dc88417a8959e1afe16878857f952a41987bbb32  Microsoft Corporation  6.0.6002.18005  FV[20]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aeemu.dll  1253717738  27e0e37042832350b6078043456e5ef7  5320657a2bdae9d95f092f252a3df54566414f03e4e804b18d8242dfdf48c89d  d929c9685b7ef0b8d20b211e10aea1cb661c15860e8f4c9644ef7c0a6f31c995  8.1.0.9  FV[21]  CSIDL_SYSTEM\arp.exe  1252536040  7015022e8158e382a6ac73912b456eca  392530c0e7c94981528d4a1938e0b0bbe143cf69c3e16acdd5f921bbc9e94be4  36cc24023f4968c1f017d0279e3359f33b62955141ec0d4b74247b910a0ce4e4  Microsoft Corporation  6.0.6002.18091  FV[22]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\shellext.dll  1253737149  9308aa1066678b118a6aa974d8e26141  4224478631db91de0dbe227f62ee4301013f6388dfd717002c62fb9af73f4e96  06defea7c5d589fa25ee9d8cd43e4763533203c3c7b18df5bed248b82527f1c5  Lavasoft AB  1.0.0.1  FV[23]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aeoffice.dll  1253717738  d299acd5c3641f8191703e138d7f2e85  034f3ab857c5830d0e157f9055d45d7b96640cdce59ffffc1893de7ea929aaed  a0a7979943241efa0d8169738efb406ffc8b2b15f4963d53007a904114ce77f5  8.1.0.38  FV[24]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\savapi3.dll  1253717738  0979d770e6dcb16b368dabadba7370f1  297dac689a791849e7d682e887bb5324106801275562131ee384829053e3bdec  9ac45f0bd1e607be3cc789f38535327c85f7c4d860beb1c2e7e7efec6c8488cb  1.0.45.0  FV[25]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aescn.dll  1253717738  4f61517459f101a01ce5c85912a8b197  6ca5a225a4158a29c63ed471d09fa1f01a6973ce3bfce1ec847868809f720bdf  cfb1af9a9d5fc36fecb9209db96afad99c73c37402d226b65f253a287734c8b6  8.1.2.3  FV[26]  CSIDL_SYSTEM\appsetup.exe  1231278802  1dc1d17a88da86d8cf5f96db5b3b1afb  a5758ca3c4bc68b80657945a4eb67e3d29a135845112da5f43d92fbb3f58dcd7  181e73882bb425483b0dba5a1468d53ef4fa7879003476cb28c7bdbbb66eef48  Microsoft Corporation  1.0.19.2  FV[27]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aehelp.dll  1253717738  3c8e2d694d8c9e27e0fc846cc44b8ab8  bc92ac3e317cbf9b0b0c66a6e58a8562271df436dcea8f14bf10399efee86efd  01eda58d562fdd2bc005040c22ad7c046c7b8dc7632b698a06a8976b19250cf8  8.1.3.6  FV[28]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aescript.dll  1253717738  4f58070eb3d4f3a9df246d57ce4ccf7e  65514a814c9d436928e2bb7810c324caa8d035fcac8f5b25ad2296fb93ad10e2  81602325dc9c4956b432052c113d92bd14277dddc8b9f6bc0b8ea831dfc9078c  8.1.2.9  FV[29]  CSIDL_SYSTEM\certreq.exe  1253323425  56c182f55bf68556c974e9ad32bf56bf  8251a1630cd0d6ccf9001e351ff4b44d68abdbe3e63014d5f8c71e8989e1ac44  a879bc2c64545526c36c20051a2788cc446732adb35a66c9981d6dab6a51a5a0  Microsoft Corporation  6.0.6002.18005  FV[30]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aepack.dll  1253717738  cfdb9a80cd9fe13086425d21754b7dcd  d1d35f435a145f45d7240af3f34d7a2a9850f962369263746c455b509d41dd1c  796822166311820f75ad74464331ea0e951973bd627dd92382e528560e12ee70  8.1.3.18  FV[31]  CSIDL_SYSTEM\cmmon32.exe  1253323424  86497c6a9825b6252804d5c4e189aa67  5c26bcb2cecacb924c8a5453b4f1b6552772c3ca99fda7234b5e87096c305467  b11d797925abc0267b2a4edc529b412a0d900e395ea541deeef5520f64d92e45  Microsoft Corporation  7.2.6002.18005  FV[32]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aegen.dll  1253717738  d8a654f7bf9e0d6651919b8bd8f13a1d  73e768816993f8b3cf0f80fab234086b131ed97444555af96290bc52206a68e9  ba23ac2bb639c94b340ecaf2050c21b04e81ef7ead54cf244af87d540be082cb  8.1.1.46  Threat Count:0  DLL Association Count:32  DA[1]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[2]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[3]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[4]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[5]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[6]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[7]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[8]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[9]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[10]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[11]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[12]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[13]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[14]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[15]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[16]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[17]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[18]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[19]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[20]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[21]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[22]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[23]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[24]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[25]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[26]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[27]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[28]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[29]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[30]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[31]  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[32]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:21  FV[1]  CSIDL_SYSTEM\brcoinst.dll  1162485394  48444a83492f6f93aa8239170bc6807b  e9828532b7f8a985ba085f99c30d4cc1150d309200b7b4d627d1eb1afa611278  3a721a94cca361307e4e2c75c9ab85f8368f4b88dbe4d52ae43fa63888b8c14c  Microsoft Corporation  1.0.0.20  FV[2]  CSIDL_SYSTEM\autoconv.exe  1253323443  15b7bda10b91fe62466f2a18682c16e8  6f659009541242d8957f557d7d534daf474e5a52b30537d843a56904547747fa  df1a71a1b44af367e64c34693d8cea82f016c16fcfcd8d454fc1e00b1253d7dd  Microsoft Corporation  6.0.6002.18005  FV[3]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aecore.dll  1253717738  31efc5ab6224fc5f7be336b0d04c7067  f492b8e22bf52e20afe59f3d0dddd428f39a7b305fff4c1cf96016c5985d0c2c  79b4035ab2b2369430f6e0fe4d535ed05f75049a80cedd00eb6c6440c7cbf183  8.1.6.12  FV[4]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aevdf.dll  1253717738  c26a9c0f152055ee99c2f6f39ea77397  80eed249f7c8bf7dee0cebb47c08427fcdd443bc41c3c4a2e958b493104f3762  1dc2a6346e1cb342b239d68cb0332b664b472a257183bbc9bdb726089c2b4d8d  8.1.1.1  FV[5]  CSIDL_SYSTEM\change.exe  1253323404  9474fefbe39a05591e36cded2ffaf73a  5318e9958635e2bee6318aa04b8e1507201305a3eb8dbd5e6418da9d2cb3c9bd  b2f8e1c6bb9704c9ee9e9967e17b18e8fbcf485c1c0c54b0ae15be8d83358ba7  Microsoft Corporation  6.0.6002.18005  FV[6]  CSIDL_SYSTEM\agcpanelfrench.dll  1223424800  98851babe0add4e79b86433151dd2af1  3b906a844cdf02a2ec61385b0d3dcfbebd9ceeee77d0fbf441ef958b302d28a4  687fc18459d9eb203df4711580e16df34bf7af80718000b4a98dd1adea2f0c5d  NVIDIA Corporation  8.9.25.0  FV[7]  CSIDL_SYSTEM\certutil.exe  1253323454  4533f3b0e9ad11a1c02b191f5d873de2  3d5de4a1dc17e8f70676bf187d9df932e22dbeba03192996537675e955bb3fa8  de54e701b754634edd32578e9d4ee2b1e4b010715f7f7f60db18295ae7cb43e3  Microsoft Corporation  6.0.6002.18005  FV[8]  CSIDL_SYSTEM\chgport.exe  1253323407  f4f93abef5494d973c24d0e801dde2a7  a0d7b4087558d4dbc6c3b1c52f30a0780e76262fd998922ee72b1141554f5f54  e97246a63b556a30e3cae53fa3aca3d2a9899b984c6bfbeb4850dc199a1497c8  Microsoft Corporation  6.0.6002.18005  FV[9]  CSIDL_SYSTEM\csrstub.exe  1253323406  5a736a107416e9b55d5b5f77b06921b4  89f6181798fde0466b50142b73d51de4715d2485a8501a8f0cd23ecaefd49186  86a0aadce2b7a5a7c1b453558910c7dae793a1412a09c1ed48cf80e23e1a5857  Microsoft Corporation  6.0.6002.18005  FV[10]  CSIDL_COMMON_APPDATA\lavasoft\ad-aware\update\savapibridge.dll  1260298000  8e47905c90bead8745b609b8f60d3f21  1e54c5e4f855007d6cf9d489ec2434120c68d58db675c791e67d3e3437f28417  a26251b183846a13bdfdbc480239343591f1feefc896f4acc1e61946fad77e9a  Lavasoft AB  FV[11]  CSIDL_SYSTEM\autofmt.exe  1253323448  34da5ae04ca114b23d93cd9d4d05fcb7  2c5da462c6fd16ad143ba56d4a507cd55e48acc028acc405a75748f175bc321c  9aa905a2ae5ca63cd3a33d9fd843271620d32ea28e9c4a455827932c14e02db3  Microsoft Corporation  6.0.6002.18005  FV[12]  CSIDL_SYSTEM\comcat.dll  1162482620  e2f8e6a62013071b07aa8c5bbcf22a4e  911762e082c7ea8c47c1d7876883ca4c125a06d0a0f227ea5b171fd76520ecae  29a069579be3df7308cd161b41a5be9aaa47552ab0df0e07abde81fa0a059a3d  Microsoft Corporation  6.0.6000.16386  FV[13]  CSIDL_WINDOWS\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll  1255916532  361a47591fd31ec99a9794b6541360a6  33aaad746f1873a862cdb8c4ae6002bf3503144681422ee2b5d3742e437d751e  740e124d9120dcaeb5b44f8f2ffe309733dd46999efbbcd4b9b5bfeee9891b7c  Microsoft Corporation  9.0.30729.1  FV[14]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe  1207709955  679a884205884520d1983c9efa2d5884  e2535551631bc9f3a00acff567c4c4d11613aef3b20f85928886b6be4907a819  4eff36dcce2e453285aef772bb01b52052267ea342677070d8ff3e00431134ec  Microsoft Corporation  6.0.6000.16615  FV[15]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-dskquota_31bf3856ad364e35_6.0.6000.16386_none_7bdcb002b7721be4\dskquota.dll  1162482497  584c0656de7f5649d5ae9434ea270621  61daf6376ba4dde96d072fa8cc75b5e69ee219d9c53d4f4e72ff41bd4b4f7169  bb02023dc58352cc395c6afceb8b957ab689ecf13e7b2d3b42ac40199ccbf464  Microsoft Corporation  6.0.6000.16386  FV[16]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-dskquoui_31bf3856ad364e35_6.0.6000.16386_none_7bf7b7d0b769fff3\dskquoui.dll  1162482497  3413f0d9d410ec365854a44739514a6c  dd20c0854aaabdf873bc95b1e420fd60321d137c58a9a4745bce72e6304070e9  8c85c48efa5ea42553b8cd7af4675a425eb400beaf9575db21cb1cb573608311  Microsoft Corporation  6.0.6000.16386  FV[17]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll  1207709955  eecba1dd142bf8693c476be8f32fe253  93241bd6f4e2d6f27bd5ed2f38c26aed7a666161f64c28a44e6608c7d1df0d40  c6602b7098bf8cf4e3b0773b340ced9910cf7b45367d3ce06bb5d6f34ca77b67  Microsoft Corporation  6.0.6000.16615  FV[18]  CSIDL_SYSTEM\wmspdmod.dll  1255645422  62748e921160c680c13ad8953c2cb015  98a245908e2bcab4e52c20952dd75d5200261108711af6629c6b77b18eb78f40  2963b5a01d2b0c183d98d31c032a1289afc28d7d8bfece9627fcd8afa07e1f0c  Microsoft Corporation  11.0.6002.18034  FV[19]  CSIDL_WINDOWS\installer\{c1e693a4-b1d5-4dcd-b68d-2087835b7184}\arpproducticon.exe  1216791784  ce8df9500591eadef8cbeb40a0589c52  57944d14d13ed7671d8cf8cd038686f5213d1ef1b7cb67c9d9bd706bc19004ae  0000000000000000000000000000000000000000000000000000000000000000  FV[20]  CSIDL_COMMON_APPDATA\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091209.020\cceraser.dll  1260378000  00000000000000000000000000000000  addcc9cb93d7f9bd1129a0f7085c818f05c12b4ac2731276f8e690595e343bc8  0000000000000000000000000000000000000000000000000000000000000000  FV[21]  CSIDL_PROGRAM_FILES\kalypso\tropico 3\uninst.exe  1256538984  973a6f551a1466e00001c58188e604ac  d0009867db6beabce771b794ea57fd3954c0ce5a2d27c6adbda81cb78c59e018  719f7b4e07c31b7e53f95cb2d58139bb099cb18b954d60d4d439117c2827a56f  Threat Count:0  DLL Association Count:32  DA[1]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[2]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  f66a772d2b2c7b8b91efb5b7e32fac63bbd17b5e835dd0566c943bdad1057786  DA[3]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[4]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[5]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[6]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[7]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[8]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[9]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[10]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[11]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[12]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[13]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[14]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[15]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[16]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[17]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[18]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[19]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[20]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[21]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[22]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[23]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[24]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[25]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[26]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[27]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[28]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[29]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[30]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[31]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[32]  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys  1236773006  6730b1581bbe610596c322465229d8a2  2b6be265dafc521a0bdec345e4eea575324fcf7b273dad11b8f1cd6776a88fff  c6610599bd3db8596669ae7a246494411fb3b8d95f8a269f98277dfc565ae08d  Microsoft Corporation  6.0.6000.21006  FV[2]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys  1206508635  2620822a21b76375f5fd6e0986407cd1  64b5681dd47e6672859736fc71f15d346c876b57a6f7b579b6453efff1fc095c  6f30c66a938ccc52113c09871742c7d2d1763bec57dc148650e572b0ce62ee89  Microsoft Corporation  6.0.6000.16586  FV[3]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys  1224034415  9304dd0014438c06261994960e24418a  69c2919fe70ed93fbf18e511cbced0ad0573aa3bc90e5aebc6b3fde44f38fc8a  a098c9d6ad77add9cb134057335e6a15cb3ab887b7d695d7d1b5d5d37f5c6f88  Microsoft Corporation  6.0.6001.18145  FV[4]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys  1206508635  b5be45b1f554df9e1976cbc855365e60  3fbbe97d734b6cbd3b9b8c06d30996dc436601270ab28e26e52318fc8dd2a206  59e0bcff51917ca35eb8de895e3e8a29e44c82921d0c60139fcdc82622965bb9  Microsoft Corporation  6.0.6000.20709  FV[5]  CSIDL_WINDOWS\winsxs\x86_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_643d7826859e582b\adpahci.sys  1214358362  60505e0041f7751bdbb80f88bf45c2ce  1de16042b8abd7b643189e836de273832ee743fd66afbb641e8049c4e0cd04d8  4c129683927f4cc444eb71766cf98a7185b6c1ae95858d6c47d08ed81bd8cdaa  Microsoft Corporation  1.6.6.1  FV[6]  CSIDL_WINDOWS\winsxs\msil_microsoft.managementconsole.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_63e68f7b354844bd\microsoft.managementconsole.resources.dll  1206511985  f8525c0a20c6069901a3aa83d733e2cc  4de3b42241f96ca64e135d717bb1f6789806f306dbc8556afd4bf846a6566ebb  eda8a25d71de37cc34109229971a4f6a2ce51abcb2e6381960724ea5626083f6  Microsoft Corporation  6.0.6000.16386  FV[7]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_6.0.6001.18000_none_8b9de10971458622\lpdsvc.dll  1214358303  fee78621beca00b537cd70a6afaae112  8dcfa57fe2aa52d87f6d7b35f9f19856c2823e10e3eb68f1d1cfb9ffe95afc0d  544614dda6538c77d1ffe5f48e6f8b5ae5f8c6f481fb7b148a7264006544625e  Microsoft Corporation  6.0.6001.18000  FV[8]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys  1224034415  541df3f03a378bdd96a917a4cb8c71a2  c96e2090ce368d2c1b714663488b411e01412fef97bdf115127646805852a5c1  99bdf64c0f84013332e324806c321eb445c100622c10421daa4cd59ff3721366  Microsoft Corporation  6.0.6000.20922  FV[9]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys  1207709960  0fb1e39ee209b26b70a8c1e1a56d38df  7a243f67384599347bbabac6cbf244688834214e7b7534117e64fac2d066a1c9  616f380124b2db8efa39275ed71d6fc2df22a8b7836e12a9493479decc3ac69a  Microsoft Corporation  6.0.6000.20782  FV[10]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys  1257915802  f140b984628da0171ac67548a0515572  0229e83b4036220c3e37ed7b782f664e910df60d953579fc4c8c32ff3f1fb7ea  53f9d2c747135b412870a4414845be93cbb7a986be6bdd35bccb8ff72857c936  Microsoft Corporation  6.0.6000.21108  FV[11]  CSIDL_WINDOWS\winsxs\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6000.16386_none_3c2c982317640f30\microsoft.managementconsole.dll  1162476784  2fc0cc8e34db583ff312c6ea3df1bc33  2a77ca771e1fbbdc93e2f108b36f78e2f0dc1dd9268764d77c142f0d71d6b85b  76431da0accc6056e1cf7915736f38b53a4cc5fe9a3d9ac92d66b2351f2dd5b7  Microsoft Corporation  6.0.6000.16386  FV[12]  CSIDL_WINDOWS\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_7faedbc42b569fe5\mmcfxcommon.resources.dll  1206510864  a1502b6d4212543cb81d2135e83a5cce  d06e365673f8237db13bd6c6493a92caf0d5b69f67b0de1d75ca7df0725ef38d  e77fe1926c8fee545eba83738e97a4aa56ffd3b2a01393b9a98f6398d7123b05  Microsoft Corporation  6.0.6000.16386  FV[13]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\chgusr.exe  1162496069  a82e9f1416e5473d7d48b73b5c24ec41  d95063572ad7873c179b585b486f3da803d474f19c50ebfa9482d75dae719fde  e4cff05e4597ff30b59a36c604e9063e8ab55d3b4f858327790b24f2d8112c3e  Microsoft Corporation  6.0.6000.16386  FV[14]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys  1207709960  8f2da4ddc21250aba9206352a1080299  22effc8c584efb847e279b90ab76a00b2e0adf95f89ea92e4e61bfd97969543d  8ef262ce5f08f39884294be4a08b4f7c871ec6978facdcc62f0f9fc81e1957f4  Microsoft Corporation  6.0.6001.18027  FV[15]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\tskill.exe  1162496069  61b8d623b1c5efdc75eae7e32b435cba  bbdb734f0ef756a61ccb492eae2cad13f967309bbcdf8610b7fb8bcb6f9fa728  75bc32171f6f038e559aea38d17eeddcaef1c9aa64abfdd6e5edbaba4a9ca21e  Microsoft Corporation  6.0.6000.16386  FV[16]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\reset.exe  1162496069  c5d2fa487d634f73d0141eef5e41785f  681a66bae28f9cdd27c3e03b71b8281600f65f173b9b4a65690422bf1fe72818  b5885b55016c54f47c4fe644cefeeca818370cfde54dd2f1b833e43127b66f0c  Microsoft Corporation  6.0.6000.16386  FV[17]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys  1244602674  633b5887dc689eb3ecf2f0994f506f40  ba6fa174933130dcd972daf9d9d1bc247c9822297cfdce9810a8a8ebec170df0  8bb0790f764b5ddcd5b480ecb0cb70458b6932b0096ce5e239df91c53fc3711f  Microsoft Corporation  6.0.6000.21044  FV[18]  CSIDL_SYSTEM\msdtcprx.dll  1253323454  ef9e3316f1106998d1904c3578c63c32  6717f6821e8e3aa714b56bce640a85a5a3c7a2a0cd42287e5e2e5bf6a2ebda7f  e1993f94be233ce10ed88696c96fb9e667eb81ad2c5fd29e5deb81c410637c58  Microsoft Corporation  2001.12.6932.18005  FV[19]  CSIDL_SYSTEM\fdco1.dll  1205263762  116c6f6f55bb5c7875620595f23e76d9  ea2267234ef71b4608adcbe53c1daa6c29a903e7daf1ba823b7fdbed78039fb5  ddf311771f5b6d71e0af59f05119cdcdcf7c9a6942b814b654f838365e05545f  Microsoft Corporation  1.0.0.6772  FV[20]  CSIDL_SYSTEM\ff_vfw.dll  1213353398  eeef0caa3a2a0445fef9eda41798354c  e940e603f0769d3335d03e99e72e1417ae9cc88fcbb889689bf3687d8756d61e  e6aa5811deb0786065179c1a536910fa5599be75ae4f0a3923bd9cb0f9a4116e  FV[21]  CSIDL_SYSTEM\kbdfc.dll  1162481871  1325271bd5b44b1eec511c5933d27e27  3abd2a9d9f094fdc7c6d513ff9a40b2d8836cfe8602820919a40b77d6b42a71e  d8acd7e1930164baf1dda932fc2251e958f8db0dbbeb077b491d4207a270d2dc  Microsoft Corporation  6.0.6000.16386  FV[22]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\drivers\32\difxapi.dll  1253735723  fd9e709d6107f039a9533de5fe316e73  752ab13ba2423e1acd077bd3b5fed53bd88a73334572ebf76ea37989ffafba00  0a11fc09adc32b158da320b70b737f18d79c84d55a94022162d987b3d57013b4  Microsoft Corporation  2.1.1.0  FV[23]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\drivers\64\aawdrivertool.exe  1251993604  1ad052c6f21d226b10e01000f6072eb1  12fe1783f3bbb30143a0d5eb051492deb21440493b1a8de6ad147913a3e6b1d8  2143e42ebb6462f5547290225ef1f1f35645fba3464f3ab61bedc2af869be9df  FV[24]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\drivers\64\difxapi.dll  1253735723  585d2eb9fbed6b7b9d0107bfb5c94043  9a3f178b3f4ccbb425400b85387876822bda18ab69c230513b6391e8d9f93433  1e9d3f3fcbb719167776b8b07b04d18e3f3a0b494834111ce645f94a86317d33  Microsoft Corporation  2.1.1.0  FV[25]  CSIDL_SYSTEM\ippcva611.dll  1216791974  00885c55dde4066a6248c26e24c6a78a  3b13875138d089ff54a506bbc65e45d468c00ea7b7e7fca9b6b56af95a9ddb17  70418569f0bda7d1b553a78bb8ad449299a1032eea73058238e111cbead3f4fe  1.1.4.21  FV[26]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\updatemanager.dll  1254427580  105eb46e0f0f7331242caf260a72c0cc  b80028ec47fc9eddd23f6e5a23891f210e5ec9f5144dcd7b64cd17a4eab76a5c  5d9e42d665ea2e24348b39ab75da2fde56f44fbc2c6c60fdad80cd2226932f9a  Lavasoft AB  FV[27]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\toolbox\lt\hostfileeditor.exe  1251994674  2f7e916024a2e774037b851d18ef8e10  72f33358f6b879bd98f7ea9e174a7cfec9e6c2b65efcba64bcf0cc836bf9b022  281280686b771c50cc7370491229177851e153b1b777e250103af1fe8aa45f2c  Lavasoft AB  8.1.0.0  FV[28]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\toolbox\autostart manager\autostart manager.exe  1253737154  10100b9927b7df47afc1bce3ed57e92c  7a02f95ee3fc95c71ef084dd64d2a95cedd47ae0b8a9f39b63a93a9a04c74a1d  76b99f3e528c9da543323db369b47e33a86aaafa25887ec470712e2661a106ee  Lavasoft AB  1.0.0.236  FV[29]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\toolbox\lt\processwatch.exe  1251994675  4bc7572fd77f4d0d3c0339040fa1b490  47f4796d001b3dad9415f47887d609f06a7bf9ed7e8a72af3b908c7988f466cb  b63d33948ae6553f19fdcc3800a62299ddce2e303606b30991fc2d6fea5ed55f  Lavasoft AB  8.1.0.0  FV[30]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\download guard for internet explorer.exe  1254428118  3b4173353d76e736c3ce064756ac4c64  71fdb0c79d6d89749ab490f80ef483b460bd2abfae0e8ef9eb9b4e2f73d0a1fc  6062c74f82b8fdaef57f52035e019cdd605516882a67d8917cdbb78728648509  Lavasoft AB  1.0.0.0  FV[31]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\drivers\64\lbd.sys  1253735723  a352cdb69af6e18d60c0001d540d8478  fc7307b565b146c5db9a7d8b25086ab609b195644fb45225dc18d953fc46804e  54e5e76fb3cebe20ab8584876d1528f79eace411bd315c8c0c042a39288bbccd  1.0.0.1  FV[32]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aeheur.dll  1253717738  4e3d69fad14a475793652477737a1a6e  64b93aa5f451422675051b36570601081f02a1331e15d5e936e9a698c7a46d77  853291a2bfa2165ff874672125002b1acce3fb9e52f70bfdb79351a44ed8b39f  8.1.0.133  Threat Count:0  DLL Association Count:32  DA[1]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[2]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[3]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[4]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[5]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[6]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[7]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[8]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[9]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[10]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[11]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[12]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[13]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[14]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[15]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[16]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[17]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[18]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[19]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[20]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[21]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[22]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[23]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[24]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[25]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[26]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[27]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[28]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[29]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[30]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[31]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[32]  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\rpapi.dll  1260298008  c41f9afdd302a69105efa3e6d0e3a430  525cbc65f3c61759a2acf95cf9be870e537cff010045ae0a905c10434d60a92c  5b3f62e8b17c0eed635e8b0bdf640151b645409085bb2dd0d067af366919e801  Lavasoft AB  FV[2]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\ceapi.dll  1260298006  7ff0729d3db9f2232edf3a24eb287a89  f64c6d3fc60c75d6aeb000c905705f8ff240f1b7b0710e9782182f45a81ff0a1  b3602be5fa47e509ff5eeaeed9198ef72b4a3148dd0cac260e53b476ddbdb8e1  Lavasoft AB  8.0.3.4  FV[3]  CSIDL_SYSTEM\fltlib.dll  1162481457  a9542ff2e9a82cf100e5729ec79068f0  de0e39246536bd63cc5dff8ce9e379121126573ab284bad3782e5b217239f858  0923445e5170c8c5c590059fdcdca802587efb6920a84241c3cff7950ecb3368  Microsoft Corporation  6.0.6000.16386  FV[4]  CSIDL_PERSONAL\tomi_riseofthepirategod_setup.exe  1260355763  7227c823098e6df79310aa4c33487a4e  dff2ae94cf4cceaa5bc6c88fbb087525f72044bfe160f309777bfcee63d28787  82763aea8a88621560305e881fafc600710b8f5f81db30bb795b50c7ff082d89  Telltale, Inc.  2009.12.8.1623  FV[5]  CSIDL_PROGRAM_FILES\telltale games\tales of monkey island\rise of the pirate god\monkeyisland105.exe  1260356058  b96934904ce0806a3bff45e20a5420ce  d24e2a61b8cf69981000730c7b13e988311ee7a03acc468b1cc3ddc4fe26b9e7  f25df5069281957babc7ea633a70d9d2e20365bbe0879ceea271b40520cf0776  Telltale, Inc.  2009.12.3.38274  FV[6]  CSIDL_SYSTEM\macromed\flash\flash10d.ocx  1256725872  c5aa69ed6ce6f2962a79f03039a87084  4b5de0bfa40cb5873f4e6fabf46abdc73eba3119db326b8146bbd6d2d92a1981  e5bbc1ff1a82294328e0367c2541f7f478b95c2f6d29bd36e30fd40ad02524da  Adobe Systems Incorporated  10.0.42.34  FV[7]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\lavamessage.dll  1254427579  ab460fbdd86febe246621a990dad13bf  cad373db7d8cc20df66d54ea42e98cffe0a6f4a912a2b3cb9c6189ca86ac8066  4ad85e73d191da9700b6956c847af7b1a69b068752567564cd0d7a1a1da214b1  Lavasoft AB  8.0.0.0  FV[8]  CSIDL_SYSTEM\drivers\lbd.sys  1260298027  713cd5267abfb86fe90a72e384e82a38  f277be86859b52cde7f1aaa374f7696a5bab4c2f0e5547261fa9c7f11c088941  cae839f2898bd658f0d9f61099e23a8bd05a2b8f467c58a4ede3ece83032d0d3  Lavasoft AB  1.0.0.1  FV[9]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.0.6001.18000_none_eb3192157f01467f\tscfgwmi.dll  1214358390  6f196bfdf1a596969db803a26bea550d  c564fa61d7d205dbcc1bf0122830f6f840791edd66ead9a658be4bbe3a70a470  04f1fbcecce71508c41392561ab52b1c87a94662cea352f11b55b70ba1f088cc  Microsoft Corporation  6.0.6001.18000  FV[10]  CSIDL_WINDOWS\winsxs\x86_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_01f13017b123de45\adp94xx.sys  1214358356  04f0fcac69c7c71a3ac4eb97fafc8303  fbbdd38574a1f66a5aa12b82e34fde60b870180c4b7100c15757539dc869ed4b  7fcf60f5abf5ce8549963f5e99bb8acea2a305b641963ac385c25929d8378a9a  Microsoft Corporation  1.6.6.3  FV[11]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys  1214358402  664fcb81b53ecc5a1acb325d50eb11c0  4659e83d55ded7b42213c91759adb59547a835f64b5926290a5e9249b75125a2  a0d6ace6b169ac25737af1091b90e14a92806dfd9a8dab218847aa5a0eed396e  Microsoft Corporation  6.0.6001.18000  FV[12]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\chgport.exe  1162496069  688e100f64c3ad3c6a7a3ab93dc7de0c  29f068ab5301ff05fd8a58c8a7d02395a771ea871f93009370da597f8121c9bc  1559b2175a3ca3c6a4bbe735cd6b491b503453981c67201bb49b2319bea0dc89  Microsoft Corporation  6.0.6000.16386  FV[13]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys  1162481505  3f379380a4a2637f559444e338cf1b51  84be42f5e4df2fa1186f01ed500aeb86bc5db990479a9cf915c4a36611130ca9  ff075d80ab977b882896ad08e69234a1a443511c601db3048f20751d62b8576f  Microsoft Corporation  6.0.6000.16386  FV[14]  CSIDL_WINDOWS\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16386_none_4e5d35aa98f56231\microsoft.mediacenter.shell.dll  1162496061  73964ea596dfbb701276648c791e2c86  d18feed823d5f5edb7a638ff039b8f785ca99a2f7236e62b5150774d6274675b  ea98454377e7e2f24cc226b91a13478f01131504a31f9d14f9403a90bfebbb0d  Microsoft Corporation  6.0.6000.16386  FV[15]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\qappsrv.exe  1162496069  69d22b8ff0101902008f4dfbffe6f2e7  740ec3658047e08425c93517ee4b028cf91119a9643a67d63b8a88f12ac21b2d  ffbaa3f92e64a297d969a9dbe6fde71b4f6d62da927641458367d93c9490d01f  Microsoft Corporation  6.0.6000.16386  FV[16]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\chglogon.exe  1162496069  74947102e25659f3eae5712f58fa5a64  fd0a1f64affec699716bcb3af7481118ac56bddc43cb43c6f281ab2497a47ebb  3b551896d5f5a501c436953b90d899e58b18fa235b585a158d6ca2513d3c5beb  Microsoft Corporation  6.0.6000.16386  FV[17]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\shadow.exe  1162496069  7bf814b8c096588cbb1b2680c91b3804  60b953ecf7b27966edc27eb35a9e6ed2a09e5572d2ed55c2750ea481a43b5fca  75d2a9bf4aeb12097b2b9c2410a6fcaa93319a26bd98dfec71a68037c01472a7  Microsoft Corporation  6.0.6000.16386  FV[18]  CSIDL_WINDOWS\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_b4613b5152a35707\mmcfxcommon.resources.dll  1206511992  d90bb9a8ffa9ddf9ddbe296a78d941ea  e41b5be9750348397ac04d8d369d588f12fa569551f5d66a5bf45b7626d062a7  6c74f001a3c64ea31efc6fc52788f44253c7eaaf08243924e2adb71481da47df  Microsoft Corporation  6.0.6000.16386  FV[19]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys  1206508656  f08824715ca6076f5e73e005ab83b9c8  36813bcddcdd1919a9186210ff0cd725619e736b1418da7cc4518b402c338c17  8fcf07401f960ca3eecee21df8712d9217fd1629d851de1790dcd45f5cee9cd7  Microsoft Corporation  6.0.6000.20740  FV[20]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\logoff.exe  1162496069  999a9bfd055de5229eb9b8e04549780b  c9ff88fd3a1e20a22aea2ae17b381dc58b7f6f168ad3d6bea4cca8d98c1a99ac  29f4cab6b78833aa2ef5564d500de856a72cbf7a322da1a332823a1f79db9341  Microsoft Corporation  6.0.6000.16386  FV[21]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\tscon.exe  1162496069  b4988e555b84ed0508abb065d12e4188  2aa91767e291624d203ebd4620223de78186ac9b32d915b82ca55c6de508bf0a  74d0e6ac825c0470b79db3ce924042205cb542402f7f3f55a11e7aabdd8f44d4  Microsoft Corporation  6.0.6000.16386  FV[22]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_6.0.6000.16386_none_e8fad019821635ab\tscfgwmi.dll  1162496069  0028d676238e1de8fedf2bf89cf3c8a2  b675563eb6f743d580d373de13508ff57442ee57123fbbe9351fe5f8689ac2d0  b81ab8a474eeb5c682e3f75a66ae87447907ee3ad078bb72f909f4c3a4efbf89  Microsoft Corporation  6.0.6000.16386  FV[23]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\change.exe  1162496069  3264f959c724fa7f3dcf773e08d5b6ea  02c17975a7a9b36017bacf3da6ff833a7caac4c803aa604b02e69f30d82b98b4  6f67523d660573dd6757aa04ff976bfefb4b7850b72f037af0fe45b62c65ee05  Microsoft Corporation  6.0.6000.16386  FV[24]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys  1257915802  18406ce410c1a4394fe1a8246d10567f  7996e7cf27ff662d01204443ad5c571a11bef6151509d871d8336980dd696bba  7d5d2f635385d336721d6d0ca0126fb78f55593135a0aaae55734699fa303514  Microsoft Corporation  6.0.6001.18311  FV[25]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\rwinsta.exe  1162496069  67c4df3af620be16bde8c16f8b6d85b4  a66af400c93224828b7aa32019d69c29e1cc484541dcba3bb541e5a2da84a376  8fce7de86a4746c058a0210362cef639941e5c93739e2627f918cd22c4fabba3  Microsoft Corporation  6.0.6000.16386  FV[26]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\tsdiscon.exe  1162496069  9bdb9a909a25b0b660bcf32d15210d3b  3eec3116d785d129ac83dccb68d8795dc95d1f241e3165e069ea05c7f312faad  f8860c20963cdb676fadee5b9ec72df118887f203fe5ae46014842789455eee2  Microsoft Corporation  6.0.6000.16386  FV[27]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\qprocess.exe  1162496069  3c607ad90850f449f178e73f1ae54b63  148730cd44058fb0e6947e90f42b00fae7cf52edc25d8ab338a27bb33e453a82  13a8e8a12269e6b22c3f99944d095b93748ff0e82aa1cc8808d53302e9afa5cb  Microsoft Corporation  6.0.6000.16386  FV[28]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys  1206508656  37430aa7a66d7a63407adc2c0d05e9f6  ec9b117c42f2905251a6d29c1c5df883ffeb60cff3497c07c306500f107e2565  eeb03377a6c8b606bfd03b578cf1a7fbdd9a5994e82ddec1413cc15b32ea59ed  Microsoft Corporation  6.0.6000.16615  FV[29]  CSIDL_WINDOWS\winsxs\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6001.18000_none_3e635a1f144f2004\microsoft.managementconsole.dll  1214358293  6d25a96f3fde2ca3f820729ad7973207  ca2ef4cd44a72e4c78c7bcdae0f6274e09c83c1ce20d32342ec089c26a8e8561  f622027ba525b0f1aaf0b9515f11907270b58216283857d433c4249b754aec9f  Microsoft Corporation  6.0.6001.18000  FV[30]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-ntfstransactionapi_31bf3856ad364e35_6.0.6000.16386_none_d6a22613c44f94f1\txfw32.dll  1162481451  69bce9d6014d1944c630d3d1a12d7042  a4e34dac1cf87abfd8918726a161bb41f5a425128c07555222656409232b8ef8  65541430f9b653de9b82efd1d0e28eb8c1d59c799cb8359063ac7d772f3cc53d  Microsoft Corporation  6.0.6000.16386  FV[31]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-p..ing-lpdprintservice_31bf3856ad364e35_6.0.6000.16386_none_89671f0d745a754e\lpdsvc.dll  1162496069  8bd87a05cbce83a0364ab9683aad23c3  6c0a0264435b0e8ff76941f67c8181a6d445e6c7cdc605e8f9e40696e62e762e  d9677d0cf73a0d433a904075e36589a1fedd293f834d48913355b1f1fb43d346  Microsoft Corporation  6.0.6000.16386  FV[32]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.0.6000.16386_none_e2799769fc192b6d\query.exe  1162496069  45a829e2d98ff5a55961ec316195e2ea  873f0ced58d16cd2305a64e318e09e86b938306c7ec2476f8e694e7c3f478a92  68b83134ba462fa3c4ce0c66a2e10954f303a41e1e1ace41a3a938b810e31eb3  Microsoft Corporation  6.0.6000.16386  Threat Count:0  DLL Association Count:32  DA[1]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[2]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[3]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[4]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[5]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[6]  93f3ea0baad54b7abf6558b15818bfd239bbfda395bc909bf9d987c72bc1d1fb  d30ba6ff257a840d67bfa6af332adbdc0e79c70edcefb10faacd7071fb431458  DA[7]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[8]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[9]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  6b3cbf69e9f637618da103cddde197091a95791ecc86b65a8b44e5240aa9e503  DA[10]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[11]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[12]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[13]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[14]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[15]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[16]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[17]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[18]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[19]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[20]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[21]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[22]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[23]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[24]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[25]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[26]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[27]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[28]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[29]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[30]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[31]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[32]  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_PROGRAM_FILES\java\jre6\bin\klist.exe  1257829779  987d4007bfc75b790f9d6929edf57cf6  90129aeecdcfa236dbb2c0a26677a8cb62fbc442a21720341c8f6f93876339d0  16430185cd5d7671384dbcca236a1904adb6aa4a893460c074e30a9fbc6e524f  Sun Microsystems, Inc.  6.0.170.4  FV[2]  CSIDL_PROGRAM_FILES\java\jre6\bin\ktab.exe  1257829779  fd60d73b7db48d4e76b1f5e84374d5ce  883fc645a177256ae4629af6726471773e9605615a1ae141eaac2fc24e7be95d  0a602b28834272d6164c3bd381321b802b85bd14aaca37d5b48395e46e3eb67c  Sun Microsystems, Inc.  6.0.170.4  FV[3]  CSIDL_PROGRAM_FILES\java\jre6\lib\deploy\lzma.dll  1257829780  8dd5fafa90086f0878f4014bd6413b23  aac87ee8a0f51d24cc4bab680fd7360fe2fbbc827477b5fa0a11509d95817ea7  c16a921ed80703aac408195b53774caf0a573c17fda2f034cf49b8919ae5a526  FV[4]  CSIDL_PROGRAM_FILES\java\jre6\bin\management.dll  1257829780  fba12307604ebe74e2ae1b51281e6e76  4258fbe1a240d2382489a2965054a17e29cc7274db603bff0146c699783ac30c  a779d29834af211e733e81a19f5b594d4282c9eeb9132a5401a9592f17f9cf2f  6.0.170.4  FV[5]  CSIDL_PROGRAM_FILES\java\jre6\bin\mlib_image.dll  1257829780  cd6e10ca043b3d94f85e60aa9187dcb2  d14e84d6ad4e17e201320efa420819cce6daac73a2859c0491f9b7ff24e45d9d  960a27fdd0cc52b77030e7b76fc20f8794d28a9c2a2552e256dc3ba014d8b850  6.0.170.4  FV[6]  CSIDL_PROGRAM_FILES\java\jre6\bin\npoji610.dll  1257829780  be7617c2a5084349dff4fecc18797b68  e448a8eb42362a8825bc1c1bb0e6ca3f7969c58255af7be163f0de6afe5af73f  74bebceba4ee576d728e43e9b6079d66bbbfbd17e900358df296f3f81d79997a  6.0.170.4  FV[7]  CSIDL_PROGRAM_FILES\java\jre6\bin\orbd.exe  1257829781  ae8791933a45e97f8b7228ff5a0dfad6  7cd8a7b21c2e170ea0e10ce88786480f2edd519c6c70c41bb54f954f4ac51c0f  f4716f779669e7f82e375cf7991cd72d72714a8e2b8a49dbc29417e9bf1d44e4  Sun Microsystems, Inc.  6.0.170.4  FV[8]  CSIDL_PROGRAM_FILES\java\jre6\bin\pack200.exe  1257829781  4abd193c053f1121cabed737cd06e49a  df0faf083b765b3c74111a27af1d5951ecdfc30a001809ba0e905cfb7e541a0a  d908d5b1e5ddc767976a79635b1141bd3127bb0bfe7932e99561581cda7a4929  Sun Microsystems, Inc.  6.0.170.4  FV[9]  CSIDL_PROGRAM_FILES\java\jre6\bin\policytool.exe  1257829781  6dfab473952d7a55852659b29dd1100b  22693ac3c88a5661133d0c097677d3b6549b52c2fafef662218ba6bb69f2be87  31ec8a8d4d7636586b7425c8c33a825ea596e87960cf691650e34e2e7d41a2d5  Sun Microsystems, Inc.  6.0.170.4  FV[10]  CSIDL_PROGRAM_FILES\java\jre6\bin\rmi.dll  1257829781  f2b7b2f8db5fcb6b38fedd876a76e5ff  82805899881b98cdf2d4f4ec33a44fd4a2e81b85a0282e1d424df885ac50e370  ebd09c3bb0dd5157984b028da84810c5c6454637b55fc45a4f5b129c385bab0e  6.0.170.4  FV[11]  CSIDL_PROGRAM_FILES\java\jre6\bin\rmid.exe  1257829781  c3d7f4a6906bf19c6aaab4b9fddf84eb  8f350113b09ec8acb5d7a753cb308461a980668411c937d5c6ee6182506de99b  9e033ebcff1dd53d48fca87d00c61686fc12d7287a758260a860bda6861bb205  Sun Microsystems, Inc.  6.0.170.4  FV[12]  CSIDL_PROGRAM_FILES\java\jre6\bin\rmiregistry.exe  1257829781  7ab3aaf8949e94dc5d4ec9ad532d58c2  7fc6e75573eda29f6384b8febadd1ca638f06a4b8a293340dd029d06e2704c09  fb530f442bd19cf9f57486704a8d2a69cf50fea79a3acf280249897a7c7a998c  Sun Microsystems, Inc.  6.0.170.4  FV[13]  CSIDL_PROGRAM_FILES\java\jre6\bin\servertool.exe  1257829785  88be734e142a7ec8012d006a2d348ee0  be60de7f52a0b930939caf657eb99dab5c8d29cae25afaa6107d56057970d33c  84537438b953e746ddaa5e3b0fd129b51bcf32710e785f2fc1a6ebd8969dfe87  Sun Microsystems, Inc.  6.0.170.4  FV[14]  CSIDL_PROGRAM_FILES\java\jre6\bin\splashscreen.dll  1257829785  ca3bad25dc9b96081e1f1cb16d394d19  3d43f72e0bc9f1114c454bd66409861090b31cd7ede7f2a075963c907116f82d  e2984fc89c9983dac05c1036e7865d5832d4fefc0ed94b5be632adf026e2a862  6.0.170.4  FV[15]  CSIDL_PROGRAM_FILES\java\jre6\bin\ssv.dll  1257829785  e3d899e680ddc3a324bf7e8c38312c0d  dbb0831278320a9f5a69d836f56c5959314ea45a249bc4e6ecf919ae1b87fddc  09661805473377ca1b4826f0bf6dabf06c649433606bdd5bef5c1d49f955f787  Sun Microsystems, Inc.  6.0.170.4  FV[16]  CSIDL_PROGRAM_FILES\java\jre6\bin\tnameserv.exe  1257829786  41aae16f77de5593f740cb08b03a3ec1  8b675645987dd7f04ee38067b44aec9af5b4383e69ffa989a2bf2d61bc758650  67da50cf518a2c0c45f58937a1dd818d4ef5ebde7a07999c38f3080046fe5c76  Sun Microsystems, Inc.  6.0.170.4  FV[17]  CSIDL_PROGRAM_FILES\java\jre6\bin\unpack.dll  1257829786  093f930928ed6c1fc4f3a5db6a3dffcb  8c90ba231d0aef278dfab81a5f3688fe38c6f5ddb9d12db03df1ef862fdd8eb1  f94a192070564bdb1406d98f4c5c32072650a7ff6ac4ed52c81d27b5fc7d4e6c  6.0.170.4  FV[18]  CSIDL_PROGRAM_FILES\java\jre6\bin\unpack200.exe  1257829786  0899bbd8b71ae31e84ebab621245f4ff  27701e5866c051e586019183086c19833d2d41a869520e1ec80c9752b3c991fe  ab20762a302350a4b2d73f1c0574b48d482dd7a051ebe21b67a36db1cdee2459  Sun Microsystems, Inc.  6.0.170.4  FV[19]  CSIDL_PROGRAM_FILES\java\jre6\bin\w2k_lsa_auth.dll  1257829786  15cbcb40bc15b164c8bf848cdaaa2528  300cc555f51ab582038a9b373818173b13c90270e8895bc44dda0626e966f32c  4f8b89f26c6ef3d8037e559bb84a37f99c8d7584eb9b150c1e7ff0647ad87a30  6.0.0.0  FV[20]  CSIDL_PROGRAM_FILES\java\jre6\bin\wsdetect.dll  1257829786  414984ff35b2efb8ee1a64ed8f157a98  2d3c93afde7dbf7e998a51e050c8b00ed15903030338eadd39f40af41e1b9a77  ed8ce79715fa1e54ce5273bdac4eb755a1fd3fefce2a094779b0e838ff79201c  6.0.170.4  FV[21]  CSIDL_LOCAL_APPDATA\temp\11747507\unrar.dll  1256483613  cb2e266f0d1d8a50fea7983b999c5f10  87bbe00cd36e821584f073c8dd321c69271943709fb1d3695834e25b3101f02f  ed1fd6e82c4dc1ae1f90fefdb624ec3f3d3a03494eb6f3ebfbe5bbd3bffb874f  FV[22]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\resources.dll  1260298008  bd0200caaffc3d1724d98a92bc8f1a33  989b0274ffd50a1990ef3ae5555681625a7815299cd0251522202064160c7748  a0a830dce3e0084b72fadbd6e61d9d0d561c960b01d332b3e30630b1811d330f  Lavasoft AB  8.0.0.0  FV[23]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\privacyclean.dll  1260298008  49b53b4a6484bf32721b9c783716e7e4  2e0b6b8bc8a9356366b7337881c60eb9d1a95fc10a7d27f28dc7ae3bc229cd53  55433318a2c53f9c0ea22cb2ff5884a08ac6f8ff7eb660eb1d8c4930c786468c  Lavasoft AB  FV[24]  CSIDL_PROFILE\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe  0  2fed9980b89a8ea0240cf4d59c5ec13c  880a302f3b10008cce70e369ce675f1ac34edea05883f9e86dc26166f0aad56b  ee2bb091f7daa1606f316bde99b17f1666d0e7a6e34ec63126115ece3441f10c  Blizzard Entertainment  2.2.0.1100  FV[25]  CSIDL_PROFILE\public\games\world of warcraft\wow.exe  0  2bbe1871eb2b69bd585ec58b3521c922  23cbac8edf0ecc4a3afa3b47fb9c37771910ba62959587b25d367964e4fea782  f02af8f2529043d19764a7abf667adbde782aca346a2719e684e028dff0d2e5f  Blizzard Entertainment  3.3.0.10958  FV[26]  CSIDL_MY_MUSIC\p\hijackthisinstaller.exe  1260333778  ab1c4deab684b0d883cfaa82c7bc6d19  132280692b44037d2205281a490525ac1ecba5499087dec2506d5eca07851b35  1815ffbc34539f58aba6b1b5d62bfb0e95df72a277bdbe78136d52b137e53988  Trend Micro, Inc.  1.0.0.1  FV[27]  CSIDL_PROGRAM_FILES\trend micro\hijackthis\hijackthis.exe  1260333804  c4ca7416a6df6d95075f81d9e3b41ad1  825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6  5c3c6899a0b4ae00e657ed221dfc509e005844caa1817e75d864c4a26847ba63  2.0.0.2  FV[28]  CSIDL_MY_MUSIC\p\atf-cleaner.exe  1260334251  d9de89f0faf18019bc9595f0f47bca61  e900d883001ec60353c2e8e1a54e1c5948a11513fffafbd5a28b44c1e319677a  cf061b1556c83653d82f2b72bf6d026ffb9f1f5646100fda33b7632b78c64473  3.0.0.2  FV[29]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\wscupdate.dll  1260297856  eb7c600ae1b993e8993530de52fdd27a  47e9c4846ef5d10464c7c5136e20c81ca80f46bed90d869e8b73df8ff6c9a90c  02ce2133956ca11917493fecb208e1e8ba44cb3fd1927a16180d7ad3740a58e7  Lavasoft AB  FV[30]  CSIDL_LOCAL_APPDATA\temp\flashplayerupdate.exe  1260352185  aea117fa4352b0b2a9cb8f3b10fa51fd  7729b50f6e7f9885e3315d9ae38890365d762319c1ceb83039a03973fb90d617  0cb93d877759a09cbc24fb473fef1d924af0ecb40cc696a50a6d1b6c01df393e  Adobe Systems Incorporated  10.0.42.34  FV[31]  CSIDL_SYSTEM\macromed\flash\flashutil10d.exe  1260352209  6aaa2f3476638af74e306b796989bbbd  ca9b75747fb54bc56bbbf017061021e44934ffd555c56788dee0303748a29dd0  b2d26bdfe38c8e54179586c928b89da91b954913118a1ca87af7354e1af38579  Adobe Systems Incorporated  10.0.42.34  FV[32]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\lavalicense.dll  1260298009  c9cd198fbd382f6517b9f36b12fab441  c41f66861e37b11dc2828ac9de1863729e5ab3a1480e3b123623fb6ca6982151  126d9f1f3e722e399ad13d979ece78e64450f4b5c14a4f7d09b04073f134be6e  Lavasoft AB  7.1.0.12  Threat Count:0  DLL Association Count:32  DA[1]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[2]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[3]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[4]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  55f71740fba3a079b81a045c81088c39176d44358ed28f568c198f338400e017  DA[5]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  2db2979baf792da74584e380055f233b9cef51bcbf992ca84a79ad81a23c1663  DA[6]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  9be390d924438950025842667924819e6eb1e821893c9efe5e06ab30cbd037bf  DA[7]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  37e8858211d7bf9de90cbd22863b18a939c43ba64cad06229e994a417bd46b0d  DA[8]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[9]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  4460a2e8b27eb74e951df328dabfc6c905dd1538d2f2bee59b2fda05482ce9f7  DA[10]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[11]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[12]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[13]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[14]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[15]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[16]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[17]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[18]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[19]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[20]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[21]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[22]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[23]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[24]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[25]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[26]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[27]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[28]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[29]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[30]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[31]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[32]  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  ",
12/10/2009 12:27 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Thursday, December 10, 2009 3:13 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20826_none_87cd0392e31b3a67\gdiplus.dll  1221022423  544d9ca03d511571e82f714617463e98  b12dc047e6b6bb87424903f12363008a688d84b3f77469bb10028c403fb9c548  c3a303bcc90a323e87950f867db9185edbb4600c38a13182697962e4ea6be6d4  Microsoft Corporation  5.2.6000.20826  FV[2]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\aclayers.dll  1211940384  8eb62abc8a20aa4f14754f03e4dd27d1  356ce68da34792d5c00c89966b1308e56095d124a5e47b910777db7b8765524b  567310b8734985d694cdcca3053d1651028f6dc6d206a39be7f2345ef87f8961  Microsoft Corporation  6.0.6001.18032  FV[3]  CSIDL_WINDOWS\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16444_none_0a16b7c3f540e85c\acgenral.dll  1199507461  152a48adfcafa862d98770c2aee55982  4546d3c959ee1f775520007deab953d8dd23cc6e2662b06c58b953c1ad8765e7  49e8a17a82b1215caac557f5b2df4442f0b018e96f66a5e9bc256f88f9188869  Microsoft Corporation  6.0.6000.16444  FV[4]  CSIDL_SYSTEM_DRIVE\Windows\winsxs\x86_microsoft-windows-speechcommon_31bf3856ad364e35_6.0.6002.18005_none_d7edc1a2cfccb087\sapi.dll  1253323423  296408b8842146c5e0c1a15c7f863fc4  fcf1d5d90e6e48a07d92c6df6c92f8e34e8439633499da46b691e38b78020c83  db54ff9e77e7ed2d562e7512be570f45f0a336623cc809e4ed8137e940b65428  Microsoft Corporation  5.3.6002.18005  FV[5]  CSIDL_SYSTEM_DRIVE\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mferror.dll  1252535986  a5c978dd5b123d6070b2076ff3b36600  614c5ae9f8a6a6b303a570e481df72339372fe7547230e3a4d98694715742b18  1b447cde641ec63c94961944c7e228b9a66dfcbd252271e7080ba4aceeb60461  Microsoft Corporation  11.0.6002.18005  FV[6]  CSIDL_WINDOWS\temp\memc.tmp\svchost.exe  0  00000000000000000000000000000000  4cb88514592ea5966e15bd60d2de5837da6ce0f320f3910a2cb0a556227b38ea  0000000000000000000000000000000000000000000000000000000000000000  FV[7]  CSIDL_PERSONAL\downloads\adaware 6.0 professional + serial\aaw6pro.exe  1260291407  2dd1d8fe1918bad593b3eff15dc235f8  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  4df88c2f3e67d6425c02a00d2a733c2bb187e5290d6ce117e4cd0f46e270e641  6.0.1.162  FV[8]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware 6\ad-aware.exe  0  00000000000000000000000000000000  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  0000000000000000000000000000000000000000000000000000000000000000  FV[9]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware 6\unwise.exe  0  00000000000000000000000000000000  3b8a08d12ebe9340854ccc9e37a6cd6dd06e8bc780366c3924e619548dcbf1b2  0000000000000000000000000000000000000000000000000000000000000000  FV[10]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware 6\unregaaw.exe  0  00000000000000000000000000000000  63fc2e0e313a32f2930eb410c45f156117ffa6403bcfc3fbafa3a195bc6bd010  0000000000000000000000000000000000000000000000000000000000000000  FV[11]  CSIDL_PROGRAM_FILES\mozilla firefox\uninstall\uninstaller.exe  0  00000000000000000000000000000000  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  0000000000000000000000000000000000000000000000000000000000000000  FV[12]  CSIDL_PERSONAL\downloads\firefox setup 3.5.5.exe  1260292322  045063e5f5b586ec92e143e908137796  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  93834d0b2d9858192cd19e81f8414d1e863aa8b20375eb71c941b097565b35b6  Mozilla Corporation  4.42.0.0  FV[13]  CSIDL_LOCAL_APPDATA\temp\7zsd91c.tmp\setup.exe  0  00000000000000000000000000000000  7e1dda67f635fc8d80d3d17294a55ed361be950af7777c263ee284e2c8dc61e8  0000000000000000000000000000000000000000000000000000000000000000  FV[14]  CSIDL_PERSONAL\downloads\ad-awareinstallation.exe  1260297060  a79004c06d357f9bd34bedafde5a71ab  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  43d0f5f1684ad72743632f9ef461821c5ecb22b3b92ebcedf458409f8a5feac9  Lavasoft AB  8.1.0.0  FV[15]  CSIDL_LOCAL_APPDATA\temp\miaeba4.tmp\ad-awareinstallation.exe  1260297888  45016e00b9661d32c6e2616726180570  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  0000000000000000000000000000000000000000000000000000000000000000  FV[16]  CSIDL_LOCAL_APPDATA\temp\mia1\lavasoftgchelper.exe  0  00000000000000000000000000000000  aa25e1d6878197c02aaf182f5ce945f83b0419b1455808d8c77232cf107d0b1a  0000000000000000000000000000000000000000000000000000000000000000  FV[17]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\ad-awareadmin.exe  1260298006  00000000000000000000000000000000  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  0000000000000000000000000000000000000000000000000000000000000000  FV[18]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aawservice.exe  1260298005  00000000000000000000000000000000  016ce71ef6d6065fa633bae1d62a4ff35b18b356119afad267183d114065e985  0000000000000000000000000000000000000000000000000000000000000000  FV[19]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aawservice.exe  1260298005  919ed067f43de391a46417b47245d52e  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  3e7930e85a42f271689dc3cb19fd4e6f2e26e439cb9d44973a3e8ce5586d1808  Lavasoft AB  8.0.0.0  FV[20]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\ad-awareadmin.exe  1260298006  55fccae51c4ea63962ef4598caed0aa0  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  31d5042ca5d4491d92afa091a0b826f306e7e532fe06df1738d353f0b598411e  Lavasoft AB  8.0.0.0  FV[21]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\drivers\32\aawdrivertool.exe  1251993604  87088212ebee2ff8cbb6b8eae6b871fe  498a8acf6573341d393c65d86238b9ac771112cd164e01e9edfe8dfe2ad66481  897e2a0e0b6420890ec7c64c4fcbad2011e61a658400a3a3df1bf403c50e2fc3  Lavasoft AB  FV[22]  CSIDL_SYSTEM\wbem\unsecapp.exe  1253323412  8274c87726d4561ee8750d883764acc1  78f96e2d1ab6731ea64aedfbe365aa574de0280ff97d86dd0c89ad94acc30e1a  0f66d3d48638ca61a7ecb82e1facf42421d75cdc62191327bc3171c1455e01c2  Microsoft Corporation  6.0.6002.18005  FV[23]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\threatwork.exe  1260298010  a66079beab7a9a8d74ca6deb8977273c  ca976b342dafb9054f370e88eacafb94d7c632fbf2fd6479a773f68bf0e2ba0b  7e9e95c88833d11476f31a7cd591d60df851b8216b4aad1c33b8118ef825f084  Lavasoft AB  8.0.0.4  FV[24]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aawwsc.exe  1260297841  3265fd334c4870f785973cb1e5aac088  2114d7b4f6eccc2fce97a2a929316ff5e5203e95f41603bc428c6f7a111cc977  56a6f4ad9202715d86f932b9ec4b386e686be9b7aa55997460423a82d21038fb  Lavasoft AB  FV[25]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\aawtray.exe  1260298005  bb4588aebf480c95ad2b4fc92f99995d  2f30674977d869201abbb814b64db5667ac0ce3e7dd3892a0524c4c154b8ab6f  8044d383cd9e14dd7e7dc3b1342855977b9b33fddc9e271f341f28ecb9c641f9  Lavasoft AB  8.0.0.0  FV[26]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\ad-aware.exe  1260298006  e928761f6456369b05f2822168508bf1  93c7f6c026cb9c91d8586a0a88c516c63953858a4b2ab6013edbf727e3135faf  70afb32213fb8de0d438b78051723cbcaa9967f9adc4f23de7136cc252ae8067  Lavasoft AB  8.0.0.0  FV[27]  CSIDL_PROGRAM_FILES\lavasoft\ad-aware\autolaunch.exe  1260298006  49479d598b5412d36c2cadc32902f6c3  02548268a5e4b978d19025789eda6a0f09f972fc6f40eedc6afedff991f75a48  dfe230e704916c330905d836d60921367c828ba8f34109fd1153cf644940621a  Lavasoft AB  FV[28]  CSIDL_PROGRAM_FILES\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll  1257829778  dee8f03d1eace0c8f914a2c76568ea32  68443b1bfa64a68e19ca3ffe7479275537c5d72c86b6616f23b8b4e47b4c6b7f  aeaf2521cad75092a4cc7383e614f6f111153bd9da6fc4141959a3c644510ca6  6.0.170.4  FV[29]  CSIDL_PROGRAM_FILES\java\jre6\bin\jqsnotify.exe  1257829778  3d08b09d3d35d012ea2d748f8be85f56  da65f6f0d3c205742dec8ef5fadd33aa6e4adfd5a3f3a9de530c29df49a343ff  6f2ff69672c5484761104465d973f3a72ba2615828fa2d0669445b5d963f2a16  Sun Microsystems, Inc.  6.0.170.4  FV[30]  CSIDL_PROGRAM_FILES\java\jre6\bin\jsound.dll  1257829778  49d2bb10beff5a9cd2530d78f694c524  bac7e7094b47cec1e8bfeed6ca2a4a4ab93948f36c46298ce0a2b09b59ea96f7  614ddb394c091376150abfcf88ab9a310315f648b2b2587329cd95a3bca0b7ab  6.0.170.4  FV[31]  CSIDL_PROGRAM_FILES\java\jre6\bin\jsoundds.dll  1257829778  d27bccfe4881046ed98e11895f8a6282  aff026c0e73612caf9f27658b5e0d79ec650c88e22e8c259781ee266e3c2853e  649339be974405442cdfaf775c2fdd7a7a955844beac586d1d1c155264ccfd24  6.0.170.4  FV[32]  CSIDL_PROGRAM_FILES\java\jre6\bin\keytool.exe  1257829779  07d4b3781efc35bdc729663ce61a1be1  1108f7a966c2872d71241c692f5ca892639c69fcf8af7cc48161617adb8bc456  cf673a7b3668c4870cc713a44c00b703da39832fbf2758111bbc7428542b193b  Sun Microsystems, Inc.  6.0.170.4  Threat Count:0  DLL Association Count:32  DA[1]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[2]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[3]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[4]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[5]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[6]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[7]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[8]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[9]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[10]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[11]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[12]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[13]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[14]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[15]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[16]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[17]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[18]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[19]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[20]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[21]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[22]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[23]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[24]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[25]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[26]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[27]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[28]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[29]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[30]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[31]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[32]  00926831c1f8f92758767b6afdf7efdf6c6747ad214969ec7b1a228bff70001d  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  ",
12/9/2009 2:25 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51889  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:25:47 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:49:49 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:25 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51887  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:25:42 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:49:09 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:25 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51887  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:25:42 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:49:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:25 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:49 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51885  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:25:36 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:46:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:25 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51885  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:25:36 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:46:30 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51884  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:27 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:45:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51884  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:27 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:46:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51883  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:45:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51883  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:23 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:45:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:45 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51880  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:18 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:44:09 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:44 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51880  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:18 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:43:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51878  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:12 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:43:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51878  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:12 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:43:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51876  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:07 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:42:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:43 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51876  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:07 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:42:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51874  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:42:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:24 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:42 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51874  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:24:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:41:42 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51871  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:23:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:41:31 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:23 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51871  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:23:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:41:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51869  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:40:59 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51869  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:55 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:41:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51867  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:40:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51867  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:40:17 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51865  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:39:35 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:40 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51865  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:39:56 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51863  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:39:29 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:22 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51863  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:22:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:39:08 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51861  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:38:36 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51861  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:38:57 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51859  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:32 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:37:43 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:38 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51859  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:32 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:38:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:35 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51857  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:34:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51857  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:35:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51855  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:34:36 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51855  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:34:15 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:34 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51853  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:33:53 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:21 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51853  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:21:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:33:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51851  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:33:24 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51851  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:33:26 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51849  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:33:03 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51849  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:32:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51847  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:32:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:20 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51847  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:20:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:32:16 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:19 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51845  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:19:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:31:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:19 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51845  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:19:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:31:39 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:19 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:31 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51843  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:19:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:30:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:19 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51843  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:19:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:30:38 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:30 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51826  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:28:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51826  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:27:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51823  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:27:32 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51823  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:27:11 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51820  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:24:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51820  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:27:06 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51818  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:32 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:24:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51818  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:32 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:24:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51816  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:23:51 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:18 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51816  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:18:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:23:30 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51814  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:23:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51814  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:22:50 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51812  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:22:29 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51812  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:22:07 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51810  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:21:25 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51810  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:15 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:21:46 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51808  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:20:45 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:21 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51808  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:09 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:21:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51806  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:20:24 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:17 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51806  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:17:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:20:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:16 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51804  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:16:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:20:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:16 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51804  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:16:03 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:19:56 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51802  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:19:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51802  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:57 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:19:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51800  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:19:39 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51800  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:52 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:19:18 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:19 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51798  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:18:57 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:18 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51798  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:16:14 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51796  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:13:48 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:15 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:16 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51796  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:15:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:14:09 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51794  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:13:27 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51794  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:40 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:13:06 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51793  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:12:33 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:13 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51793  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:12:54 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51792  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:11:51 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:12 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51792  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:12:12 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51789  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:11:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:11 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51789  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:20 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:10:00 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51787  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:14 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:09:19 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:14 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51787  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:14:14 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:09:39 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51785  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:13:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:08:58 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:13 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51785  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:13:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:08:37 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51782  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:47 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:08:25 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51782  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:47 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:08:04 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51780  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:42 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:07:35 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51780  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:42 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:07:49 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51778  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:36 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:07:20 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:07 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51778  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:36 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:06:23 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51776  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:06:02 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:06 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51776  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:30 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:05:41 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51774  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:05:20 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:12 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51774  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:12:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:05:18 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51766  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:05:05 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:05 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51766  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:25 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:04:43 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51765  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:04:22 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51765  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:04:01 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51763  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:16 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:03:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:11 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 2:04 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51763  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:11:16 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:03:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:10 AM,Info,IPS Detection Statistical Submission,Pending,No Action Required,"Wednesday, December 09, 2009 2:03 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51761  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:10:49 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 22:03:23 GMT  Product:Norton AntiVirus 16.7.2.11",Your item could not be submitted to Symantec at this time.  Another attempt will be made shortly.
12/9/2009 2:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:35 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51754  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:09:17 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:58:40 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51751  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:09:11 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:55:51 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51749  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:09:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:55:22 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:09 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:55 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51749  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:09:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:55:24 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:08 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:34 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51744  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:08:34 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:51:57 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:07 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:50 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51738  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:07:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:50:00 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:06 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51734  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:06:50 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:48:15 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:47 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51732  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:50 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:47:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51732  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:50 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:47:54 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51730  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:46:46 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:46 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51728  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:45:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:28 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51728  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:44:46 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:05 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:41 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51724  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:05:27 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:40:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51720  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:39:26 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:26 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51720  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:21 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:39:47 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:39 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51719  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:18 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:38:53 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51717  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:13 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:38:32 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51715  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:07 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:37:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:25 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51715  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:07 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:37:29 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:04 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:37 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51713  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:04:01 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:37:03 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:33 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51706  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:02:50 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:32:43 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51704  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:02:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:31:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:32 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51704  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:02:44 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:32:32 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51702  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:02:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:29:01 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:02 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51702  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:02:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:29:05 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:29 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51669  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:01:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:28:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:28 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51669  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:01:38 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:28:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:22 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51668  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:01:35 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:27:25 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:01 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:21 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51665  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:01:24 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:26:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:00 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:25 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51663  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:00:58 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:25:32 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:00 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:20 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51662  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:00:54 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:24:50 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 2:00 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51662  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 10:00:54 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:25:11 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51658  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:23:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:24 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51658  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:48 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:24:05 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:23 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51656  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:43 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:22:57 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:22 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51654  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:37 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:22:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51652  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:17:27 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:20 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51652  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:31 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:20:03 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:59 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:15 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51650  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:59:26 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:16:41 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:14 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51646  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:58:16 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:13:16 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51644  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:58:11 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:10:28 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51642  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:58:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:10:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:58 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:10 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51642  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:58:05 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:09:58 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:09 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23381  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 51638  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:57:54 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414BC3301407F0D4A9876A4FF303BCA30E4CBBCD595D4F252B74B0CDD9A678F030BA2ECE604D463B18ECE8E7F543982A8A7E022FEF07E1E53DFE0921B3110B0F8F0861849016219665EABB594D3D302B7B24E4EDCC74D6293936FD09699324BACFA2942FE2281C45C922BE4BF952AEF7CF7A93D34211ABF5996C9BEC77324BC6EE4E572FBEEFBB85564F724D9752FDDA42CCF9DCEDD2AE6387452136DB2174DC8E6333AD9428B652AB21B052D7C2B1B35A5497E15A289399EABD2CCBDCBDA21E9C17FA75936FE5B214014CD3710437D40BE041AA95DED530E370DDF4BC922B73B63912403A61AC1B009D451CD824811EF5E8C0F37BBEB941AC640ECC44450573068326FF13ECD301ED9BE0ED9F99F735BB70EC58D7E679BF7F0521841042082184104208A17FF0017FDA5A98  Sub-signature ID: 70786  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:09:12 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Thursday, December 10, 2009 12:10 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23378  Local or Remote Attacker: 1  Remote Port: 51638  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/config.bin  Date Detected: Wed, 09 Dec 2009 09:57:54 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDD0414FC2301407F04ED4C374278E5EDE5148EC068853765ACA929100E256E2C10319A362E36CC94642C227F4C3F821EC341AFC045EDE2F695EDFCBBF4DD3E99085C727843042488310CB32F5C3ACBA1E99953C11F27E613AEB9C9C9AFE8C3449123DCCA3942FE2281C46C922BE4FF952AEF72F7A93D15C11ABF1956C9AEC4F729E8CDC9D2E5F7DDF7773AD9EE59A2EA53AD842CCF9CCEDD08E6387792E36DB01B4DDB66333AD94C8B752AB01B04257C2B1E79528AFC2B5502633D17B5914997B4D3DB8CCF5DB26DBCA65210298A4A3086EA917C0A3542BBDAB60CAE1A6EE792957E66C7D248074CC5827003A8D38B071025DEAD1BEE7777D738358C90C98898A12660CFA75FE37D8A37DDA33C1BB3F33EF7BD672EC5857E67987BF8210420821841042082184D03FF8043DB95AE2  Sub-signature ID: 72648  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:08:51 GMT  Product:Norton AntiVirus 16.7.2.11",
12/9/2009 1:57 AM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Wednesday, December 09, 2009 1:08 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 51637  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: bigzhopa.cn/work777/bot.exe  Date Detected: Wed, 09 Dec 2009 09:57:46 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCAC10A82401804E0D9AC2E7588821E438F7B165DB04345AB5EF2201AA221B81141D193F578FD043E42B7F9601806E61047E1740644003C4029E98964EC6D017CD6B2D41273D90B6C60CD2937695626268C8D2D93639AD5D7F6DDB95BE55F0628EFF75CC9777CE676173CDDBDD75A07B57BF8CDABD99F41444444444444444444FFF505A1E516BA  Sub-signature ID: 70328  Remote Address: 193.104.94.45    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Wed, 09 Dec 2009 21:08:44 GMT  Product:Norton AntiVirus 16.7.2.11",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  921ab6b88444b364f05d8edf0eddfa0892353a862cd3580f7eda311e4fdc26b6  DA[2]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[3]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  4460a2e8b27eb74e951df328dabfc6c905dd1538d2f2bee59b2fda05482ce9f7  DA[4]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[5]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[6]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[7]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  07924f0966a05a992130d29bbf634214d0dfe4081851ed18b1e334437dd008d0  DA[8]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[9]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[10]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[11]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[12]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  f2a452b5b71293011eed8cd5abfa8d0b0761a92d4579cf9d98b1d2dc06d16791  DA[13]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[14]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[15]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[16]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[17]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[18]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[19]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[20]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[21]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[22]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[23]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[24]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[25]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[26]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[27]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[28]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[29]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[30]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[31]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[32]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[2]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[3]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[4]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[5]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  DA[6]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  55f71740fba3a079b81a045c81088c39176d44358ed28f568c198f338400e017  DA[7]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[8]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  DA[9]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9c7ade37c9f2f9cc5a79d75260736c3791c7a73fb84be6b7e575ca31a4b99667  DA[10]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[11]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  0dcf1219ab9b2d843e7a2393d0cd7f2c0585fd99170ca3afde4e3acfe5d3bc42  DA[12]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  2db2979baf792da74584e380055f233b9cef51bcbf992ca84a79ad81a23c1663  DA[13]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[14]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  37e8858211d7bf9de90cbd22863b18a939c43ba64cad06229e994a417bd46b0d  DA[15]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  72c59bbd1590ead91d92c07b3434be308639ce773e8a2e72751e5396b4b10ba5  DA[16]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  0fd23f7ca8ff6f2929184ac744865b9a91f2821bb6000e997c4f4daad29cceff  DA[17]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9d6a3071a961d303c738d48661e44ff1ea8dd33943b4d380fd72e9b51005b958  DA[18]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  1bf29e5e1c541f36dedcd0ddccca0f35d19e94d2655055ee2477439940baaff1  DA[19]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  6b3cbf69e9f637618da103cddde197091a95791ecc86b65a8b44e5240aa9e503  DA[20]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  ef6a3abfdf377825aa17a208cdb49d257b026d7973c1a8e86b796edbd0b222db  DA[21]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  cbe1f5b357aae3ea03e8e0ae2e1a1de4edf8f35ad056dcf1dc4e413284c86fc3  DA[22]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  94e0b8590268bd21b035297f5b0c01a4e8958a1db39a5aa654ea1805bd30cec2  DA[23]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[24]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  9fc3a7c512b065f18b520fe93b821717bb8b4c36bd976e8d014f71116073cf50  DA[25]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  939758ada9d1a7e3b6ba1db6d9e41d3fa27a7013c156f0b63010a0fb62dd64f8  DA[26]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[27]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  28ed17bcae5db58885547213b5241f8e6599ade3bb7834a54ac2f10d3285c45f  DA[28]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  471693bf0ed3f9d07d0353cdfd2f88d5bc6886a2fa6d0f5b46ddcd6b8437935b  DA[29]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  f380b9a28d56dec902154a0251b58bd3576355ede2cd13cf47d7f4dbe3d61c97  DA[30]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  d781c5f22bebb5c51b7792ebb4421c170f2cc5fe28e9245e9d6b9d22e33423ab  DA[31]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  35159d86706441ed94895b4629411b4445fcb4526afd1f7036ee647931b7a94d  DA[32]  0cdfb35956fb855a8e22cb9398309af0440b488f871044a75c4885ce67715add  f45c1429bd60eeab7be8c2114b9c819ced7583249cee1ab234a8a05a484528a9  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  DA[2]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  9c7ade37c9f2f9cc5a79d75260736c3791c7a73fb84be6b7e575ca31a4b99667  DA[3]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  bd3d51e302587e33901e5995367b6227743d2385f1420e12c712a62063150318  DA[4]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  adbf30d100d3837c35695b1abe3e7eb03fd6b9200b9c1c337325d9e0a3a3ace4  DA[5]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  f66a772d2b2c7b8b91efb5b7e32fac63bbd17b5e835dd0566c943bdad1057786  DA[6]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  1bf29e5e1c541f36dedcd0ddccca0f35d19e94d2655055ee2477439940baaff1  DA[7]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[8]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[9]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  571d43bbb0d0d54a7d508e9d0e70cdf5f1f3b147b4f6b15eb3d893401bb6f40f  DA[10]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  e7b852e949d0db9c3d63c4f49decf9c93781142eac6f6d66c9fc8e0027e904f4  DA[11]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  746bdba233c41b3806280de5212daf2e09a77c059629f471178dfbf058134e15  DA[12]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  544a63148756ad0e993dd79f0656e73e23386bf0da54394000044fd0972c838d  DA[13]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[14]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  94e0b8590268bd21b035297f5b0c01a4e8958a1db39a5aa654ea1805bd30cec2  DA[15]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[16]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  d903cb3ae812efbb595a95b131920efc32fd01b490e723e4ffd75ba3651d8a4d  DA[17]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[18]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  f380b9a28d56dec902154a0251b58bd3576355ede2cd13cf47d7f4dbe3d61c97  DA[19]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  d781c5f22bebb5c51b7792ebb4421c170f2cc5fe28e9245e9d6b9d22e33423ab  DA[20]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  35159d86706441ed94895b4629411b4445fcb4526afd1f7036ee647931b7a94d  DA[21]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  f45c1429bd60eeab7be8c2114b9c819ced7583249cee1ab234a8a05a484528a9  DA[22]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  15f2121c660d64d608c53e320b05f8951730e6125b1ee8bab021ee80cebbcd75  DA[23]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  51bf3c48be9bf81a800ef5b247e03c78980b3ffff37688c42c0f253351eef4c1  DA[24]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[25]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  df1f057926965db6eae362904465178056c9f100ed224fbd4a89d0746fcc98bf  DA[26]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  07924f0966a05a992130d29bbf634214d0dfe4081851ed18b1e334437dd008d0  DA[27]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  90ef02dca67c68afbeb8e2be2e1bd6e400f2a386c3ce8af5573e9f89b7636688  DA[28]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[29]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[30]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[31]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[32]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  cf420aced0d810e1d75f6811dd986f2d9fded2fbb8d61fc9a7024520c475febb  DA[2]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  91fd46d7335c9990a20f215b9f6f53bc59551420a9c99ad8110ae2f9ff7598f0  DA[3]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[4]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[5]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[6]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[7]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[8]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[9]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[10]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[11]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[12]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[13]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[14]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[15]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[16]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[17]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[18]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[19]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[20]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[21]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[22]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[23]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[24]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[25]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[26]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[27]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[28]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[29]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  fee340e7919fd4b3a0dccc00a1885aa4abc4a92c1bb7a083b9e8e2e71b1319ca  DA[30]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  607fb70e8f3e8f09139b1851c18878669a5d2f62c2b232636a30fa76ad793dda  DA[31]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  3a8c9304d49657765df0fcceae2a529982025d8677cca5930824921f77b8f404  DA[32]  c788d558d6f72d659b83f9413a96847711c01d8d0833989321222d78eb5a0857  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  6467de36c7db6502af17210148194f16be76a9ba793105fac763536cc14ce693  DA[2]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[3]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[4]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[5]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[6]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[7]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[8]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[9]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[10]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[11]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[12]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[13]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[14]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[15]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[16]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[17]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[18]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[19]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[20]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[21]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[22]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[23]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[24]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[25]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[26]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[27]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[28]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[29]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[30]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[31]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[32]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  bb84036f8f16c6e2069fd8b18078a7e6cc98b513285fb1a8dc727b395c9e3a12  DA[2]  997b248bfbdb290206a8496722d6102903634ec0d397694569bc237a681c088f  c72f88e1cf47b3645177e8cc78e3ae3d098e6401ef7ef598e4c02f75a466b78c  DA[3]  db9f21389fd7454a16d68a555d8c573a2e9bb4551f4f1c43cb3791a15348bbd2  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[4]  db9f21389fd7454a16d68a555d8c573a2e9bb4551f4f1c43cb3791a15348bbd2  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[5]  db9f21389fd7454a16d68a555d8c573a2e9bb4551f4f1c43cb3791a15348bbd2  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[6]  db9f21389fd7454a16d68a555d8c573a2e9bb4551f4f1c43cb3791a15348bbd2  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[7]  db9f21389fd7454a16d68a555d8c573a2e9bb4551f4f1c43cb3791a15348bbd2  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[8]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[9]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[10]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[11]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[12]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[13]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[14]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[15]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[16]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[17]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[18]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[19]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[20]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[21]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[22]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[23]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[24]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[25]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[26]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[27]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[28]  0d96f6d365edd9be06e65619a2bf788ea76a9af75552b0be01f9a1ff93285a06  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[29]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  cbfaa80631a6a332697494160a7453645478ac535dcf5f72f75c27d3f325ce88  DA[30]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  596b0cdb80274d52bd631605fd74030df1579ad7cf8cb209cb3983fef3675114  DA[31]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[32]  3c49f0e50f2a48712cde76a3c07ffe4b4166a33e080b6f9c30c2144e31b091ad  b7dfb14db60d84062b7e2a2293a4f3f5ef986108ef3c9c1e1cdc284f61981731  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  b34fa5bb3bfb817516246f9e702a1e6c444e3eace6cde2e6972a160b912bb3b1  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[2]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  fe034ff832ef2585671a602296e9b96f0182ee60a309f3dcc280ce9b41a0dad1  DA[3]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  7449c6660a6f29dc9d30d6f7e88e94fab3627d71cfc59d68188ec5e176583093  DA[4]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[5]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  6a8413be885a07235f59846fad986b7a65cf009ead78dd378114b6362dddb371  DA[6]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  4d16a2197f9ed9062cfd93061294fb8e1068071d03e72b6cf3c7256f1b454a9b  DA[7]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  ac40dc0d1224a2f6faa1a3396345371cae7312c6d7ef0923602b2e89ed22ba2b  DA[8]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[9]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[10]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[11]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[12]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[13]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[14]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[15]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[16]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[17]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[18]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[19]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[20]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[21]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[22]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[23]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[24]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[25]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[26]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[27]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[28]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[29]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[30]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[31]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[32]  edaf6de0cb733ba91ed91e8310ab786081b586a20e318e93a8679c938dd9f048  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[2]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[3]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[4]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[5]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[6]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[7]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[8]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[9]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[10]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  2283e1d5d5acf66b6c71a7755577f0a03db5fc213e5d7db067c9b7b6e805c202  DA[11]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[12]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[13]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[14]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[15]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[16]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[17]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[18]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[19]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[20]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  666e60c496e7c319bdce35a417d97520c229c6dd479f83c682d5f26c5b7160fa  DA[21]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  dacd7a7e0a41b011ad306972876568f27cdcf064edff71024bc0d4b595b666a7  DA[22]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[23]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[24]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[25]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[26]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[27]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[28]  42c4495e5d524496a9ff879648b4d1b2998b2aab49fa612e9630bcd5d629476a  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[29]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  15a579fde0288bc732df0c092a8269159d4d7b8aac13e78b1d444899ee1ce478  DA[30]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  56f8a23969099af879e591fd4bc2a556851b3e47caee9094586b77c3af4ac20e  DA[31]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  220911a88ef333bac01062cc9e83566dbc12b1564d5b58c3a8a039dfdfdb7c6c  DA[32]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  6467de36c7db6502af17210148194f16be76a9ba793105fac763536cc14ce693  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[2]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[3]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[4]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[5]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[6]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[7]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[8]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[9]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[10]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[11]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[12]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[13]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[14]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[15]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[16]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[17]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[18]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[19]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[20]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[21]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[22]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[23]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[24]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[25]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[26]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[27]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[28]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[29]  37d64210e75825290d1a6c12e9076a4616a05b754d20228c45c8b4295e1c5c82  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[30]  16231af4b791411c29570087955d343d5b207832f49e7fae9b9fde00eb34508c  7e7352156e458344f978bb1be594c2e339c0fdef9eba5a7db7ee546e7b9f2f44  DA[31]  16231af4b791411c29570087955d343d5b207832f49e7fae9b9fde00eb34508c  63bc9fb8d14200821eb18af0762f47b9bc1576145977cdb45b228427fe3e574d  DA[32]  16231af4b791411c29570087955d343d5b207832f49e7fae9b9fde00eb34508c  c56aceba2597649be1c5d00407c57fc8a9d5f9715491884e5db0d58940cfeb34  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  841f718d1d343baf2f4e2f14f5a0e68c58ad3ba1fba354f59191f2c6b4f3b1d7  DA[2]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  d9f989669eb0aaf384aa5462dd632999bf9c5a6bdb75c4f8857a6e9bdbe82b64  DA[3]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[4]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  83767e4b0bba094c90fedfd22295204e0272c5a188cb241a308365555e2089d2  DA[5]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[6]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  639f482dbc82e1e8e7254a5f6ff0f60661ea4be44d86ca13238913dabfa522f8  DA[7]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  aa1961787f24a6aff9dd5d0a6110686ea654595d2eb941f5da702498a662880d  DA[8]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  8718bf6dc8678bdc5af627f82d14e2d857d94a760529ff00f1d7b066f46ca832  DA[9]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[10]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  83eebe7b5455102b3d47ec0735dd099010df167c859d1ae97954bd57ce1a01df  DA[11]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  7f7b0f02709bf4ca8dfe3ac076dba24e004f3ae3dab753e747bb5fabc2b2c68e  DA[12]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  ed0f289a03ddddc493dc982feb633f23c1d6067f9674491eded3f78609ab4b23  DA[13]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  f7e48be5142d8e52d63fe45901ab6a842921f0af9b212dffa47600bd2c879bff  DA[14]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[15]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  e461850e92402912f022817ad66d715ed37b1ac6badf915316a761f0bcb2c7d8  DA[16]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  9d6a308a961a1942d7bf8abeabe6ca87eb13f7710d40f2f767ce4545c18864c6  DA[17]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[18]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  54e519ea810e2b8521f6fd5a8670dc65ee00297e616d2361d09b8c8debfdd99f  DA[19]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  02bdd840a09dfdd126b8a6e77ec3f5cbe1002ccea9b8a33ee9224e0d9d6ff077  DA[20]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[21]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[22]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[23]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[24]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[25]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[26]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[27]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[28]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[29]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[30]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  16aad9264cab5b5489e2cf8f118132ea46fe9066b4c4320c0259be88ebd111c8  DA[31]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[32]  6edc9afe8420ef7e7d87e4dc549c73b4cdb5c82f136f60a80df3a998ad8a3647  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  ",
12/8/2009 10:45 AM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 6:48 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  fc383d5a58dc085dbf68bf133f6911ce4a7892e5fce8be6d81b906ba8e1a5261  DA[2]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  f3dad07d80fff1631ae21c66362757263bd9d6d2d6de692a618191f84ee46827  DA[3]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  15a579fde0288bc732df0c092a8269159d4d7b8aac13e78b1d444899ee1ce478  DA[4]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  0febbe1f81e6a48da0d8967e256259b6f92f6e79804df9cac9422fec47cb9bf2  DA[5]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  e6226cfd77c6ddae5737c4cc6f8b347df474cf8dfd93e32abe6ae63d9ab0a586  DA[6]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  613f0d184e08cbe1ffeeb8f845adca79577fb3cf59ea1fee6b2346d9930763ab  DA[7]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  0c93e63372d619393d9ddd3efca2317a6652276a9fde0530cd2a06135ee6b46d  DA[8]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  f66a772d2b2c7b8b91efb5b7e32fac63bbd17b5e835dd0566c943bdad1057786  DA[9]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  b7dfb14db60d84062b7e2a2293a4f3f5ef986108ef3c9c1e1cdc284f61981731  DA[10]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  c89ae8dd76ec8f669b5ffa9f8cbb4531743d3e1d8975b416ef2cb5ab35db4ef2  DA[11]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  6467de36c7db6502af17210148194f16be76a9ba793105fac763536cc14ce693  DA[12]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  b9948f733e892b1742804c715eaa72f248944f9ee1eee35df8a63725bc847c1f  DA[13]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[14]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  c71a6fa69b8c7a49551a3a8c3ae6f367a6e07dbbc07dfb6956fa7dbf4aa7aeb7  DA[15]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  923c936b935bdccbe7dd0d6f2921cfa5980fc15f950e29b72e649ac0b9867eb2  DA[16]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  ed634c9829e87f4d016446f2e2f44b542a263f166f69ef5759bbe964a457ecbe  DA[17]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  cbe1f5b357aae3ea03e8e0ae2e1a1de4edf8f35ad056dcf1dc4e413284c86fc3  DA[18]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  921ab6b88444b364f05d8edf0eddfa0892353a862cd3580f7eda311e4fdc26b6  DA[19]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[20]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  2580ceb58be4aef7deb134f3ad251188caed05bc992b4fa977ccd11bd583be5e  DA[21]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[22]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  ae5c0bb03b453cd1bf7b2f700d31f48a9ed0c9ea9dfcb2ee6a864764a55dc586  DA[23]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  682d5372b533817c810f1dcb1c7ae42c44a786ed114601e56df85fe1c41d5989  DA[24]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  5de2781f53246715c547b769e4a61cd08bc3dd81a2cb82c3ac3fd3eb75edd8f9  DA[25]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[26]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  40b6f7a67f90e5d9948385418bd22bbd29de86a151b35d1001081a61ca5fc612  DA[27]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  558c6304afd4da12f8976f699e39d6c1749f28a2ad4308b1c9e6d56288405fbd  DA[28]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[29]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[30]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[31]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  8c451fa2ba8e38d83e50ebf1d9f56fcbcbc7e2c6898c15254fe9f337f279e0c1  DA[32]  d8b8ac40ab8c3249de22e70a9cdf7e7b15675fb93b3112ea7ea4655f28638241  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  ",
12/7/2009 6:40 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 8:47 AM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:9  FV[1]  CSIDL_PROGRAM_FILES\java\jre6\bin\jli.dll  1257829774  4a448af88a1293cfb07c59b4587979cb  0da7242c9ebae27b173a19afe34770eaf3f1bf9e67214b27502febb71ebeba21  ab465992f26d4f54d1e2384de009bb69062350144bdd2226c17e837a3231d96e  6.0.170.4  FV[2]  CSIDL_PROGRAM_FILES\java\jre6\bin\jp2iexp.dll  1257829774  048369c957bce15e4628fdeb65820be8  a1fa138acd90d6927db5bd2701c726ec04f4c0705a0a996af6303064795fcbca  052d2b531f25b944f9722a140798c58154205acaa4a0fb21a4cad5006439ff9f  Sun Microsystems, Inc.  6.0.170.4  FV[3]  CSIDL_PROGRAM_FILES\java\jre6\bin\jp2launcher.exe  1257829774  35c4b2dd8bb7b018f158aa90a374670e  db8731cccf2ba7203db028634d9058a9b1de80e3f56d25fab4173b3a62af969a  86b9d135c3396fc2b6c41258559cbc3022fec1e443e18455739660c0efdc1b97  Sun Microsystems, Inc.  6.0.170.4  FV[4]  CSIDL_PROGRAM_FILES\java\jre6\bin\jpicom.dll  1257829776  8b49840b83dd131acac17d246d31c3f5  df7b22738d25a934f2f4982bbff7f8308202adb8e2f9eac754b7698f2f9f3e0f  b80e83a0709ad0f4c8ffa39cc505b94dfb1933f41380c276a4a2301a1ec0139c  6.0.170.4  FV[5]  CSIDL_PROGRAM_FILES\java\jre6\bin\jpiexp.dll  1257829777  ce209e0933fb167251d5c537b1dbe9a2  6f1f88945aa6e17f33b09ccad3f0392952124b3904de0aed141552702588a14e  25a498b3ec654d570d3f9a0dbe889f53fec1e564010d1330bb013391d537f78d  6.0.170.4  FV[6]  CSIDL_PROGRAM_FILES\java\jre6\bin\jpinscp.dll  1257829777  ef967aaeb770eb428e2b04417ca43882  5473cf627fa28a4b380f65ff489b8dbe7abf7e85a03dd9ba7d9de1a8e4ce562c  3bf9ff47c73c2c05c76deb064271a0c0f8e2d8ef79a5d48ac5a8aa0a05be401f  6.0.170.4  FV[7]  CSIDL_PROGRAM_FILES\java\jre6\bin\jpioji.dll  1257829777  a32c9358d2fbc2c9e4840f56aac38b39  298682157004811d0de53426af3a7f4b77b75626d5a3e5f6cd7630c39b4639c5  0f9dbc6aef2ff2816e424dda3ce4399015b41cc13c48aa0511e25fdcaafd8b4e  6.0.170.4  FV[8]  CSIDL_PROGRAM_FILES\java\jre6\bin\jpishare.dll  1257829777  e06c15c8e0303a3b901799e5e12b0e20  7683a2cfdbd4f065f1cecbbecd968914c50beb6a2e21d7090558d98711a8edb0  e5863e780cfeb418296691d714b661f5476c9317ee29f2c4fd1711eb8434f6d1  6.0.170.4  FV[9]  CSIDL_PROGRAM_FILES\java\jre6\bin\jqs.exe  1257829777  39133291cb607bdd87cfc565a4a1e7a5  52d5ec3f5f0f5243eac7249fd83140a54846ce4ad8434f2f5721e92f5bde76e9  e32be579b68316e6f3631d6f6295d1fb4621b01e71d6071639ee819c445c4e11  Sun Microsystems, Inc.  6.0.170.4  Threat Count:0  DLL Association Count:7  DA[1]  270a528b310cdc82e4246259967fe9e38bcab8be84b272a1991258c6accb55b5  859eaeff95f10a23fcb257e388b199ea97e9686181d731dac6ee7a5284a2427b  DA[2]  270a528b310cdc82e4246259967fe9e38bcab8be84b272a1991258c6accb55b5  7fd26cecae8199597211bff197d6416c13a404afd46b87e11eb3cb39c3e3b5e0  DA[3]  69f447b155a110475c2be817c823581fce43f7a9a040db5d4cf3f95aa7967d2c  43a818c21d7ac535c3642714623e836ceaffe69fa51e42de123494ba0bc82bbc  DA[4]  69f447b155a110475c2be817c823581fce43f7a9a040db5d4cf3f95aa7967d2c  7acfd1b92cb43537a360b91b3c9d0aca7f5b614929437acf18ed7fe3580c02e5  DA[5]  69f447b155a110475c2be817c823581fce43f7a9a040db5d4cf3f95aa7967d2c  29d3be1a920bdcb2a1dded397543c33d3fce5bdb84a1abcb37803356415ef058  DA[6]  69f447b155a110475c2be817c823581fce43f7a9a040db5d4cf3f95aa7967d2c  b3af84337b8f0bf6b1eff982a930d24f50a4cf0ff3b7e4b1d6254313abaf3f91  DA[7]  69f447b155a110475c2be817c823581fce43f7a9a040db5d4cf3f95aa7967d2c  5ef600a838b98f6f79f333a3b492f77d725f99100e79c6d6eed900a3c1adb200  ",
12/7/2009 6:40 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Tuesday, December 08, 2009 8:47 AM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:32  FV[1]  CSIDL_PROGRAM_FILES\gretech\gomplayer\vsutil.dll  1257350312  b1dd0acf5555f53a246874fefeec2bcc  f1a873467d74be6f36c8677aca0fff53657ee6636297e4ca6767ec7881406468  c65e2916b7bc02c653e57591003de80051b39a43a3f81397e4f67764c612032b  GRETECH  1.0.0.1  FV[2]  CSIDL_PROGRAM_FILES\gretech\gomplayer\lang\gomwizeng.dll  1257326630  746d00433c553eb9dd67d9c88f5ce09e  410ec6bdd8729ff529e9f2912cbe4a1504884aee749199d32067f3e07011da9e  3c38a3fe61379f7d7b25e092831cdcec0eb4cf8e63c017dcbae7926c00e2cc97  FV[3]  CSIDL_PERSONAL\recovermyfiles-setup.exe  1259490411  0ade94ef7cd2e6c2c3f74fa8869ece86  267b5eed19071a4a4ef363915c7439286d6703aba68b4118df7387ac59db3843  5e43ef428e28eb4df70a2162be4b03c805a615fbae12f1dbd71e65557295abb9  GetData Pty Ltd  4.2.4.495  FV[4]  CSIDL_PROGRAM_FILES\getdata\recover my files v4\recovermyfiles.exe  1259490579  faf937dcd76ee2848f08137b9bb527e3  22461dff2e070d907d374eeac534690a174e754afd35111a455eeace67e00580  b72acecb98b480d1317f86098a2e37754cc7a7070116cfb0aae884c94df466ba  GetData Pty Ltd  4.2.4.495  FV[5]  CSIDL_PROGRAM_FILES\gretech\gomplayer\srt2smi.exe  1249995200  bba361539538479e9314f1be25bd4af0  73e770084bc4477920289d23c2b08b57964e5e0a5f0813bd346cf9b05e198de3  a5de754bea922085a0b75591ea68ba17b8df69338b3ce6ba2b3354dbff315738  FV[6]  CSIDL_COMMON_APPDATA\atscie.msi  1252983531  faa19fa08031f76f8d91f64f41607f8b  91d1fdfdd8f162cbc38ec6081094391b4d5e302c7146f96363c789c05848c5bd  0000000000000000000000000000000000000000000000000000000000000000  FV[7]  CSIDL_PROFILE\public\games\world of warcraft\scan.dll  1258690942  00000000000000000000000000000000  75a7da00807ebff0152bc780dd54eefec75568d48743584a2e32402972a9a01e  0000000000000000000000000000000000000000000000000000000000000000  FV[8]  CSIDL_WINDOWS\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe  1253323493  98477b08e61945f974ed9fdc4cb6bdab  c7e8f661f6fbf6ab493e950d2e70363496e155b1838ce7b490b981bd840b04fc  65c3a67119c388a085b1b217846d413d08c8aaa391ea434d7b81d2df6ae9a8a1  Microsoft Corporation  3.0.4506.4037  FV[9]  CSIDL_SYSTEM\msfeedssync.exe  1255645433  261d1711f0a6233cdf0803098cf8a3ee  8de01a9cec323e414d65c6ba7052b205b5897d34b2c1365d9740b25163282a04  be6bf1441260bd51bb840f838244a5957a4a87a56b573f9b5c29c6c7842eb104  Microsoft Corporation  8.0.6001.18828  FV[10]  CSIDL_WINDOWS\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe  1253323452  c7fbdd1ed42f82bfa35167a5c9803ea3  372ff71070d5ece17342466a690737a0622e93c98dbed8172c49b0854f0012b7  e78a57165393d1250f8338e3fd7497eeea3942d7e9e39b6231975c36ec78334e  Microsoft Corporation  3.0.6920.4000  FV[11]  CSIDL_SYSTEM\drivers\rdpwd.sys  1253323412  30bfbdfb7f95559ede971f9ddb9a00ba  1bdd3fd0abcf5ea2c4d2618e76ac782894e5a7132700ba4c4226e1f9c7ce547b  e8da53e1fc028174fa638157e392c890cc159dd8ff61c47b05e7aca3a5425ec5  Microsoft Corporation  6.0.6002.18005  FV[12]  CSIDL_SYSTEM\mscories.dll  1253323451  9cedc24dc2a88624a4431c96a13c0c94  f5866bc1bb51e712e9cc146544ca1d2c36cdf26d8ad6c7066e8159d4441450cc  62cee74157d9b9d35bf38d942a0a006b5db29d870b77884dbeb5243ae89ef209  Microsoft Corporation  2.0.50727.4016  FV[13]  CSIDL_SYSTEM\fntcache.dll  1258484643  d49705f25390265cad9b620f55ea968c  91e1e943c115e9edab4aa4123997ea9e8116cb08f883b589595cb64267a2c786  0d16a4ac91af40028c9f836ef8ce8557f194adc5dcf0512f991bd0c72d2c2778  Microsoft Corporation  7.0.6002.18107  FV[14]  CSIDL_SYSTEM\drivers\exfat.sys  1253323426  22b408651f9123527bcee54b4f6c5cae  31af9649333a9496a9224001266d1b68ce2a31b9fb182a755d127fc5492aa6b2  68f9f79c8001317ab26722dba8803f820521296a0eb05bf1ec9b8f49495b90ee  Microsoft Corporation  6.0.6002.18005  FV[15]  CSIDL_SYSTEM\xpsviewer\xpsviewer.exe  1253323471  d2552aae81031c42fa26e19aa9a5e04e  a136023d35eb298e49421e43350232764775ccb601163d205dd3b76f133f263d  db0a151eab69c031329349c39889ebed40600cb47465f6dc1113ad5487ba97da  Microsoft Corporation  3.0.6920.4000  FV[16]  CSIDL_SYSTEM\drivers\wpdusb.sys  1258484567  de9d36f91a4df3d911626643debf11ea  8029ece76e29276bfb6ed3387ac560a9a779aaf683a4416e96334faf7bdbada0  b2f56ca744da053e7c30005b75f92c955acac540a25bdaaefc48f92cae9cadf7  Microsoft Corporation  6.0.6002.18112  FV[17]  CSIDL_SYSTEM\drivers\nwifi.sys  1253323407  85c44fdff9cf7e72a40dcb7ec06a4416  dc37c99c458ca69b33bfd3894187089e947f4f9c01ec2ed024fa8614989e0956  9a935a5d1306c2544d1f104511953ef5d108d3a9ba0f6681da23442cbd4e83fb  Microsoft Corporation  6.0.6002.18005  FV[18]  CSIDL_PROGRAM_FILES\getdata\recover my files v4\rmf_pdf.dll  1259490578  fe1745b4a7f602d03c646d49fc2d065c  0dc711d29b68fadb542ead6365e489820628dd402953584f192375978a77be1f  1a72815c458e0f7b26f831023a226d88e943cf1c4eac0d4f13cafa8b804f619c  WPCubed GmbH  1.4.3.0  FV[19]  CSIDL_PROGRAM_FILES\getdata\recover my files v4\rockey2.dll  1259490578  a2eab2f6c266b2aaa1a712a6d070ca60  c0cb0328c216cbcd0e9edd2cd2d55cebc08b38281a796c9e8b0e69a481b0f0e0  6c01e592fe8967379687b3d7708acd0c20ac457f512dd188cf80db459f0d4c77  FV[20]  CSIDL_PROGRAM_FILES\getdata\recover my files v4\unins000.exe  1259490578  3210ab0d3a617b92391aabd0214f1132  2666a2441027ffd390e9635fea71953f8dba323e19609baffba369f530fcf273  6228bac109c78576d7cc3759aeff878e113552fe39711b80eacd779496afe3fd  51.49.0.0  FV[21]  CSIDL_PERSONAL\ventrilo-3.0.5-windows-i386.exe  1259829262  6fcbdcc32693c158f26e01d93cc12f30  c70feda9ac9e8c6340712593af060ee35b7d15144a8645b6ff54f0fec4a06897  1dcf91de85856d62e99a374a3c2a951523d0e1657d57daa01d84be86752deaa9  Flagship Industries, Inc.  3.0.5.0  FV[22]  CSIDL_PROGRAM_FILES\ventrilo\ventrilo.exe  1259831484  9da1f1163c7b5da29eec2ff3a731eea9  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  f0adb5b6d289a3ed63d27a5bcbb01c8dda4b4a0e16e505d708ba11c2209c7539  3.0.5.0  FV[23]  CSIDL_PROFILE\public\games\world of warcraft\scan.dll  1258690942  903af2dda26f2acf8f02eea7ac5d0ebb  be743fee903c1bdca14685a59d204f632a917ed37726e8b44fb2a79a31e007fb  8b908b8497e57e87f308f7521c3bf829c4732fcfd8011a12745df82fdb3a3158  2.2.36.88  FV[24]  CSIDL_CACHE\content.ie5\q7bn5aon\license.v.3.setup[1].exe  1259996708  435672f5957ea995eeed81904574803f  ae0f33784f2c967694c1c402a85cdc8eacad49a082d656c219ae159314d44b20  0cfab9ba8744748f8cc924996a0b028fc984446693871494835ee64de6144ee9  FV[25]  CSIDL_WINDOWS\installer\a65f4.msi  1255958922  7b93b3248258c7dd5ea83238b05a8b01  19ae0842d78f3bdab2c1c07c5f80d41ae2d129a383679e331a3806a1e66c30d6  0000000000000000000000000000000000000000000000000000000000000000  dce701a4b6a824f5b71cc9be150a87d07b2b581cb06e5ad91cc5757c67386975  FV[26]  CSIDL_PROGRAM_FILES_COMMON\microsoft shared\vc\msdia80.dll  1255958922  e4ba094ffbca3f398c5ddc931e9ad620  643d29919f996ebc74850135a3937583908d49d8ac202bc5267a9c0f9cdf0fee  cb65f79a2b3561b1311046701de408f883824d769c5a38d0af26504e7ddceae2  8.0.50727.762  dce701a4b6a824f5b71cc9be150a87d07b2b581cb06e5ad91cc5757c67386975  FV[27]  CSIDL_LOCAL_APPDATAlow\sun\java\jre1.6.0_16\lzma.dll  1256098744  730ea13c98200c6292fa4f65586bb18a  6fccf6e9ac2da129af34d43a6c1ab3c0a53be86fb4b6189d3aa859e4f556dae3  50dcfe15418509c37fb91ae927b223a89b958cb86ac14cb3120ea2ab03b848d4  c50c4eac912a21910c3f95f91e7401d2cb24323681a5a8557f3aec17ff24b2e8  FV[28]  CSIDL_PROGRAM_FILES\java\jre6\bin\jawt.dll  1257829773  02e5bbd1c8ea577ce33f5f48c79331db  e38307040f4e166b9030ef65dee9baf514f256c11ac6a5319be93b56ad7b41c8  87e66a51cfa6c58cbe4a120352a2f8cf88a391e7a2a5c1facadafafd7a0188ef  6.0.170.4  FV[29]  CSIDL_PROGRAM_FILES\java\jre6\bin\jbroker.exe  1257829773  193271921af6f58808c916fa30754d3d  7dc879c967ddd06080b81375cdf5149a24aa14ea1124f7d99fdf297501356ccd  35b1cf8835699d758d51d5bb8115ab6383be9dfdb558addfd863838decabb9b7  Sun Microsystems, Inc.  6.0.170.4  FV[30]  CSIDL_PROGRAM_FILES\java\jre6\bin\jdbcodbc.dll  1257829773  2dcf98c64bf9c3b61a446f22f5d027bf  15ed642b133fc6eba33285363acc5e55e84bffc5d44aa0aadab9e258f066b8f5  8dbff095b6b57e91574034a574aeb13345bd1172d4135bc412f4dc4a7bb2c2f4  6.0.170.4  FV[31]  CSIDL_PROGRAM_FILES\java\jre6\bin\jdwp.dll  1257829773  cdb40e768043e9ecab1caba9d2b1adbc  23e5a718c98d803823d75d926db4d5b3f1a57c7c47f1b0fc0e8e9f6645b5a15a  e5be222348c9635567519d63e27271377cc6174053abfcec62d0494c05227b9b  6.0.170.4  FV[32]  CSIDL_PROGRAM_FILES\java\jre6\bin\jkernel.dll  1257829774  bf9a0713d77b7dff5c4a2751d83abdb9  01a3421d201582df9dba3aa05b9b475755f1e262d2d809ffe024ba456e97cdec  6a74e4bd0a8238de20fa194221f92c5b5646d1bffc1caae94514a34df92eef35  6.0.170.4  Threat Count:0  DLL Association Count:32  DA[1]  f3226b8b6fe34624e5d1c6773528d54558732896655137688559f5e6dc787315  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[2]  f3226b8b6fe34624e5d1c6773528d54558732896655137688559f5e6dc787315  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[3]  f3226b8b6fe34624e5d1c6773528d54558732896655137688559f5e6dc787315  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[4]  f3226b8b6fe34624e5d1c6773528d54558732896655137688559f5e6dc787315  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[5]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  fcf1d5d90e6e48a07d92c6df6c92f8e34e8439633499da46b691e38b78020c83  DA[6]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  61cfaa2e686d613220cdb82a8f629e518c9a06d40bba700c6c39e811c7905884  DA[7]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  220911a88ef333bac01062cc9e83566dbc12b1564d5b58c3a8a039dfdfdb7c6c  DA[8]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  1a0a17de124a9b98f505f03c7f6f72e198a9bb2d8ee3cf028755209c52cf3ad0  DA[9]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  32c65b042e4607686c62b54b1b4857e228d057feddfb29d180b0afc7847f8862  DA[10]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  a2de902c822778cfc1bbfb261d594c0b86620732374c4ec643bc0fd94541d370  DA[11]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  78ecf565130e6684e9160f41ade6285acf52b5fbd46019c257c651f35595222f  DA[12]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  e0387bfb1ca6875d697fb7b95868bf70f4353e336f830446e543453bda2544c0  DA[13]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  70dab5cbeb5b2855784a9f6e3a52fd36c6fe18415fb01176481f85aef5b3e67b  DA[14]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[15]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[16]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[17]  51d1abec42f9e3b6fbd5221f6ab6c9536f8b3456768d86ff8ef7151bf0dfdd56  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[18]  2ae9e184ba655eb56488a3deff1c7c37b1c99eeb821e961390fce2efce6d7cbf  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[19]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  360e36e2bac1627181d2d343c8b1f9e9e4eec3f41f0e534b2c8a8afa500d7f4f  DA[20]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  9f0ee70460ffa43e869c3821f0af6646d97e0f463a87b50b167ecad44df2e523  DA[21]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  9dc8618557b0d852eea1163cf312eb68f8df42486e4e76a74926cf99db06ac92  DA[22]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  5b475c070da8c3d466a48e6b261b442858beaf8b35b490c954f01bde8073b584  DA[23]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  258b920bfa67a5f5a85a455ec7ccf18119c786f94a708087f09f3b5660cd783c  DA[24]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  4437abf328ded2f9337103a4e7d3892aa4a871a67f1890f12504ea79edd0a07d  DA[25]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  dd8a1e7c6714df07742efdf6ca5ab93cdc547f56eb8c1066c56a68e83a818dd2  DA[26]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  59fd437c4dc766210a1111764ea0d88138f471851068e4660d989ecd42d92df7  DA[27]  c6d348d19bffad6f4fc94e22fb460edb66b53687f7f68941edc9f25c7742fe3c  2cc3632d39484c959855b8a27dded12a44765d7723ccf150e9f8b70015f1aa2e  DA[28]  a44782a65972246a5977e992bc66365690a21ec9ef1b8afee7ef927371d7f533  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[29]  a44782a65972246a5977e992bc66365690a21ec9ef1b8afee7ef927371d7f533  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[30]  a44782a65972246a5977e992bc66365690a21ec9ef1b8afee7ef927371d7f533  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[31]  a44782a65972246a5977e992bc66365690a21ec9ef1b8afee7ef927371d7f533  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[32]  270a528b310cdc82e4246259967fe9e38bcab8be84b272a1991258c6accb55b5  b8872d5f3ed3f737c4f055e4e54b2107ad87e39960853835208198c75902cee8  ",
12/5/2009 4:11 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23168  Local or Remote Attacker: 2  Remote Port: 80  Local Port: 49951  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/s2e281109481.exe  Date Detected: Sun, 06 Dec 2009 00:11:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310AC2401404D05913B53008E23D56FF22BA2943B2100B0D6E92264DAA3D818DA547F0665EC98D8537B09B07C36760E05FABB248E740092001948A378B99EE2CE63900EF656C2AC322F635B6F0EED6BBB61B6B5754CE8F75D376B96823461B73D472B250C977BCC1EA37EEFD797737C158917D7EB0A2C3235C86D7F41429888888888888888888E80F3ED0F11544  Sub-signature ID: 67535  Remote Address: 91.212.226.178    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sun, 06 Dec 2009 21:27:07 GMT  Product:Norton AntiVirus 16.7.2.11",
12/5/2009 4:11 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,"Monday, December 07, 2009 2:19 AM",Norton AntiVirus,IPS Detection Statistical Submission,"Signature ID: 23318  Local or Remote Attacker: 1  Remote Port: 49951  Local Port: 80  Protocol: 6  Signature Set Version: 20091111.001  Application Name: \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE  Offending URL: 91.212.226.178/s2e281109481.exe  Date Detected: Sun, 06 Dec 2009 00:11:06 GMT  Application File Checksum: 3794B461C45882E06856F282EEF025AF  Application File Information: 6.0.6001.18000  Network Data: 434D50520014000078DAEDCD310AC2401404D059136D0C820A1E63753FA29B32240BB130E22669B448B527B0F1181EC7E3B9B1F00676F360F80C0CFCA62A8B740A94001240A978B398F14E623677E0BD8A4D6598C5BEC01ADE5D7BD77643ED8ACAF9A1BEB45D6EB418D122076D8E162AF98E9798FFC6BD3F6D1F12C41AB3CBF7D6E8F00CE7DB6B7C8A14444444444444444444F4071FBB2E14CF  Sub-signature ID: 70328  Remote Address: 91.212.226.178    OS-Country:1  OS-Language:English  Processor:x86 Family 6 Model 15 Stepping 11  System:Windows Vista build 6002 Service Pack 2  Platform-GUID:{EA760AF4-AA57-4F5C-BCF6-8D3068826A89}  DateSubmitted:Sun, 06 Dec 2009 21:27:09 GMT  Product:Norton AntiVirus 16.7.2.11",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[2]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[3]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[4]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[5]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[6]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[7]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[8]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[9]  3b050b16a1ade3ff93e0882012a2a9171010f52bc2ccfc1e254f8cd5df5122f2  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[10]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[11]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[12]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[13]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[14]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[15]  0a3e3283427aba243629e3a19266be98fcae452a640e849a978633c47b890e03  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[16]  86bade2d5f6ba3dd010967f6e1c74731c017ee822e56b9304e0573c966ae6956  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[17]  86bade2d5f6ba3dd010967f6e1c74731c017ee822e56b9304e0573c966ae6956  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[18]  86bade2d5f6ba3dd010967f6e1c74731c017ee822e56b9304e0573c966ae6956  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[19]  86bade2d5f6ba3dd010967f6e1c74731c017ee822e56b9304e0573c966ae6956  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[20]  4b03555714824fe6c247fa9df910671d7f1ba18c13dd82e5e7147f7aab2bf6b1  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[21]  4b03555714824fe6c247fa9df910671d7f1ba18c13dd82e5e7147f7aab2bf6b1  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[22]  4b03555714824fe6c247fa9df910671d7f1ba18c13dd82e5e7147f7aab2bf6b1  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[23]  4b03555714824fe6c247fa9df910671d7f1ba18c13dd82e5e7147f7aab2bf6b1  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[24]  4b03555714824fe6c247fa9df910671d7f1ba18c13dd82e5e7147f7aab2bf6b1  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[25]  72336a7dc97e407381262a98311601515ae39d8003eef6e136114836b382485f  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[26]  5b9779b163302f80a256aacbbe2e22b827eddec491f109c439184cbd5b343151  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[27]  5b9779b163302f80a256aacbbe2e22b827eddec491f109c439184cbd5b343151  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[28]  5b9779b163302f80a256aacbbe2e22b827eddec491f109c439184cbd5b343151  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[29]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[30]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[31]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[32]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  ",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:30  DA[1]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[2]  7455f1f3af12203840f8e34020d86759e5c2e37ba3dbd733427d9b5d0d01ad48  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[3]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[4]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[5]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[6]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[7]  6a97562e998a2b90649ff7986313ad33823053ff98bbe163ad39aaa5e01fc545  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[8]  a151929ff68f3d51ede9599c0746bc3400f66f41639efe4c536fe055f94da041  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[9]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[10]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[11]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[12]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[13]  c5204da8487d4872a479c81149cad928a9dd85500fdb9ad5b94ac4bb241f68f2  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[14]  6321143932da5c9dfba257c590d2975c9514b1494b0e4abf45951ce8eb58188f  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[15]  6321143932da5c9dfba257c590d2975c9514b1494b0e4abf45951ce8eb58188f  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[16]  6321143932da5c9dfba257c590d2975c9514b1494b0e4abf45951ce8eb58188f  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[17]  6321143932da5c9dfba257c590d2975c9514b1494b0e4abf45951ce8eb58188f  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[18]  6321143932da5c9dfba257c590d2975c9514b1494b0e4abf45951ce8eb58188f  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[19]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[20]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[21]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[22]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[23]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[24]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[25]  e73f6dcb6e4161bf7666fd5e88cdbb38f3b4630fd47fa0ef5ab139cc27bb5578  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[26]  b76701bca2f5e72d3218b30d5a0d025853311cee586b684e1950a3af634f0eaa  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[27]  b76701bca2f5e72d3218b30d5a0d025853311cee586b684e1950a3af634f0eaa  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[28]  b76701bca2f5e72d3218b30d5a0d025853311cee586b684e1950a3af634f0eaa  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[29]  b76701bca2f5e72d3218b30d5a0d025853311cee586b684e1950a3af634f0eaa  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[30]  b76701bca2f5e72d3218b30d5a0d025853311cee586b684e1950a3af634f0eaa  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  ",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  8aed6773ae1c8b65b4cad6229bd05e224d348cf2a9d9f7d50f2513a9b1e14f66  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[2]  8aed6773ae1c8b65b4cad6229bd05e224d348cf2a9d9f7d50f2513a9b1e14f66  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[3]  8aed6773ae1c8b65b4cad6229bd05e224d348cf2a9d9f7d50f2513a9b1e14f66  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[4]  8aed6773ae1c8b65b4cad6229bd05e224d348cf2a9d9f7d50f2513a9b1e14f66  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[5]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[6]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[7]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[8]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[9]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[10]  8748091bf27f05d28d45688e04dd9229a4b2e159209a64f457703f66a8cece4d  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[11]  b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[12]  b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[13]  b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[14]  b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[15]  b3c045afacc8a8f5dc289ade9acfb2fe7f9ca24a900bbaed47e2a63837208cb3  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[16]  a6206d6d5d21847dff3215289ee3798ea1aa12d7e3f4828bf5e1544e0822f561  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[17]  a6206d6d5d21847dff3215289ee3798ea1aa12d7e3f4828bf5e1544e0822f561  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[18]  a6206d6d5d21847dff3215289ee3798ea1aa12d7e3f4828bf5e1544e0822f561  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[19]  a6206d6d5d21847dff3215289ee3798ea1aa12d7e3f4828bf5e1544e0822f561  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[20]  0b8e91aff04bc9b06006c6e7ff60eb8b6b098b2dbb01d43f05a0e986293abaec  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[21]  0b8e91aff04bc9b06006c6e7ff60eb8b6b098b2dbb01d43f05a0e986293abaec  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[22]  0b8e91aff04bc9b06006c6e7ff60eb8b6b098b2dbb01d43f05a0e986293abaec  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[23]  0b8e91aff04bc9b06006c6e7ff60eb8b6b098b2dbb01d43f05a0e986293abaec  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[24]  0b8e91aff04bc9b06006c6e7ff60eb8b6b098b2dbb01d43f05a0e986293abaec  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[25]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[26]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[27]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[28]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[29]  8f73c7c7187200de55a99f1dfc6a4590595f4f94569933db37a8f1f7824387ab  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[30]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[31]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[32]  f4961b22c93e472c8c862421aa231cdda9e40d3958741a1d666357f22cc3143d  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  ",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[2]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[3]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[4]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[5]  ee6e5eae00f577d7c3ffb8c0d8ee484552a337ceaa27fcb107174a9879fe7362  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[6]  ee6e5eae00f577d7c3ffb8c0d8ee484552a337ceaa27fcb107174a9879fe7362  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[7]  5f7bc92c76f84481855b754172514c2bdf3dac6825593b414c014c584214e47a  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[8]  f5290358a22f94a06f43b174d6fbab0d574a8cd2f4994ae8300cdb7c1aa64c9e  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[9]  f5290358a22f94a06f43b174d6fbab0d574a8cd2f4994ae8300cdb7c1aa64c9e  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[10]  f5290358a22f94a06f43b174d6fbab0d574a8cd2f4994ae8300cdb7c1aa64c9e  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[11]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[12]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[13]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[14]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[15]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[16]  a0bbcf1f5c74b01efc9453ccfc5cc161b35c4ba2e14c5a7bffb108be8c2caa09  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[17]  0d898d89681bfc0a9dc4ce7d486c6fb35106e436e39a33077d9a26dece9033b7  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[18]  0d898d89681bfc0a9dc4ce7d486c6fb35106e436e39a33077d9a26dece9033b7  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[19]  0d898d89681bfc0a9dc4ce7d486c6fb35106e436e39a33077d9a26dece9033b7  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[20]  0d898d89681bfc0a9dc4ce7d486c6fb35106e436e39a33077d9a26dece9033b7  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[21]  8e42133ed5ee5eec414a8b11c1035385c6141e445ea9677f947d20768f25a877  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[22]  8e42133ed5ee5eec414a8b11c1035385c6141e445ea9677f947d20768f25a877  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[23]  8e42133ed5ee5eec414a8b11c1035385c6141e445ea9677f947d20768f25a877  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[24]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[25]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[26]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[27]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[28]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[29]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[30]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[31]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[32]  7ba75a26da67fd10bb3e0a2404a7319f8d8938b0330ba0978a9e21ebc8cd9ba4  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  ",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[2]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[3]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[4]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[5]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[6]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[7]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[8]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  674aaf66596d4f3564a82184ad98195ae4edd2c05b2e575c3b1bc679419653ff  DA[9]  9a02771da9c226552a1766c2dd0295eca8b5b80aae13076ffce6a806fa5c21b8  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[10]  7622781b985b81076fe5695f61e379acdfe1ff7762502cccafa60c2b61118529  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[11]  7622781b985b81076fe5695f61e379acdfe1ff7762502cccafa60c2b61118529  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[12]  7622781b985b81076fe5695f61e379acdfe1ff7762502cccafa60c2b61118529  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[13]  7622781b985b81076fe5695f61e379acdfe1ff7762502cccafa60c2b61118529  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[14]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[15]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[16]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[17]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[18]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  9ea6ae71ddb69f06168952f8cc34e22dd9b92dcaa916a4c8701ee3410059fa7d  DA[19]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[20]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[21]  0530b49018b59d4dcd3ecbc19e95b81438208af34bc876bd07129a79896b4d7e  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[22]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[23]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[24]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[25]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[26]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[27]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[28]  2cc9f1c9d9e33f8a0da72490d74bed9e746fb142edf78de2f2a33a34b76d9868  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[29]  0f4f06defca6886d4d3bda5f6fda467c8f966e511fa757a83bfc5b33d8d33eaa  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[30]  0f4f06defca6886d4d3bda5f6fda467c8f966e511fa757a83bfc5b33d8d33eaa  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[31]  0f4f06defca6886d4d3bda5f6fda467c8f966e511fa757a83bfc5b33d8d33eaa  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[32]  0f4f06defca6886d4d3bda5f6fda467c8f966e511fa757a83bfc5b33d8d33eaa  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  ",
12/5/2009 2:49 PM,Info,Norton Community Watch Feedback,Submitted,No Action Required,"Sunday, December 06, 2009 1:27 PM",Norton AntiVirus,Norton Community Watch Feedback,"Machine ID:ea760af4-aa57-4f5c-bcf68d3068826a89  File Vote Count:0  Threat Count:0  DLL Association Count:32  DA[1]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  7919021b1ff4620f20f45524c6d94d7d7f706f30502329bb95bf5927863cdc35  DA[2]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  6681cddb3de0986c6551bb392ef678e555d5f2228a691b6c4a9e92985f1e7deb  DA[3]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  96ba96aa2b3ac055fb473f81a67a534735b498d6e36dce813efbdcd1ca817ac4  DA[4]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  68fa4e365b48d852d2159cf172388f78c818bc5a9f81c03e3e2767c489018946  DA[5]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  a929c240994c34fbfa3e1096f1e38891f08a1a45c6d8befeb96b950c9d520cd4  DA[6]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  64da78bc39dfeccb74584bb795155ef13be8a0f35c245fa967f38ac633fdd195  DA[7]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  63bc9fb8d14200821eb18af0762f47b9bc1576145977cdb45b228427fe3e574d  DA[8]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  bc59a39d28d9d42982f4457edebe3eb6eaa83887d692ef082d981ab8a618c048  DA[9]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  7effa9d4561674633b2ffb35f629947b061afe5da756da6d02e0584fce221445  DA[10]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  47531c889e61df42a79c5f8283d3db73d9dd63d1747709b3538beb10b2047ce8  DA[11]  3171d05e6ea69213e22a52b2d85be7b0feed74b2a7270418c7a197f6002b232f  3697d031632c47fc5aab4208c05a7c4098df390103cfde99a512f685ad057f40  DA[12]  12b80f326b0408c883cab63cb11eeee1f89f2a919e54d408c56ffd628dfcfa47  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[13]  12b80f326b0408c883cab63cb11eeee1f89f2a919e54d408c56ffd628dfcfa47  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[14]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  fc5a45f208072249caa1ca9a602febad24a87166628275ac15fe37b7eef00a40  DA[15]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  9055b7e8ceb09ecfd77202ed3ce00cdb0296f858aecb1cd5b598e05b14a85c43  DA[16]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  8cd688d185f7731bb04e512a5aaaa36d097ba08d198f2685cea3f5f1380c52f6  DA[17]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  bb0d895b481efa6ed024c979238f5f482df0a53912575a47eb4e9c643919112a  DA[18]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[19]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  2006d0418848eaa2361c26d18246d0baa646b6f25f2c0035bdc82967e9bd73f1  DA[20]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[21]  3f78b76bec50b333ed9a4c0064ebcb573fff885813a212407e32126f2167b5de  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[22]  5d3bd4122e216e44edda6996144f1fb9f2a91d26bcaace3638c8be3a48071eeb  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[23]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[24]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  82e53e84ab4c4138ea4cf9b1a99365e9bf68749b0118b173fef8aa7d77732cdb  DA[25]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  7e9d96f64b19097f8346251fc4085b36a5a8730b7549d48fe473904462c095cf  DA[26]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  bf4b7196d8f0d474a1dc059dd66f6c0fa49d389c16b0579e758442f1f55120cf  DA[27]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  DA[28]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  e8b517fc36f25c4ae07021473b0bcdcddd4b6e3fe004e6b0ad449c030267674c  DA[29]  38b9344c0fd56afcd7974c7b9608b74cd676d97c7f8c9b6ecaed7d5eb0d45810  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[30]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  a797091f2b7b5ba060f977d2382b967492ab0067ff303cda88ccb4fe94708e84  DA[31]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  95a6c555a8bd9725cd85be53e081c023270fbb1317515432d5c81993e35f0bce  DA[32]  d84afee1dba144c4d7cbee3f7f903f93eb4c2e16ab7aaf32d0192343c572e2b9  03c237ff155d678c09fc4210f77e782cceea17fc6f37609cc81d0642a864f4de  ",