I am using Total Protection with winXP SP3 computer, firewall rules are pretty strict. I am connecting like this ISP->router->few computers(2 with Total Protection on default or even stricter settings). Yesterday Firewall blocked like 450 incoming connections and then after some time it finally crashed my pc with blue screen. Before it crashed I found that I am shut off internet(ping command sending back error message), and my ipconfig /all returns strange readings - teredo tunnel(which I have never used before and never had that output from ipconfig before neither). I had some apps running, but those apps are of the kind I trust personally, and Ive been running them before without any problem. In fact other computers protected by same Total Protection started to use Teredo for that session. Now I have no idea how Teredo Tunneling turned itself on by itself(there were some online apps running in backgroudn but that never happend before with them, as Ive been using them for ages and none used teredo). After short time I couldnt even launch command line because it returned error 0xc0000142.
Another thing comes from Event Viewer, source is mfehidk:
Process **\SVCHOST.EXE pid (1636) could not be successfully validated with the mfevtp service and would have been blocked from performing a privileged operation with a McAfee driver if enforcement was enabled.
Other logs around the one above are suspicious, from Service Control Manager:
The McAfee Validation Trust Protection Service service entered the stopped state.
After restart everything went back to normal and I dont have that svchost with that PID running anymore.
I have attached crash dump and event log, and both are linking to mfehidk. Event log should be read from 3/14/2013 6:05:43 AM
Now as McAfee has been working flawlessly on my computer for ages, I am wondering if it was targeted attack not only on my computer but also on whole network. I can provide more details if requested.