Our systems have been compromised by something recently which has lead us to carry out a more detailed look at what is happening on our workstations.

I have noticed an issue where the Security log of this Windows 7 workstation is continually logging a security "Audit Failure" where the detail is that "The Windows Filtering Platform has blocked a connection".

This is happening thousands of times a day and would appear to be our BT Business Broadband HGV 2700 ADSL router attempting to connect to Port 137 (NET Bios) on my workstation and being blocked.

This has unfortunately had the effect of filling up the log files so much that anything which might have been of use which was logged over the weekend to help debug the intrusion has been "overwritten off the end" of the Security log. (I've since increased the log file size limits massively and turned on archiving).

Does anyone know if this is standard behaviour of a BT ADSL router or whether this indicates that the router is compromised in some way or malfunctioning, or have any further suggestions as to how to diagnose this problem?