why are you asking me to do it. Is it someone trying to hack in to my computer?
I will relate my experience on this. You can make your own choice.
I used the paid ZoneAlarm firewall for years. I had it logging and I frequently checked the logs. I made myself a bit crazy asking myself the same question: "Is someone trying to hack into my computer"? The answer was Yes, but I took it personally- it was MY computer! Finally, after enough time had passed and enough advice had been given that I finally accepted the fact and understood:
Thousands of scans are part of internet traffic every day. The senders are looking for an unprotected system. Those are the systems that DON'T have the firewall blocking those ports or users who don't understand how a firewall works and when being given an alert, allow access instead of blocking it.
When you see the firewall blocking an attempt to access, it is doing exactly what it is suppose yo do. There are unique circumstances where a particular port access has to be allowed for some reason, but that is something an individual user must deal with. My experience with firewall shows they come preconfigured to block the ports they should and when uncertain, will give an alert and ask the user whether to block or allow.
Eventually I got a router to take advantage of the hardware firewalls. I ran ZoneAlarm along with it for several months. I did not get a single hit- my system was 'invisible' on the internet. Eventually, I uninstalled ZoneAlarm and have remained safe.
The DCOM Exploit attack is infected systems trying to spread to infection to your system. If your firewall let these things through it is not setup correctly. Conversely, if the firewall stops them, it's doing it's job. You can explore both the DCOM Exploit attack and the LSASS Exploit (SXP) attack here:
http://www.bleepingcomputer.com/forums/topic59382.html
Or by searching Google for each. If you want to identify the IP, use this:
http://www.arin.net/whois/
IP 85.20.242.17 is an address on the RIPE Network
To further identify use this: RIPE Network Coordination Centre:
http://www.db.ripe.net/whois
IP 85.20.242.17 is registered to IT-ALBACOM (IT being the country code for Italy)
You can find information about Port 135 here:
http://isc.sans.org/port.html?port=135
Your original post about a Comodo finding for IP 66.99.18.9 is for the Illinois Century Network
svchost.exe 66.99.18.9 - TCP
msrpc (135)
Svchost.exe could not be recognised and is about to receive a connection from another computer.
The best all round information for understanding firewalls is: "Firewall Forensics- What am I seeing?" Robert Graham originally assembled the information and it is referred to frequently. Here is a copy:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
Understanding what a firewall does, what the ports do, the different types of ports and much more is essential in trying to understand information you are being given. Only then can you make an assessment of "what am I seeing"?!