Virus keeps trying to intrude my computer. Help?

[Boogie]

When this virus tries to intrude and Norton blocks it, I lose internet connection, and I have DSL; it's weird. It intrudes randomly throughout the day.

 

 

 

Here's what Norton AntiVirus says:

 

 

 

Intrusion: Portscan.

 

Intruder: 192.168.0.1(domain(53))

 

Risk Level: Medium.

 

Protocol: UDP.

 

Attacked IP: BOOGIE(69.228.101.102). - different numbers after each intrusion and sometimes something other than BOOGIE.

 

Attacked Port: 4995. - different after each intrusion

 

 

 

The ones I didn't type, "different after each intrusion" by, stay the same.

 

 

 

I need to make this stop because I lose connection to my internet after it intrudes and it is blocked. PLEASE help. Thank you.

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 3:42:31 PM, on 3/18/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File]

 

C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]

 

C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]

 

C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File]

 

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]

 

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]

 

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon[Caution: Executable File]

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]

 

C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

C:\Program Files\Common Files\AOL\1138145585\ee\AOLSoftware[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]

 

C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]

 

C:\Program Files\Google\Google Talk\googletalk[Caution: Executable File]

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File]

 

C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: Executable File]

 

c:\program files\common files\aol\1138145585\ee\aim6[Caution: Executable File]

 

c:\progra~1\intern~1\iexplore[Caution: Executable File]

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File]

 

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis[Caution: Executable File]

 

C:\Program Files\WinZip\WZQKPICK[Caution: Executable File]

 

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File]

 

C:\Program Files\SpywareGuard\sgmain[Caution: Executable File]

 

C:\Program Files\SpywareGuard\sgbhp[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\WINDOWS\system32\msiexec[Caution: Executable File]

 

C:\WINDOWS\system32\wuauclt[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\mIRC\mirc[Caution: Executable File]

 

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

 

C:\Documents and Settings\Ronald\My Documents\Hijackthis\HijackThis[Caution: Executable File]

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

 

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

 

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM[Caution: Executable File]

 

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher[Caution: Executable File]"

 

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r

 

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl[Caution: Executable File]

 

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: Executable File]

 

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr[Caution: Executable File]"

 

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot

 

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: Executable File] -startup

 

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched[Caution: Executable File]

 

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]"

 

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare[Caution: Executable File]" /pause

 

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138145585\ee\AOLSoftware[Caution: Executable File]

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot[Caution: Executable File]

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]"

 

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer

 

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt[Caution: Executable File]" /startup

 

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus[Caution: Executable File]" /WinStart

 

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk[Caution: Executable File]" /autostart

 

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager[Caution: Executable File] -quiet

 

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch[Caution: Executable File]" /d locale=en-US ee://aol/imApp

 

O4 - HKCU\..\Run: [Global bash] C:\DOCUME~1\Ronald\APPLIC~1\HOLELI~1\MultiThunkMeta[Caution: Executable File]

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: Executable File]" /background

 

O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent[Caution: Executable File]

 

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain[Caution: Executable File]

 

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: Executable File]

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: Executable File]

 

O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis[Caution: Executable File]

 

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate[Caution: Executable File]

 

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK[Caution: Executable File]

 

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

 

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

 

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

 

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget[Caution: Executable File]

 

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ronald\Start Menu\Programs\IMVU\Run IMVU.lnk

 

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager[Caution: Executable File]

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab

 

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag[Caution: Executable File]

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File]

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File]

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File]

 

O23 - Service: DLBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTserv[Caution: Executable File]

 

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File]

 

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc[Caution: Executable File]

 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: Executable File]

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File]

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: Executable File]

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File]

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File]

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: Executable File]

 

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: Executable File]

[Albosky]

You have a problem between yourtself and your router , the intruder is an internal IP

 

 

 

and the 69.228 - is your IP :P

[Boogie]

You have a problem between yourtself and your router , the intruder is an internal IP

 

 

 

and the 69.228 - is your IP :P

 

But I don't use a router...?

[battletrax]

what do you use to connect to the internet?

 

The 192.168 range is all local so it's probably just some random network activity that norton is flagging.

[Boogie]

what do you use to connect to the internet?

 

The 192.168 range is all local so it's probably just some random network activity that norton is flagging.

 

 

 

I use a modem. You may be right. What should I do?