BleepingComputer.com: Unloicited Connection to Ports

I have recently had my computer hacked into and since have bought a router and set it up between my dsl modem and computer. I have also bought and downloaded McAfee Security and a anit-spyware. I think the hacker is being kept out now. On my security log I keep getting this message that a computer at home.domain.actdsltmp has attempted an unsolicited connection to different ports. There is an IP associated with this. Is this someon trying to hack in or is it some website I am going to.
I am suspicious that someone is still trying to access my computer. The person doing this is known to me but I don't know how to stop it.

Does the IP associated with home.domain.actdsltmp happen to be close to 192.168.0.? I have left off the last portion as it varies.

Yes that is the IP. The port number is different for each attempt though.

That IP is your computer behind the router. Whats happening is application/s on your computer are attempting to access the web. Such as MS updates, AV updates and web browsing.

Use the following port list to see if the right applications are accessing their assigned ports. http://www.iana.org/assignments/port-numbers

Ok so I checked that and understood some of it. I then looked up port knocking and found this. # Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap
I am posting some of my inbound events log. Attempted unsolicited connection to UDP port 56192 or port 57419, 64935 etc... all high numbers except the ones that say commonly used by icslap etc.

Also there is one log that says. A computer at 192.168.1.1 has pinged your computer. The source IP is "non-routable" IP

Thanks for the help

I would scan your computer with Malwarebytes and SuperAntiSpyware to see if you have any trojans on your system

I scanned my computer with Superantispyware and my McaFee antivirus and found nothing but add cookies. This morning a window popped up that says "Generic Host Process for Win32 Services" It is an error report stating it has encountered a program and needs to close and says the following files will be included in this error report.
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\WER201a.dir00\svchost.exe.mdmp
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\WER201a.dir00\appcompat.txt


So I went to that directory to see what it is and couldn't find anything even when I made so I could see hidden files. Also when I try to open Owner Folder I get this message. " Owner is not accessible. Access is denied"

Am I just being paranoid or is could there be something on my computer I can't find? How much does a router, antivirus and firewall provide? As I am pretty sure who is cracking my email account and hacked my computer and they have left some traces my brother called them kiddie scripters. Not sure what that means. I do have some ips and email addresses but don't know if I can use that info to prove anything.

Well my computer shut itself down with an error that there was a missing sys32 file and wouldn't restart and the only thing I could do was a recovery. Luckily I had already moved all my files to an external hard drive when I was hacked the first time so didn't lose much but still very annoying. Can anyone tell me what could have caused this to happen?

I have mcafee antivirus, malwarebytes and superantispyware on my computer. In the mcafee log this morning there was this UDP port scan entry. It says my computer at 192.168.0.1 home.domain.actdsltmp has attempted to scan your system by sending a large amount of various udp packets. The source IP is a non-routable IP.

Does this mean I have a virus or something on my computer that is not being detected? Also when that happened I had 7 pages of logs on mcafee and now I have 17 and it is all attempted access by 192.168.0.1 to different ports and all the ports are high numers such as 51460, 64010 etc...

I am also having trouble connecting to websites.

What do I do about this? Please help if you can.

Thanks

what do you use for your DNS servers? The router or a service such as OpenDNS. the reason I ask is that a delayed response from a DNS server might be seen by a firewall as a port attack.

In the old days the communication was by UDP over local port 53 and remote (DNS server) port 53. That has changed. Currently remote is always 53, but random local high port numbers are where the replies come to into your box.

So you need to provide the complete information of source IP, source port, remote IP and remote port and UDP or TCP protocol and direction and what application is involved. Perhaps then people can stop guessing.

I don't know whether if the router is a DNS server the high ports are involved, but suspect they are, because it was a change Microsoft made to our systems.

Take a look at your ipconfig - Start, Run, type cmd, the type ipconfig /all and check what your DNS servers are. While you're there, confirm that your computer really is 192.168.0.1 since it sounds to me more like a typical router address and likely your PC is 192.168.0.2 or .100 or some other number. Then again the modem might be in the picture. I hope the modem's address and router's are different and that you don't have two DHCP servers conflicting.