The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows 7

HELP...with networking problem

(46 posts)
  • Started 4 years ago by MrsPeachy
  • Latest reply from ispalten
  • Topic Viewed 2151 times

MrsPeachy
Posts: 14

Please bear with me Im 62 and trying to learn.... and this is a very complicated problem with lots I wont go into.

I do not share with anyone anything on my pc. My computer was accessed and I was put on a workgroup networking (?) I find many IP numbers under netstat. My photos are copied. I am not administrator of my pc most of the time and never get permission to be so. I found where I am *supposidly* the owner of this workgroup but have no idea how to access it and really dont want to. I have programs added and deleted without my approval. My email passwords are used and my emails are accessed.

I use Kaspersky Pure 2.0, but I found out most of the time its not working, my settings are changed or its been turned off. I have paid out many $$$$$ to get 3 pc's fixed but as soon as I plug them in at home, within 30 min. *they* are back. We even changed servers from land line ISP, static, to a satellite dish, dynamic. And somehow I was followed over.

Can anyone help an *old* lady out and tell me what I can do to get rid of *these people*? Please dont say call law enforcement as we did and they got the FBI in who didnt check my pc and told me I had a virus *FBI will not help you unless you lose $1million or more*. We got the G.B.I. in, they wouldnt look at my pc and told me I have a virus. The first ISP refused to help me *again a long story* and my new ISP told me they only provide internet service.

I am going bonkers here trying to get all of this fixed but do not know how. Can anyone help me out and tell me how to get out of this mess??

Posted 4 years ago
Top
 
nosparks
Posts: 148

Do you have a router between your ISP modem and your computer?

Posted 4 years ago
Top
 
gedstar
Posts: 521

Hi

Are you sharing your broadband with other users? Who put your into the Workgroup? If there's an issue with Kaspersky you may need to re-install, but before you do that I would make sure that you are removed from the Workgroup
You'll need to install SuperAntispyware from here http://www.superantispyware.com/index.html
and MalwareBytes Antimaleware from here http://www.malwarebytes.org/

Both have free editions

What Operating System are you using?
When did you notice this first, you could try doing a System Restore, people will help you here if you need further help

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

First off, thank you all for your quick responses. You have NO idea how much I appreciate this. :)

Yes we have a new router. And it is password protected.

We have 2 pcs sometimes 3 on our router, but they are all ours and no one has access to them.

We have used superantispyware, malwarebyes antimalware, spybot search and distroy, C Cleaner.

Operating System is Windows 7 Home Premium 64 bits.

Its a 4 yr long story of how this happened, but basically a IT tech was paid to access my pc. I was in the middle of a law suit which I lost because of circumstances I rather not go into here. When I was informed my PC had been accessed I checked and over 2 1/2 yrs of correspondance between my lawyer,myself and my lawyer and huband were gone.

This is when I found out my pc had been broken into. I have taken every legal way to get this taken care of with no results. We have paid, Norton, HP., Microsoft, two independants in our home and just 2 weeks ago all 3 pcs to a shop in town. As soon as we go back online within 30 mins. sometimes less I am back on this workgroup.

We have also ran Recovery with the factory disk numbers of times again with no results. We are at a loss as to what to do and since no one seems to be able to help us, I started looking for help in forums and that is how I found this site.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

More info please... especially about the router if there is one. Is it password protected for the radio signal (WEP, WPA, WPA2). If not anyone in range can connect.

Next is what are you sharing? Anyone connected would have possible access to shares.

Windows will put you into a HOMEGROUP automatically. If you moved from Vista or XP, Workgroup is possible.

" I find many IP numbers under netstat. " <-- Quite NORMAL... but if you want, copy and paste them into a message here and we can tell. Run NETSTAT -b and you tell what program is doing what :

==================
C:\Windows\system32>netstat -b

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1028 b:5354 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:1039 b:5354 ESTABLISHED
[AirVideoServer.exe]
TCP 127.0.0.1:1040 b:1041 ESTABLISHED
[pbeagent.exe]
TCP 127.0.0.1:1041 b:1040 ESTABLISHED
[pbeagent.exe]
TCP 127.0.0.1:1059 b:37218 ESTABLISHED
[airplayit.exe]
TCP 127.0.0.1:1061 b:27015 ESTABLISHED
[iTunesHelper.exe]
TCP 127.0.0.1:5354 b:1028 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:5354 b:1039 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:5354 b:8343 ESTABLISHED
[mDNSResponder.exe]
TCP 127.0.0.1:7707 b:7708 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:7708 b:7707 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:8343 b:5354 ESTABLISHED
[AirPS.exe]
TCP 127.0.0.1:27015 b:1061 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP 127.0.0.1:37218 b:1059 ESTABLISHED
[AirPS.exe]
TCP 192.168.1.2:1037 Irv-XPS435:2161 ESTABLISHED
[PBESER~1.EXE]
TCP 192.168.1.2:1064 111.221.74.34:40045 ESTABLISHED
[Skype.exe]
TCP 192.168.1.2:1065 sn1msg1010807:https ESTABLISHED
[Skype.exe]
TCP 192.168.1.2:1066 193.120.199.14:12350 ESTABLISHED
[Skype.exe]
TCP 192.168.1.2:1091 bn1wns2011304:https ESTABLISHED
[SkyDrive.exe]
TCP 192.168.1.2:1114 163-204:https CLOSE_WAIT
[Skype.exe]
TCP 192.168.1.2:2161 Irv-XPS435:1037 ESTABLISHED
[pbeagent.exe]
TCP 192.168.1.2:7786 prod-cid-ajax:https ESTABLISHED
[easy gadget.exe]

C:\Windows\system32>
=============

It seems you DO have a network, you mention 3 PC's, are they all connected together?

" My photos are copied." How do you know this?

" I have programs added and deleted without my approval." Well, deletions could be a virus, or some other problem, like icon disappearing from your desktop and then re-appearing? If it is a desktop icon, are the files STILL on the hard drive?

"My email passwords are used and my emails are accessed. ". again, how do you know? Are you getting e-mails back saying user didn't exist? This could be a virus or someone has harvested your e-mail address and used it. If nothing else change your e-mail password.

Irv S.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

"Yes we have a new router. And it is password protected.", all routers are P/W protected to get INTO them. The RADIO signal generally defaults to NONE for encryption. That is what is needed to stop access by unauthorized machines. The Router can also be set to ONLY allow specific computers/devices access and reject all others.

What is the MAKE and MODEL of the router?

Irv S.

Posted 4 years ago
Top
 
gedstar
Posts: 521

Have tried a re-install on the OS, as ispalten says you can lock down the router by MAC address, you'll need to get the MAC address from each PC and add them to the router and lock it down that way.
Also change the password for the router and make sure you enable Encrytion
Never and I mean let anybody remote into you PC.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Again thank you for your help...

Hopefully I can answer all the questions so you understand as I do not know the *language* for computers. Im still learning here..*Unfortunately the hard way, but learning*

No the computers are not connected. One isnt even in our PC room. I have a desktop HP,wired, my husband has a laptop HP. The 3rd machine is a Acer laptop, that is very seldom used and both wireless.

At first my photos were taken, I would d/l them to a file on my desktop in order to edit them. *Im a published photographer*. One day I was in my email writing a email about what was going on in my pc to a friend and I stopped typing to think how to put the next sentence when, all of a sudden my pc started working and the next line was typed into my email *and then what did you think?*. I about flipped out as I did not type this. I found out I could communicate with this person through drafts. My photos would disappear and I would type a draft asking for them back.....sometimes I got them back sometimes I didnt. They would just pop up on my screen. When we realized that someone was on my pc, we set it aside and purchased my new desktop. It has the sticky notes on it. I found I could type on those and whoever could see them. Example: I took some photos for a church raffle, I put them in a file on my desktop and they disappeared. I typed on a sticky note: *God is going to get you you just stole photos for a church raffle to help pay their taxes.*
Within 5 min. the file came back up on my laptop. This wasnt the first time that happened but it was the first time my husband got to see it. I finally wrote *I cant stop you from stealing them but could you just copy them and leave them ?* I found some at *Flicker* and some were posted on my facebook in albums I didnt put there. I know that all sounds crazy but that is how it happened.

I have had to change my password at Yahoo so many times until I have to call them now. Where you check to see if someone is using your account, I have found my IP number used on days I wasnt even home much less on my pc. I have found it also when I am online but havent checked my email till right then. I have changed passwords on everything in my pc so many times I am getting very creative in making new ones. AT one time I found a keylogger in my pc, and deleted it. I gather it came back but I cant find it. I have found in many of my managers where files are hidden, that is how I found the Keylogger. As I wrote above we have ran many scans with the programs I mentioned and they do show malware and that they got rid of them. But it continues to happen.

My husband set the router and said it was protected by passwords. He is looking at security type on the router. It has : WPA2-PSK

I go to turn off my pc sometimes and a script box comes up telling me if I turn my pc off, X amt of people will be at danger with their pc losing information if I turn mine off as they are accessing certain files... I called Microsoft and ask them if this was true and she said if I was on a network yes it was. I havent ever shared anything by choice on my pc not even with my husband. When I had norton, I was the only one using it. I had 3 downloads with 2 being used. Again I was the only one on it and when I called Norton and told them this, they said 2 pcs were using it and they deleted the second one many times only for it to come back. This was one of the reasons I changed to Kaspersky. *a purchased program*

My router is a: Linksys, N300 Wi-Fi. Model E1500-NP.

When I run netstat I type in cmd in start, black script box comes up and has C:\Users\Owner> with a blinking curser... I type in that netstat -an and it usually shows lots of IPs under foreign along with port numbers. I just tried the way I do it and all numbers are gone, just like when Microsoft checks it, when they can access my pc. *they arent always able to* I typed in the way you did it and again everything is empty.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Trust me I didnt let anyone remote into my pc, I have no idea how they got there. I dont share with anyone anything on my pc as its part of my job. My husband doesnt even have access to it unless I type in my password. We dont dwell into each others pc's at all. :)

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Again I am being stopped somehow from accessing this forum....I can click refresh and see new type but I cant get there. This isnt the first time this has happened... hopefully I wont get bumped until someone tells me how to get back here if I am locked out. I am not able to copy and paste now...there are numbers in my cmd but I cant post them here as I cant paste....

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Please dont give up on me as I am trying.... I am still not able to paste. Nor even attach a file.

Not knowing how to do that much on here I am still trying.

Posted 4 years ago
Top
 
nosparks
Posts: 148

Sounds a little far fetched, but....... you never know.

There's only 2 ways into your computer. From the outside, which the router will take care of, and from the inside which is some how caused by you and/or your operating system and software.

On the Operating System/Software side I'd download the appropriate DVD iso from here

http://www.askvg.com/direct-do.....nd-64-bit/

Throw away those recovery disks, nuke the hard drive and do a clean install of the operating system.

At least then you will know exactly what you've got and where you're starting from.

Posted 4 years ago
Top
 
gedstar
Posts: 521

Fully agree with nosparks "nuke the hard drive and do a clean install of the operating system"
Does sound a little far fetched!!!!!

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

I realize it sounds far fetched, but I promise I am telling the truth. I have had enough lies told to me these past 4 yrs to last a lifetime and I wouldnt do it to them or someone else.

OK, in the start of all of this the way I found out my pc had been accessed is my norton told me. I called my ISP tech support on a Sunday morning at 1:30am. Gave them the IP number that had accessed me and they told me who it was. It was the IT tech at my ISP....so they told me....I have no way to verify this except to say in plundering around in my pc I did find his reg. IP number. My lawyer contacted the ISP and ask to have a meeting with them about why their Tech was on my pc. They wrote me a letter saying since I was dissatisfied with my service they were going to disconnect it the following month. Where I live at the time they were the ONLY server avail. to us. My lawyer wrote them back a letter and let them know we were not dissatisfied we just wanted to know why their IT Tech was in my pc. He also informed them the police/FBI was on the case. Their lawyer wrote us a letter back stating they didnt know the police/FBI had been called in so instead of disconnecting my service they would leave it with one condition. They were not going to speak to us about my problem and if I called tech support for any other reason than I couldnt get online they would disconnect my service immediately.

Where I live its a private phone company, not part of BellSouth *at the time* nor part of AT&T. Years ago when the phone companies formed each county had their own, owned by a family in the community. When the big company started up they went to all the small companies and purchaed them. If the didnt want to sell, the didnt have to. I live in one of those counties.*the way I know this is my husband is retired from Bellsouth*. The private phone comp. They owned the only net service at the time other than Broadband which we could not get in the woods where we live. I live in what is called *good ole boy south Ga.* All parties know each other one way or the other... does this tell you anything?

I have been trying to get help ever since. I was told to get a new ISP...we tried to get Altel which has our cell service. Their equipment for internet doesnt work down here as the towers are too far away. Broadband went out of business a few days before plus they didnt serve our area. We finally got the service we now have and I thought as soon as we got set up with them all my problems would be solved. But, they have not. They have escalated. More and more of my pc is being taken over.

I did not nor do I want any workgroup on my pc. I work with my photos, and publish them and was working for a company on the net with my photos until their password was accessed. We gather from my machine. I do not play games but someone on my pc does...as I find the scores and I have deleted the games dozens of times only for them to come back. As far as me being able to copy and paste..there are times I can not for unknown reasons to me..such as when I tried to post the IPs I found in my netstat -an.

Because of my legal files being stolen from my pc,it stands to reason only one person would want them...the man I was sueing. I know this man well....more than I wish I did. I know him good enough hes more than likely told this person to drive me bonkers which is what he is doing. I am tired of being toyed with, shedding tears because my privacy has been invaded, my personal files broken into and most of all my photography being copied and put at other sites. If they are at the places I know about I can only guess how many are there I dont know about.

I really thought I would get some help from here and it seemed I was there for awhile, speaking rather typing words I can understand and directions I can follow. I am sure if it were your mom or grand mom in some cases you would want someone to help her out and help her understand what to do. I guess I was wrong.

Thank you to the ones that started helping me in a way we can understand and I guess you stopped because it all sounds so *far fetched*. I cant be the only one in the world with a similar situation even as far fetched as it might sound. I am finding out lots on the net and with pcs the way they are and can do things that are far fetched and hard to believe. All I can say is I am telling the truth on what has happened with our pcs. And I havent lied about any of it.

Im sorry now I tried to get help , I should of known it would turn out the way it has already up till now. No one is going to help us not even people that know the pc like the back of their hand......and the people doing this to us, just gets to laugh more at us for trying.

As far as nuking my pc as you put it. As I have stated we are both 62 and arent that knowledgeable on the computer...where doing all you suggested might sound easy to you, its like speaking Greek to us.

Posted 4 years ago
Top
 
warlock
Posts: 4100

http://law.ga.gov/consumer-information I suggest, if this is true as stated, to contact the Attorney General of your state here.
Edit: If your ISP is involved in this, which is what you are suggesting, nuking the computer and starting over won't help.

http://www.fcc.gov/complaints You can also try this.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

I must say your tale of woe and description of what happened on the e-mail is to say the least, 'unusual'?

Age is not a factor, I'm older than you are, but have a background in computers and OS's, it is experience that counts, not age. Anyone can learn if they want too.

I'd still like to see that NETSTAT output, what are the IP addresses that bother you?

You DO have a network, if one or more computers or devices attach to the router, and it has to have a NAME. This is a RED HERRING and forget about this. All you can do is either SHARE or NOT on the network.

Accessing you you said was a Tech from the ISP... which could be NORMAL if you had a problem and gave them permission to access your computer. However, if you are not computer literate, where and HOW did you find this info? I doubt tech's have individual IP Addresses that you'd be able to identify them? I really think you might be mistaken here? I suspect what you discovered was the DNS address of your ISP which you HAVE TO access to use the internet. Can you tell me/us how you came to this data and discovered it? I'd be really interested in know this and also check the same on my computer? Was it the LOG on the ROUTER maybe?

I'm sorry, but this really has me confused,

============
At first my photos were taken, I would d/l them to a file on my desktop in order to edit them. *Im a published photographer*. One day I was in my email writing a email about what was going on in my pc to a friend and I stopped typing to think how to put the next sentence when, all of a sudden my pc started working and the next line was typed into my email *and then what did you think?*. I about flipped out as I did not type this. I found out I could communicate with this person through drafts.
============

Assuming someone IS on your computer, I don't know any way both can be updating your screen without your knowledge they are on? Most require YOU to make a connection, like SKYPE (can't really share a desktop, but you can see the desktop) or TeamViewer where both can enter data. Still, it requires YOU to be running and app at a minimum. A simple look at what is running, using TASK MANAGER would show ACTIVE apps and tasks. I suggest you get some screen shots of this and post here as well. We should know what would be a suspicious app or task running.

Still, this mean the 'other person' has to be on when you are too. And also targeted you to put something on your computer.

Any and ALL info you can provide in terms of DATA, IP Addresses, task lists, what you have discovered in terms of programs and where found would sure help here.

Irv S.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Im sorry Im not believed on what I put here, but I dont know how to put it down any other way than the truth...which is what I have done here. I thought coming here I would get help from people that knew the pc well and maybe they could help me and I could learn at the same time. As I stated above we are trying to learn.....Once you stop learning that is the day you die. I never thought I would be ridiculed by what I wrote even if it did seem far fetched. All I am trying to do is get help as no one else seems to want to help including my own govenment officials. I have been and will continue to write the truth as truth is easier to remember than lies. Lies you have to keep up with truth you dont!

I find what I find in my pc by snooping. I look but do not exe. as I know things can happen I prob. wouldnt want to happen. Can someone tell me how to c/p a file that will let me copy it but not paste it???? As this is one of the major problems I am having. I tried to c/p task manager and could not paste it here. Today when I did the netstat I put it in my doc.file only to go there now and find a message come up telling me it had been moved or deleted. Did I want to delete the shortcut? I cant find it anywhere in my pc.

I do have Skype on my pc, I did not put it here. The way I found that out is to go to my programs installed. I found it there and other programs I did not put there. Such as under Hard dist drives there is OS(c:) , HP Recovery (D:) and also Microsoft office Click to run 2010 Protected Q:\ Location is not accessable. Under Other is: my Kaspersky symbol with Safe Run Shared Folder, System Folder. I did not put those there.

The ISP this started out on I no longer have. As stated above I was told to get a new server and my problems would be solved, but that is not the case..they seem to of gotten worse. When I called the new ISP and told them what was going on they told me they didnt take care of people accessing others pcs...they only provide means to get on the internet.
--------------------------------------------------------------------------------------------------------------
you wrote:
You DO have a network, if one or more computers or devices attach to the router, and it has to have a NAME. This is a RED HERRING and forget about this. All you can do is either SHARE or NOT on the network.
------------------------------------------------------------------------------------------------------------------
I dont want to share with others, hubby would be ok but no one else...how do I do that?? *since he just walked in the room...

Husbands ? is: Isnt my connection to the server a network, a LAN? Isnt that considered a network? And if this is the case how do you know what network to be on verses one you dont want to be on? And if your connected to a home router is that a type of network?
------------------------------------------------------------------------------------------------------------------

I will try my best to get all the info your asking for off my pc, as late as it is right now I might not get it all tonight but I will at some point tomorrow.. *friday is go to town buy grocery day...plus run errands/pay bills etc..town is approx. 40 miles one way from our home.*

I need help in telling me how to c/p if I am *stopped/cant c/p*. I tried to do this with task manager and it copied but I could not get it to paste..even when I put it in a file by itself and tried. The same goes with my netstat. Is there another way I can get around this to post them. I also found under my word pad where I put the files this one:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<asmv3:windowsSettings
xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>

<assemblyIdentity
type = "win32"
name = "PowerRecover"
version = "5.0.0.621" />

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false">
</requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>

<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="SBREngine.X"
version="1.0.0.0" />
</dependentAssembly>
</dependency>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.GdiPlus"
version="1.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="x86"
/>
</dependentAssembly>
</dependency>

I have no idea what it is, it wasnt there when I first put the netstat in my word pad earlier today. How or why I can c/p this I do not know. When I tried to c/p the netstat, a message box came up and told me my Windows Exployer had stopped working and the page would close out...which it did, and I lost everything I had typed and had to start over with this. Again I am able to copy the task manager but I cant paste it.

I just did another netstat -an and it is empty. The first time ever I have seen it empty.

You ask how I found out a IP tech *who by the way is manager of the IP dept. by the letter I received from their lawyer* is as I stated above. Again, I had Norton at the time and it alerted me someone was accessing my pc. I went to the history and found a IP number with accessing your computer by it. I called the tech support for my ISP, gave them the number and they told me who it was *name* and where they were located *my servers address*. When I told her that the address was my server and the persons name she gave me was the IT tech is when she handed me over to her supervisor who stated we needed to talk to the server on Monday morning. That is when I told her I would have my lawyer contact them. I wrote all of this in my last post above.

I will continue to try to c/p the information you ask for, as I do need and want the help in getting rid of these people I find. What can I do when a message comes up telling me I have to ask for the Administrators permission to look at files? I get that a lot...and cant do whatever it is I am trying to do at that moment. Also a lot of my programs I go to them and some of them are whited out and I cant access them or parts of them. What do I do when that happens? When I type in Microsoft help, it takes me to a place called Microsoft Tech Net for IP techs. When I come across some problems in my pc a message comes up telling me again to go to Microsoft Tech Net for IP techs. In the beginning of this a exe. script box came up with PasswordReader.exe in it and showed it was downloading. I did not do this and have no idea how or where it came from. Again I am sure this is *hard to believe* but it is what happened.

I do appreciate all the help your trying to give me and I will try my best to give you all the information I can get in order for you to help me.
------------------------------------------------------------------------------------------------------------------

ispalten you wrote: Age is not a factor, I'm older than you are, but have a background in computers and OS's, it is experience that counts, not age. Anyone can learn if they want too.

--------------------------------------------------------------------------------------------------------------------

Sir I do not have a background in computers and OS's, nor do I have the experience you have, I wish I did then I wouldnt have the problems I am having. I realize age is not what counts, I am, we both are, trying to learn, this is one of the reasons I came to this site, to get help and to learn at the same time. Please be patient with me as I am trying my best to do as you all ask.

Posted 4 years ago
Top
 
nosparks
Posts: 148

MrsPeachy, this question may seem irrelevant, but, do you ever completely shut your computer off? By this I mean click shutdown and then after it does shutdown kill the power to it by shutting off your power bar?

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

I have tried every way I know of to c/p the task manager and I can copy but not paste. So I guess I will try to type it out and get it all done before it gets much later, it is now 1:13am on friday morning where I am located.

First off at the bottom of Task Manager there is a place to click and it has on it: Show processes from all users. Before I clicked on it the program only showed around 18 with owner by them and two empty ones with no name or description but they are:
csrss.exe and winlogon.exe.

Under services its showing most stopped but since there is a lot of names there are some running and these with No Group name by them the rest shows running, or stopped under status and for group they have the names, AxInstSVGroup,bthsvcs, DcomLaunch, Local Servic *most have that* , local system, N/A, netsvcs, Network Serv..., regsvc, rpcss, RPCSS, secsvces, WbioSvcGroup, wcssvc, or WerSvcGroup

Under Processes I am typing the image name, user name and description of each. To save time since I am having to type them out I am not typing in CPU or Memory (P.....

AESTSR64.EXE, SYSTEM, Andrea filter
atiecbox.exe, System, AMD Extern....
atiesrxx.exe, System, AMD Extern...
avp.exe *32, System, Kaspersky
avp.exe *32, Owner, Kaspersky
beats64.exe, Owner, HP Beats
CCC.exe, Owner, Catalyst Co...
csrss.exe, System, Client Serv...
csrss.exe, System, Client Serv...
CVHSVC.EXE *32 System, Microsfot O.....
dwm.exe, owner, Desktop Wi...
E_IATIFFA.EXE Owher, Epson stat...
explorer.exe Owner, Windows E....
FlashUtil32_11_... Owner, Adobe Fl....
HPAuto.exe, System, HP usage I....
HPClientService, System, HP Client S
HPDrvMntSvc.exe. System,k HP Quick S...
HPSA_Service.exe, System, HPSupport......
hpsysdrv.exe*32, Owner, hpsysdrv
hpwuschd2.exe, Owner, Internet Ex....
iexplore.exe*32, Owner, Internet ex....
iexplore.exe*32, Owner, Internet ex...
ipoint.exe, owner, IPoint.exe
itype.exe, Owner, IType.exe
LMS.exe*32, System, Local Mana....
lsass.exe, System, Local Secur...
Ism.exe, System, Local Sessi...
MOM.Exe, Owner, Catalyst Co...
pdfsvc, System, Dispatcher
ProtectedObject, System, InfoWatch
RNowSvc.exe *32, System, Windows s....
SearchIndexer..., System, Microsoft...
services.exe System, Services an....
sftlist.exe*32, System, Microsoft A...
sftvsa.exe*32, System, Microsoft A...
smss.exe, System, Windows S...
spoolsv.exe, System, Spooler Su...
stacsv64.exe, System, IDT PC AUDIO
sttray64.exe, Owner, IDT PC AUDIO...
svchost.exe, System, Host Process...
svchost.exe, Local S... Host Process..
svchost.exe, System, Host Process...
svchost.exe.,... Networ... Host Proces....
svchost.exe..... System, Host Process...
svchost.exe.. Local S... Host Process...
svchost.exe Network... Host process...
svchost.exe Local S.. Host process...
svchost.exe Networ... Host process..
svchost.exe Local S.. HOst process...
System System, NT Kernel...
System Idle Pro... System., Percentage
taskhost.exe Owner Host Proces...
taskmgr.exe, Owner Windows T...
UNS.exe*32 System User Notific...
unsecapp.exe System Sink to rec...
wininit.exe System Windows S...
winlogon.exe System Windows L...
WUDFHost.exe Local S... Windows

Yeahhh Im finished typing that and is 2:18am and this Peach is going to bed.

I will try to put more here tomorrow when we get home and everything is put away.

Thank you again for trying to help me out and to help me learn about this darn machine and windows 7.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

nosparks, when we are finished using the computers, we turn them off, I have a power authority that turns every thing off also that I turn off, we unplug the router and unplug the modem for the satellite. We leave nothing on. Years ago we never turned them off and its during that time that all this started. Heck of a way to learn a lesson but we did!! :)

Posted 4 years ago
Top
 
ispalten
Posts: 6259

OK, first, Copy/Paste... In a COMMAND PROMPT you RIGHT MOUSE BUTTON on the WINDOW after you've run the command and it displays what you want to PASTE here... Top choice is MARK... you will SEE a block flashing at the TOP of the window. Now LEFT MOUSE BUTTON on the TOP LEFT of what you want to copy and CONTINUE to hold the mouse button down. DRAG it to the bottom right of what you want to copy. Release the mouse button and you see a marked area. INSIDE this area click the RIGHT MOUSE BUTTON. That puts ALL that data in the clipboard. Now in a REPLY here, position the cursor where you'll like to put the data and press the RIGHT MOUSE BUTTON again. You'll see PASTE in the list, select that and the contents of your CLIPBOARD will appear.

This is ONLY good for TEXT you can mark, not pictures or data in most applications, like Task Manager. For those you must take a SCREENSHOT and use a 3rd party to host the screen capture and then link it to here. Such as Photobucket or Imageshack. You'd use the SNIPPING TOOL in W7 to capture the screen, save it to disk, and then upload to one of them and link to here. Might be complicated at first, but it is probably the only way to do this. We'll try this later if need be.

From your Task Manager list I see NOTHING unusual. You have an HP computer, Epson Printer, ATI Video card, and are using Kaspersky (ProtectedObject is part of it), nothing odd or unusual there.

Still, how do you know someone was on? What data do you have and how did you get it?

I'll be back later with more questions. You've got some terms mixed up that is making it hard to understand. Server for one, do you mean ISP or a computer you connect too?

Irv S.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

I told you the terms I am not familar with yet... I mean ISP..not a computer I am connected to.

I just went to my HP support site and ran a scan from there. It informed me my pc was at high risk and to download and run a virus scan. I checked my Kaspersky and it showed it was off. When I tried to turn it on, a password protection came up. Since I did not put a password on it, I dont know the password. I downloaded AVG. and ran the scan on it. It tells me everything is fine, though it did have two reports that I clicked on and they were empty. I uninstalled AVG...when it was finished a script box came up telling me it had already been uninstalled..How can this be?? I am going to uninstall my Kaspersky since its showing its not working and reinstall it.

Boyyy your directions are confusing to me but I will copy them out and try. Hopefully I can do this right!!

This is basically what happens every time I try to do something. I either get a password protection on something or I get I have to get the administrator permission to do whatever....except I am never able to get the admin. permission..script box tells me permission denied. Sometimes a script box comes up and tells me trusted installer has stopped my request.

As for my clipboard. I try to access it and again a script box comes up telling me I have to get permission from my administrator then tells me permission denied. I have not been able to access the clipboard in so long I cant tell you the last time I could access it.

Last week I called Kaspersky and they did a all kinds of scans on it. The man there told me my pc as he put it *was very very sick*. Of course just like everyone else he wanted me to pay a certain amt. to fix it. As I stated before I have paid more than 5 people to fix my problems and as soon as my pc is back online all the problems start again.

Since my router is new, I called Linksys just to make certain everything was done correctly when we set it up. He also ran all kinds of scans through my cmd. He told me that I had a networking problem and *here we go again* for a mere $350.00 they can fix all three of my pcs and I would have one years service on all of them. They are the only ones I have talked to yet that does offer a 30 day money back guarantee if not satisfied.

All I want is not to be on a network with all these people and I dont want them accesssing my computer. I never realized this would be so hard to accomplish To of not put myself on it to begin with, its sure taking a toil on me trying to get rid of it. You have no idea how many tears of frustration I have shed over this. If I did not need the pc to submit my photos to my editor, I would of gave up a long long time ago.

Again for the 3rd time...my pc was accessed without permission and my Norton alerted me to the fact. I got the IP number called my tech support they informed me who it was and where they were. Please read past post on here.

I do want to thank you so much Irv. for trying to help me out. Your the first person that has really tried to help me and I appreciate it more than you know.

Question, you stated in a earlier post on here I was on networking and you posted a netstat. How do you know I am on networking...was that scan on me? Or was it an example? The reason I ask is, in all this info. I am putting here is this going to give anyone that knows how free reign of my pc? Let them access it?

One more thing, two nights ago, I was looking at the resource monitor. Under Services highlighted in bright orange is a sentence that says: Filtered by svchost.exe *Local ServiceAndNoImpersonation*

I can give you the info under it if you need it. Also under Associated Handles I get the same Orange highlighted area that has the same thing: Filtered by svchost.exe *LocalServiceAndNoImpersonation* with lots of things under it Under image: all has Svchost.exe *Local Service and ....* Under Handle Name they all start out with \Registry\machine\software, or : \Registry\machine\System, or: \Registry\User\5-l-5-19\control panel\international, or \Registry\Machine\System\controlSet001\Contr.. , and some have by the Svchost.exe (Local Service An...), \BaseNamedObjects\FntCache-e5c56b01-e53a-4407..., or, \they start with the BaseNamedObjects, but after that is, \fntCache-173cfb3c-5d88-47bc... or, _ComCatalogCache_ , or, \FntCached 97dciec5-a399-425c...

I dont know if any of that is important or not but included it here basically because of them being filtered.

Can you explain to me who Local Service is??

I have tons of scripts I have printed out from Network Monitor/Application rules SVCHOST>EXE. that I can put down here if you want.

One more thing, since your a pro at this, would this be easier to do through email, or by other means or stay here and try catching each other? Just asking....I dont want to break any rules.

Posted 4 years ago
Top
 
gedstar
Posts: 521

No offense but with all the time you have spent on this you could have Wiped the Hard Drive and re-installed windows!!!!! So why don't you go down the re-install from scratch route?

This bit sounds a bit suspect

"One more thing, since your a pro at this, would this be easier to do through email, or by other means or stay here and try catching each other? Just asking....I dont want to break any rules. "

Posted 4 years ago
Top
 
nosparks
Posts: 148

For a person that says you never give people access to your computer, you sure give a lot of people access to your computer.

This forum has provided information that would get rid of your current situation by starting all over from square one. Actually, prior to square one because there would be none of the "new computer crapware" installed on your computer.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

"Im sorry Im not believed on what I put here, but I dont know how to put it down any other way than the truth", that is NOT the case. I just don't see how you came to your conclusions and you've not given any supporting details.

"I find what I find in my pc by snooping.", good, but what EXACTLY did you find and where?

" Today when I did the netstat I put it in my doc.file only to go there now and find a message come up telling me it had been moved or deleted.", OK, what I suspect has happened it that you've saved it to the desktop as that is the NORMAL dialog box you'd see when there is no file being pointed too. The question is HOW did you save the NETSTAT to the desktop, please explain? If you can't copy it, how was it done?

Most RECENT computers will have a LOT of programs installed on it when you purchase it. Skype is one of them, as Skype is now owned by MicroSoft. You'll find quite a few programs on a new computer, many you might not need. Nothing unusual here, and Skype only allows you to SHARE your desktop, that is allow someone to VIEW it, not use it.

"Protected Q:\ Location is not accessable.", and I suspect this is a drive on your Epson printer, does it have a MEDIA card slot? No card in the slot, normal message. Using Windows Explorer you should be able to RIGHT MOUSE BUTTON on it, select PROPERTIES and get more info on it.

"I dont want to share with others, hubby would be ok but no one else...how do I do that?? *since he just walked in the room...", well once you connect to a network and you have to to get on the Internet, you will share some stuff by DEFAULT. In W7 on the Systray Right mouse button on the network icon and open NETWORK AND SHARING CENTER. Then you'll see how you are connected. On that you'll see a link for FULL MAP. If any other devices are on, one of your other computers for instance, if you click on it you'll see them. On the ADVANCED settings on the left when selected you can turn of the file sharing, it is ON by default.

Also in a COMMAND PROMPT enter NET SHARE and you'll see what you are sharing, like this (I have a 4 computer network and all computers share ALL files and folders except MS restricted access files for the OS) :

-----------------
c:\>net share

Share name Resource Remark

-----------------------------------------------------------------------------
print$ C:\Windows\system32\spool\drivers
Printer Drivers
IPC$ Remote IPC
AVI K:\AVI
C C:\
C_XPS C:\ XPS C Drive
Documents K:\SkyDrive\Documents
Games DL K:\Games DL
Image Library One
K:\Image Library One
K_XPS K:\
L_XPS435 L:\ L Drive
Public C:\Users\Public
Users C:\Users
The command completed successfully.
-------------------------

You can do this on ALL computers to see what THEY are sharing. PUBLIC is probably the only one that would be there by DEFAULT.

"Isnt my connection to the server a network, a LAN? Isnt that considered a network?"

No, it isn't and you are NOT connected to a SERVER but your ROUTER. Connecting to the ROUTER is called a LAN, Local Area Network, and all devices that connect to that router, either wired or wireless are on THAT LAN. The ROUTER connects to a MODEM provided by your ISP. Via that MODEM you connect to the WAN, Wide Area Network, for Internet access.

"And if this is the case how do you know what network to be on verses one you dont want to be on?"

The ROUTER can see different NETWORKS... WORKGROUP is the DEFAULT one. You can rename it, but the ROUTER might 'join' then together anyway. This isn't a real concern UNLESS it is a password protected network that you need to join, which should NOT be the case.

"And if your connected to a home router is that a type of network?" Yes, exactly.

Here are some links that might help understand more:


http://compnetworking.about.co.....etwork.htm
http://www.home-network-help.com/home-network.html

"Again, I had Norton at the time and it alerted me someone was accessing my pc. I went to the history and found a IP number with accessing your computer by it.", completely NORMAL, it could be almost anything... go back in the history and provide the IP address. Norton by default will put up ALOT of informational messages. Even when a WEB SITE tries to put a COOKIE on your computer or a program you are running tries to do something it thinks is wrong. DETAILS here helps on understand what is going on.

" I called the tech support for my ISP, gave them the number and they told me who it was *name* and where they were located *my servers address*. When I told her that the address was my server and the persons name she gave me was the IT tech is when she handed me over to her supervisor who stated we needed to talk to the server on Monday morning.", details needed again here. First there is no such thing as "my servers address". You probably are NOT running a server, unless you are HOST an INTERNET service, like FTP, TORRENT, or Web Site to name a few. What you might have is a LOCAL PRIVATE IP Address, starting with 192.168.X.Y where X is probably 0 or 1 and Y is probably 0. You can determine YOUR IP Address from the IPCONFIG /ALL command in a COMMAND PROMPT. Two lines to look at :

IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) <-- Your Computer's IP Address
Default Gateway . . . . . . . . . : 192.168.1.1 <--- IP Address of YOUR Router.

To see your WAN IP Address, the address of your MODEM on the WAN, go to http://mywanip.com/. If you saw ANY of these above, you saw yourself, also 127.0.01 is you.

"What can I do when a message comes up telling me I have to ask for the Administrators permission to look at files?", and this means you do NOT have the correct permissions to have access. Can be because you did NOT give the permission via UAC (User Access Control) dialog box or you are not running at the Administrator. There are 3 Administrators here on W7 basically. You can be an Administrator (user ID) but you do NOT have FULL Administrator rights. Especially with a COMMAND PROMPT. Follow instructions here on how to do it, https://www.howtogeek.com/howto/windows-vista/run-a-command-as-administrator-from-the-windows-vista-run-box/. The other is more advanced, running as the True Hidden Administrator, but that should NOT be needed now.

"Also a lot of my programs I go to them and some of them are whited out and I cant access them or parts of them.", don't understand, explain more or take screenshots and post please. Any error or dialog box messages, please provide them if so.

"When I type in Microsoft help, it takes me to a place called Microsoft Tech Net for IP techs. When I come across some problems in my pc a message comes up telling me again to go to Microsoft Tech Net for IP techs. In the beginning of this a exe. script box came up with PasswordReader.exe in it and showed it was downloading. I did not do this and have no idea how or where it came from.", I think you entered this in the Browser and it took you to a place where you 'PURCHASE' on-line support. This is a program that probably would allow a tech to connect with you via CHAT and then get on your system possibly? Where did you actually go to on the Browser, there are MANY. Normally one would open the START ORB on the lower right and USE HELP AND SUPPORT there to look for problem answers. What did you actually do?

Irv S.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

"Again for the 3rd time...my pc was accessed without permission and my Norton alerted me to the fact. I got the IP number called my tech support they informed me who it was and where they were. Please read past post on here." You NEVER posted that IP 'number', that is what is needed...

"Question, you stated in a earlier post on here I was on networking and you posted a netstat. How do you know I am on networking...was that scan on me? Or was it an example? The reason I ask is, in all this info. I am putting here is this going to give anyone that knows how free reign of my pc? Let them access it? ", well, because when you connect to a Router you are doing it OVER a NETWORK, plain and simple. You have POSTED no information here that can identify who you are, where you are, or how to connect to your PC. Neither did I.

"Under Services highlighted in bright orange is a sentence that says: Filtered by svchost.exe *Local ServiceAndNoImpersonation*", I think this is from the Media Center, you running it or have it loaded? Under Service where though? What are you looking at? Again, I'll assume you are looking via some application, and ORANGE probably means it is ACTIVE... so what are you using to look at this? Task Manager, Resource Manager (what tab), or something else?

"Can you explain to me who Local Service is??", YES, that is YOUR COMPUTER!!!! (some info, although old --> http://www.windowsitpro.com/ar.....e-accounts).

"I have tons of scripts I have printed out from Network Monitor/Application rules SVCHOST>EXE. that I can put down here if you want.", probably not, all those are probably 'legal'.

"One more thing, since your a pro at this, would this be easier to do through email, or by other means or stay here and try catching each other? Just asking....I dont want to break any rules. ", well, on occasion I have helped people out by connecting to their system via TEAMVIEWER (http://www.teamviewer.com/en/index.aspx) and fixed things. It usually was to stop the 'thrashing' on this forum. It sounds like this might be needed. We can do it, your choice, via e-mail if you feel uncomfortable with me connecting via TeamViewer, or if others here object as they are interested here. To do this you'll have to contact a Moderator, Lighthouse, VistaMike, or Xhi, and ask them for my e-mail address and we can set it up. I will contact them to contact you too. You contact them by clicking on their link under their name on a REPLY they gave and that will take you to a page with their contact info. You'll need to look at some threads to find these, but it shouldn't be too hard. Meanwhile I'll contact them.

Irv S.

Posted 4 years ago
Top
 
vistamike
Posts: 10945

Tis done Irv, thanks for the offer

Mike

Posted 4 years ago
Top
 
nosparks
Posts: 148

Irv - No objection to you going "in camera" to help out the OP but please don't leave the rest of us hanging.

Thanks
NoSparks

Posted 4 years ago
Top
 
vistamike
Posts: 10945

The resolve, if any, will be posted here

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Sorry so late in getting back, lots going on here I wasnt expecting.

Right now my mind is reeling with all the info I have read above and I am not sure where to start. Before I answer you Irv., I will answer the others first....short answers.

Gedstar, a few things, first off your comment about being suspect... The reason I ask Irv about email or some other way of contact, is because answers and post from me esp. were getting very long. I havent been in a forum in a very long time as I havent needed to be. The last one I was in some of my post got thrown out as they said they were too long. I didnt want the same thing to happen here as I am trying to get help with my pc and trying to learn at the same time. Windows 7 is very very confusing to me. If I could of gotten XP when we bought the new PC I would of as 7 is kicking my buns and mind. Esp. the networking stuff. I am sorry you see it as suspect.

As for starting new, I wish now I had as I am more confused than I ever was. I do have the Recovery Disk we purchased from HP, they told me that doing a Recovery was just like starting over new on my pc. Someone here said to throw them out and *nuke* what I have and start over...just how do you do that without the recovery disk??

Nosparks, just how have I given access to my pc to lots of people? From what I read below from Irv I havent given any info out that someone could access me with. As for starting out from scratch, please read again what I wrote to Gedstar. No one has told me exactly how to start from scratch.

Irv, you have given me an overdose of info here and my mind is reeling. I did not post the IP number I got from my norton as I did look it up on Whatismyip.com/whois and it was the same person that the tech support gave me. What I meant by server gave me the info, my telephone company where we live is a independant comp. its not part of AT&T or the old Bellsouth. Our telephone comp. also has our internet service, they also use to have the Direct TV service but went to one of their own. My internet service came in as part of our bill from our telephone service.

You have given me lots to read up on here and I am very interested in continuing this in a less open way as I feel I am being *put down* by some on here because of my ignorance. It is after midnight here and I will look for the moderators contact like you said in order to get in touch with you. I will have to discuss with my husband about doing a remote with you but wont be able to talk to him till in the am as he is sleeping. I feel he will agree in order to get my pc running the correct way with no outsiders on it.

You state that 127.0.0.1 is my pc, in netstat there are 3 lines one with *Local Address* the middle with *Foreign Address* and the last *state*
Would the 127.0.0.1 be in both the local and foreign lines? Do you have a suggestion as to where on the net I could go to learn about netstat and what each line means and what each *state* means that I would be able to understand?
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
you wrote: "Under Services highlighted in bright orange is a sentence that says: Filtered by svchost.exe *Local ServiceAndNoImpersonation*", I think this is from the Media Center, you running it or have it loaded? Under Service where though? What are you looking at? Again, I'll assume you are looking via some application, and ORANGE probably means it is ACTIVE... so what are you using to look at this? Task Manager, Resource Manager (what tab), or something else?
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I found the orange filter in my Resource Monitor under *services* and under *associated handles* with the info I wrote above under them. Sorry I confused you. I dont have media turned on at all.

When I saved the netstat I put it in my Documents...not on my desktop. When I went to see if I could put it here is when the message box came up saying it had been moved or deleted did I want to delete the shortcut. I did print the netstat out though and have been trying to figure out how to get it on here as my clipboard will not open. I did understand how you c/ped the whole netstat so I did learn how to do that instead of how I had been doing it a screen at a time with Print Screen then printing it out. Now just to get my clipboard to open and I have learned a new way to c/p.

No my printer does not have a media slot card. Neigher of them do. I have two, as I do sell my photos I can print out to 13X19 and I do my own framing and matting.

I did the command prompt net share and this is what is showed me:

Share Name Resource Remark
------------------------------------------------------------------------------------------------------------------------------------------

C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
Q$ Q:\ Default Share
ADMIN$ C:\Windows Remote Admin

The command completed successfully.
_____________________________________________________________________________________________________
Can you please tell me in plain english what that means???

As for Skype in my PC....it has been EXE. I found that in my programs.

I also did a ipconfig /all. You said to look at the two lines

Ivp4 address and the default gateway address.

Mine came up with:

Windows IP Configuration

Host name................... : mine
Primary Dns Suffix......... : *empty*

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

Hmm I wasnt near the post button and it posted so I will finish what I was typing and see if you can explain it ot me

Node type............................... : Hybrid
IP Routing Enabled.................... : No
WINS Proxy Enabled...................: No

Ethernet adapter Local area Connection

Connections-specific DNS SUFFIX
Description...........................: Realtek PCIe GBE Family Controller
Physical address.....................: letters and numbers
DHCP Enabled........................: Yes
Autoconfiguration Enabled..........: yes
IPv6 Address.............................: letters & Numbers *Preferred*
Temporary IPv6 Address............. : different letters & numbers *preferred*
Link-local IPv6 address.................: different letters & Numbers than ^^^
IPv4 Address.............................: 192.XXX.X.XXX *preferred*
Subnet mask..............................: 255.XXX.XXX.X
Lease obtained............................: todays date time
Lease expires...............................Sat at the same time
Default Gateway............................:192.XXX.X.X
DHCP server..................................: 192.XXX.X.X
DHCPv6 IAID...................................: numbers
DHCPv6 Client DUID..........................: numbers in pairs along with letters

DNS servers......................................: 184.XX.XXX.XX
: 184.XX.XXX.X *last two numbers different than above* WHY DO I HAVE 3 DNS SERVERS?????????????
: 192.XXX.X.X
NetBIOS over Tcpip.............................: enabled

Tunnel adapter isatap..(numbers and letters)

Media state...................Media disconnected
Connection - specific DNS Suffix :
Description...........................: Microsoft ISATAP Adapter *where did the adapter come from????)
Physical address.....................: numbers in pairs with the last one having a number and letter
DHCP enabled...........................: NO
Autoconfigurtion enabled.............: Yes

Tunnel adapter Local Area Connection XX *numbers*

Media state..........................: Disconnected
Connection-specific DNS Suffix...:
Description:.................: Microsoft ISATAP Adaptor
Physical address..................: numbers in pairs with the last one a letter &Number
DHCP enabled.........................No
Autoconfiguration Enabled...............Yes

Tunnel adapter local area connectio XX *two numbers*

Connections specfic Suffix
Description......................: Microsoft Teredo Tunneling Adapter
Physical Address.................................numbers in pairs with the last one a letter and number
DHCP Enabled .............................No
Autoconfiguration Enabled..............yes
IPv6 address'................................letters & numbers *preferred*
Link Local IPv6...........................numbers & letters
Default Gateway.......................
Netbios over tcip.......................Disabled

Now can you expain this to me in plain english??? :)

I will be getting back with you, its 2:12am and this peachy is going to bed!!!

Have a great evening !

Posted 4 years ago
Top
 
ispalten
Posts: 6259

Quick answers for above...

Share stuff, you ARE sharing the C, D, and Q drive to ANYONE on the network. Normally this is NOT the case. Can easily be fixed. Just because it shows as shared, doesn't mean everything or even IF it can be accessed. Might require a P/W or be Read Only, can't tell without doing specific things on the computer.

IPCONFIG you posted. All normal other than the X's you used to hide information that didn't need to be. I can tell from that you ARE on a network, connected to a router, either with the GATEWAY address of 192.168.1.1 or 192.168.0.1. You have set up one of those addresses as the DNS as well, and have 2 DNS addresses that are your ISP's DNS... normally these two are all that is required.

Windows 7 is 'backwards compatible', in that is has some 'dynamic links' that are used for programs that do not know the names of W7's folders. I'm wondering if this is causing a problem for you? For instance, under USERS in Windows 7, which in XP was called 'Documents and Settings', you will find your UserId. Under that you'll see 2 MY DOCUMENTS. You can ONLY open 1 of those. I'd really have to know how you saved the data away, step by step, to know more?

CHECK YOUR E-MAIL please.

Irv S.

Posted 4 years ago
Top
 
 
ispalten
Posts: 6259

" I did not post the IP number I got from my norton as I did look it up on Whatismyip.com/whois and it was the same person that the tech support gave me. "

When you go to WHATISMYIP.COM all you will get is YOUR WAN, Wide Area Network, IP ADDRESS!!! WHOIS will tell you it is YOUR ISP!!!. This is NOT who is getting on your computer.

That is unless you did an IP Address lookup for an IP Address you had. This the number I wanted to check.

Irv S.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

If you REALLY think someone is connected to your computer, READ these links and you might see something you'd want to try to get some data for me :

http://www.watchingthenet.com/.....twork.html
http://network-security-softwa.....deals.html
http://www.justanswer.com/comp.....puter.html
http://www.makeuseof.com/tag/c.....s-network/

Irv S.

Posted 4 years ago
Top
 
nosparks
Posts: 148

Its a 4 yr long story of how this happened, but basically a IT tech was paid to access my pc.

Last week I called Kaspersky and they did a all kinds of scans on it.

I called Linksys just to make certain everything was done correctly when we set it up. He also ran all kinds of scans through my cmd.

MrsPeachy, the above are copy and paste from your posts. If I have misinterpreted them then please accept my apologies.

I will continue following this discussion with interest.

Good luck to you.

And good luck to you too Irv, I admire your patience.

Posted 4 years ago
Top
 
MrsPeachy
Posts: 14

NP nosparks, its been a long haul for me and there is more to the problems than I put here....

Thank you for the *good luck wishes* ..

I think Irv is going to be the one that can finally help me and I admire his patience also as this is requiring lots of it Im afraid. :)

I am just glad I finally found this site as you have no idea what all has been happening. I just wish I had found it before we paid out so much money to different companys and independants that we really could not afford but for my job I had/have to get my pc running correctly again.

Posted 4 years ago
Top
 
Scott
Posts: 5618

The suggestion I'd like to make is to allow Irv to connect to your PC remotely
as he's graciously offered. This will likely minimize your suffering and maximize
the chance of determining, once and for all, what may be going on. In Irv we trust.

Posted 4 years ago
Top
 
gedstar
Posts: 521

So did we finally get an outcome to this, just interested!

Posted 4 years ago
Top
 
vistamike
Posts: 10945

I believe this is still an 'ongoing' project

Posted 4 years ago
Top
 
nosparks
Posts: 148

Interesting.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

Finally connected...

Until then screenshots and info have been looked at. So far, nothing to report as I've not seen proof of and 'break-ins'. Keyboard was replaced with an MS Ergonomic one, and I sort of suspect that the drivers may be interfering with the standard keyboard drivers? Also the Q: drive that has appeared is connected with Words CONNECT-2-RUN which is causing this and an error when starting office.

I did run SFC and it found 6 corrupted files and fixed them.

Irv S.

Posted 4 years ago
Top
 
ispalten
Posts: 6259

Oh, copy and paste problem, using IE and Yahoo mail, it doesn't support PASTE...

Irv S.

Posted 4 years ago
Top
 
nosparks
Posts: 148

Bump.

Posted 4 years ago
Top
 
nosparks
Posts: 148

Irv, any updates that would dispel the perception of this thread and assist others in the avoidance of such a situation?

Posted 4 years ago
Top
 
ispalten
Posts: 6259

Only update I wish to share is that I have had to back out of this. I've found nothing wrong nor that supports her feeling someone has/is on her computer.

She needs a computer forensic expert that will come to her home and watch what she is doing.

Irv S.

Posted 4 years ago
Top
 



Topic Closed

This topic has been closed to new replies.