[Inactive] I get redirected ,unable to set homepage

[WOODSY0]

Thanks for the "Poultry" clarification. Is there a link that could provide directions for re-installing Visata Home premium, after Windows 7 Home premium. I remeber the last re-install of vista took quite a while, because of the drivers that needed to be installed in a certaqin order, and then the updates (SP1 and SP2) among others, and then security software.

What's your opinion on adding another firewall in place of the Windows version to try and "harden" my protection. I'm also looking for your suggestions on hardware/ software items I might employ, in addition to the DSL modem wireless component (westell Versalink ) , to "beef-up" my home network. My Housemate's college aged children come home and use the wirelss, and they spend a lot of time in other counties like China and Nigeria. They engage in P2P file sharing activities, and constantly comment on their slow running systems.
 

Should I be concerned that 11 GB of the 160 aren't visible when I'm engaged in deleting and re-partioning, via the install procedure of Vista or Windows 7?


Thanks again Hoov. You have benn very helpful. I appreciate it. I notified the county Computer crime department of my situation and they want to look at my 2 computers on Monday.



Thank You Hoov
WOODSY0

[Hoov]

You have a Dell Inspiron 1525 correct? Check out this, start with Step 2

These are instructions for an Inspiron 1520, but a 1525 is basically the same as a 1520.

As for the 11GB that are missing, it may mean your Factory image partition is still intact in which you can restore your system even easier by using these instructions.

About hardening your security, from your description I would get a wireless router with a stateful packet inspection firewall built into it, and then secure the connection and use MAC filtering. That is how I have mine done, and no one outside of my laptop can even see my wireless connection, on either my routers end, or my laptops end. Then let the kids connect directly thru the modem and it keeps you isolated from them.

[WOODSY0]

Hoov thank you for the directions.

Why is my NetBIOS overTcpip enabled? Isn't that security risk, especially since I don't want to or have turned off file sharing. According to my netsts -a report there is activity on ports 137, 138 and then 139.
Why is "tom-pc:0"  showing up as a foriegn address? That is "my" computer's name. It looks like my computer or someone impersonating it  trying to connect to me?
What is host:http as a foreign address? Is foreign address the same as remote addres? Wher can I get answers to these questions without wasting your time?

I have been investigating offline hacking, and noticed that a connection canbe made through my AC power cord. There is a item in windows 7 help and support database entitled connecting with " People Near Me".

I have until Tuesday afternoon before I will reinstall my OS, so I'd like to see if I can rid myself of what reconnects with this person afteraI restart my computer after a clean install. Please check out my PM to you before you replt. Thanks again Hoov

[Hoov]

You can turn off NetBIOS if you want. It is not a required protocol. I have turned mine off.

As to why your computer is showing up as a foreign address, that is a poor label. It should be originating address and destination address. All it means is that is where the communication is coming from. Your computer is talking to itself. All of them do.

About the AC connection, yes it is possible to do this, but it requires special equipment. You have to have a modem that connects to the power lines. Then your computer connects to the modem. Direct communication to your PC is not possible as far as I know.

The cat icon, that is standard in windows. I use it myself. About the Catchme file, it is part of GMER which is used in combofix. It is a legit file even though some virus scanners say its not.

And about People Near Me, that is also a legit part of windows. It is so you can connect to a LAN and discover who else is connected to you.

One thing that windows does that really bugs me, especially where security is concerned, is they persist in these "neighborhood computing" access process's. Personally I believe they should all be turned off by default.

[WOODSY0]

How do I turn off all that "neighborhod computing" stuff? I'm under the impression that it defaults to use it, rather than not use it and keep me safe.

Another question when I go into Printers and devices there are 3 devices listed Laptop Integrated Webcam (which is there and installed), The "TOM-PC", and USB receiver (Mouse icon,  in that properties box there are 2 USB Devices, 1 USB Composite Device, 1 HID compliant mouse, and 1 HID compliant deviceeses).

There are 2 items in Printers and Faxes. A Fax and a Microsoft XPS Document Writer. (You asked me the other night if I installed anything while we were trying to complete the dds scan) the Document Writer has a green check mark. If i go into  Documents under Library in windows 7 there is a fax folder a scanned documents folder and a Default.rdp "thing" that was hidden until I decided to show hidden files and foilders.

This afternoon a fax window popped up with an attachment on it. I have no I dea where it came from. I have no devices connected to my computer other than the laptop cooler and a wireless mouse.

Is this unusual stuff? what do I disconnect when I go to do my reinstall, when I'm show ing something that isn't there? How can I turn off my netbios over TCPIP?

[Hoov]

The fax, I am sure you have a modem installed, so the Fax is a default printer. If you go into the hardware manager and disable the modem, it will disable the fax. But you can also go into the Admin tools into services and disable the fax service.

If you go into the Advanced TCP/IP options, you can turn off the NetBIOS settings there. And in the Network properties you can uncheck the Link Layer topology entries. Between those two settings, that will disable the neighborhood stuff.

[WOODSY0]

Hoov forgive for my stupidity, where do I find the Advanced TCP/IP options?
 I was able to go into the properties box for  my wireless and ethernet devices and I unchecked the link layer topology boxes and also the file sharing  and Printer sharing for Microsoft networks. What about the other options in that property box?  Do I  need the version 6 and the version 4 boxes checked? and what about client for Microsoft Networks, and QoS Packet scheduler?

I went into the fax modem service and disabled it.  should I be surprised that under the log on tab the "This account"  option was checked and a network name was entered and there is a password entered but not visible to me because it shows dots inplace of characters. Since I disabled it from the services it failed to respond when I tried to shut it off in the fax scanner window.

[WOODSY0]

Hoov when I go into ipconfig /all the netbios over Tcpip is still showing enabled should it have changed after I made the changes in the adapter properties?
I didi restart the computer.

[WOODSY0]

Hoov, As mentioned what are your thought's on giving windows 7 one more try? I have a few questions, and you said to ask so here they are.
 Why do I have some type of server software? Is it preloaded, or does it accompany the Windows 7 disk? It looks like I have NT, 2005, Microsoft .NET Framework 3.5.1  . 
 How do I shut down the unecessary file sharing options like the link layer topology and netbios over Tcpip just after  the reinstall. Do I really need Client for Microsoft Networks, QoS Packet Scheduler, Internet Protocol version 6 (TCP/lPv6), and Internet Protocol Version 4 (TCP/lPv4) checked? They are set the same way for both my wireless and Ethernet Adapter. How should my web browser be set up for web connections considering I use a westell wireless DSL modem? I'm confused with VPN  and my webaddress.
 How can I close ports that are open like (especially) 135, 137, 138 139, 1900, 3389,3268 among others.
 I believe I'm receiveng alternate data streams.
All things considered my computer is running the things I want it to- streaming radio, researching news, and streaming video. But the icons on my desktop for HJT, dds.scr or GMER after a few days end up with the blue and yellow shield on them?
That's a few of my question I have more.


Thanks Hoov
WOODSY)

[WOODSY0]

Hoov can you tell me what this file is for? see attached

[Hoov]

On Vista and XP when you disable NetBIOS, it shows disabled. Make sure that you turned it off for that connection type. Once it is off, it should be off, and should indicate off.

As for windows 7 vs Vista, the reason I suggested Vista is because I don't know windows 7 at all.

About Server software, is it IIS? If so, it can be turned off. You only need that if you are using your computer as a web server or mail server.

link layer topology can be turned off.  netbios over Tcpip can also be turned off. About Client for Microsoft Networks, QoS Packet Scheduler, Internet Protocol version 6 (TCP/lPv6), and Internet Protocol Version 4 (TCP/lPv4) checked, I would leave them all on. The first one is required if you want to use the internet, the second is also needed. IPv4 is the internet protocol in use right now. It is what gives you IP address's like 192.168.0.0 . IPv6 is the protocol that the internet is transitioning to. It will give you address's like 2001:db8:85a3::8a2e:370:7334. If you would like to read more about this I can give you references. But you will get reasonably accurate info if you look in Wiki.

With your connection, you should have the browser up to get its connection from the LAN. VPN is a Virtual Private Network and is not needed unless you are trying to connect to your computer from another computer thru the internet.

About closing ports, you need to be very careful doing this.  Instead of doing this, it is better to get a software or hardware firewall other than the windows one. Closing ports on your computer can have unexpected side affects. About the programs with the shield on them, can you give me a screenshot of this?

About the file, can you tell me what the name of the file is and where it was located? I looked in it, and it seems to have quite a few different languages in it. But without context, it means nothing.

[WOODSY0]

Hoov the name of the file is Alphabet.xml, the file path ia as follows:
C:\Program Files\Common Files\microsoft shared\ink. It opens with Internet explorer. The weird thing is it was created on Monday, July 13 2009, But reads Modified On Wednesday, June 10 2009. and it is a read only file, Trusted Installer Has full control.

As far as server software, I'm not sure. When I query Help it says IIS for windows 7 and goes on about server 2008, but I'm not sure if it's valid in Windows 7 Home premium. I need to check it out, or more direction, on where to turn it off.

I  must not know where to disable netbios because it still shows  Net BIOS over Tcpip enabled in ipconfig /all, under my wireless Lan Adapter Wireless Network Connection (Dell Wireless 1505 Draft 802.11n). The Ethernet adapter reads autoconfiguration Enabled...Yes.  It is Disabled under the Teredo Tunneling Psuedo-Interface. I'm confused!

I'll follow up with Wiki on the other stuff., but need direction concerning the location of the NetBIOS Option.


The Police just left. I need to place another post with developments and questions .

More to come ,
Thanks Hoov                   

[Hoov]

Alphabet.xml is a legitimate Windows File. I have no clue of what it does. As for opening in IE, all xml files will open in IE. xml is Extensible Markup Language.

About IIS, go into the control panel, and then to the Admin tools, then you want to open services. Scroll down to IIS Admin and double click on it. Click the stop button, and then in the startup type, select disabled. Please do not indescriminantly change service settings. You can seriously mess up your system by changing settings in here.

About NetBIOS, I have no idea how to do it in Windows 7 but this is how MS says to do it.

   1. Click Start, and then click Control Panel.
   2. Under Network and Internet, click View network status and tasks.
   3. Click Change adapter settings.
   4. Right-click Local Area Connection, and then click Properties.
   5. In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), click Advanced, and then click the WINS tab.
   6. Click Use NetBIOS setting from the DHCP server, and then click OK three times.

[WOODSY0]

Thanks, I'm brain dead tonight, The netbios setting was already set as you directed. Ther are options to "Disable Netbios over TCP/IP,
 but as you direct under version 4, it is set that way.

There isn't a IIS admin service entry to disable. And I didn't  throw darts at one that looked close.

Thanks for your incredible patience.
Have you ever used DBAN? The detectives recommended I use it to wipe my drive.

[Hoov]

Yes I have used it, and it will not hurt.

About the shield you were asking about, I have never heard of it, but found out what it is.

Items with the shield need administrator privileges to run.  Most of these things will give you a UAC pop-up or need to be run by right-clicking and choosing "run as administrator".