I see in my sec the seurity Log about the same that I log on a entry Anonymous Logon. I also noticed when I viewed network connections wireless, a strange entry with a excellent connection just be infore my router loged on. The entry was very quick and what I think I saw was MALVER-API32. I have also seen attempts to do regedit, Explor, Defrag and an attempt to insert HKEY code which my self defense denied. I also saw utilization of Com+ and I also found a unregestered HKEY in the attached screen shot. My scan's do not find any virus, but some entrys did pop up when the computer the computer was attached to the same router as a hijacked computer that the anti virus software shut down as critical. On the infected computer I found Broadcom/jump initiated and on this computer Application Layer Gateway Services was starting on each boot. In addition CFG.exe was installed in program files. CFG.exe is a broadcom utility to connect two computers. I have disabled Application Layer Gateway Service and removed CFG.exe.
I have changed my router configuration from WEP to WAP-2 on the router however I do not recognize the gateway. I have done a cmd>ipconfig to confirm my IP and then looked at the client list on the router. The client list at times list 2 consecutive IP's even though only one computer is communicating with the router and no other computer is turned on or attached to the router. one of the ip's dispayed shows no host and no Mac address while the other is normal. However if I refresh the blank ip goes away?
This computer was formated on 3-29-09 and I see some api.dll's modified on 4-14-09.
I have formated the other computer and will format this computer again soon but I am concerned about the router and infections are comming by way of a neighbors wireless (not broadcast) unprotected router and unprotected computer.
I need to find out the ip address and Mac address of the hacker so that I can block it. Attached is a screen shot of Dcom warning which was Not allowed to regester
Any body got any pointers?