Over 1 million tech questions and answers.

Track User Activity in my Network Using Mikrotik Firewall

Q: Track User Activity in my Network Using Mikrotik Firewall

Hello,how I can track user activity? For example, how I can log visited sites and accessed ip addresses? User may perform something illegal or not allowed I want
to know that (or I will need to show these logs to police)...
I know that this can be done with transparent proxy (squid), but I need something better. Any idea?

Ameer Hamza

Read other answers
Preferred Solution: Track User Activity in my Network Using Mikrotik Firewall

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)



Iam Working as a System Administrator in a Gaming Company...I have total more than 100 systems in a network with server 2003.

According to company rules all the entertainment sites are blocked..but some of the users are still browsing that sites like google ,yahoo,youtube...etc

I think that users are using third party softwares..so, my requirement is how to know whether that users are browsing unauthorised sites.....how to tracking that browsing...

please help me..Thanks in advance.....

Yours Bhan....

A:How to track the user Browsing in Domain network

Read other 9 answers

I've been having this problem for at least a year and a half now. I hear constant HDD activity. When I leave the computer alone it'll just go CHH...CHH....CHH....CHH....CHH. It almost the seconds ticking by on a clock. When I'm using it it's basically just constant erratic drive noise. Sometimes it's directly linked to what I'm doing. I was moving an AIM window today and the hard drive was making noise in direct relation to my movement. It was almost like I was scraping the window across the desktop only the noise was my HDD. I could even scrape out little rhythms. Here's some info on the machine

Dell Precision 330.
P4 1.5 GHz.
18 GB 15,000 RPM SCSI HDD
Win XP

I know it's a little low on RAM but it shouldn't have to be constantly accessing the drive even when idle. I've run Adaware and a virus scanner to see if there's some unwanted program in there but it's never turned up a solution. Any help would be greatly appreciated.


A:Constant HD activity - can't track it down

Welcome to TSF.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Make sure to select the Autoclean option. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

Read other 7 answers

I'm trying to solve a problem that I've posted earlier but getting no responses.

The Reliability Monitor only connects to Microsoft when Explorer has full access. I'm trying to just limit its access for Reliability Monitor.

So I though maybe there is a program that can track what resources Explorer is using when it updates with Microsoft.

I tried using Windows Resource Monitor. Only explorer shows up in the network connections. Checked Explorer in the CPU category but there are an infinite amount of services it is using and I can't properly diagnose what resources it's using during the update. Maybe there is a more advanced way of using the monitor to solve this problem. I don't know.

Is there a third party software that can just track that instance of Explores activity? I did a net search but all I get is results for internet connectivity programs.

Any input is greatly appreciated.


A:Program needed to track/log Explorer's internet activity

I'm not sure what you're asking for, but perhaps "Process Explorer"? Process Explorer

Read other 4 answers

Hy !
I have a network with a domain controller and active directory users in one location
Also in other location i have different domain controller and active directory users, There are separate domains
My problem is that i have a person who manages to connect from one location to another
Each location that has domain controller and active directory has a firewall.....it's about fortigate machine.
This person has only user account in active directory. Local accounts of his computer are disable.
On his computer the IP adress is static.Both server and workstations are up to date.
He succeeds using the Internet to connect to other network, using administrator privileges. This person makes changes on other computers both locations....normal changes that are made only by the network administrator.
I think it's a virus / trojan undetectable.I would like to know how can I scan servers, services from viruses / trojan undetectable and tracing how this persoon connect. From what I knew so far the user succeed to intervene over the user's session from a different computer without the user's knowledge or realizing and make any changes he wish
.I check the logo failures and I have many attempts to acces administrator account. Location where i fiind it is every computer that i log on as administrator account and primary/ secondary domain controller.
I have a software that i manage my events ....ad audit plus...In my reports says that eve... Read more

A:How to track a user ?

You have posted same topic on two other forums.
I suggest that you heed the suggestion posted at http://forum.thewindowsclub.com/windows-security/37956-how-do-i-solve-domain-controller-2012-standard-active-directory-problem.html .
Posting on multiple websites may result in conflicting suggestions/tentative solutions.  We do not wish to contribute to such and respect the suggestions provided by another forum when the same topic is involved.

Read other 1 answers

Hello everyone !
I'm using win98se,Nero 5.5.My Cd-Rom just started to fail burning CDs.The message is'end of user area encountered on this track';this happens with any type of burning:audio or data.I've tried to burn different files&programs...same result.Is anyone so nice to give me a good advice?I've used the above devices for almost 1year without problems.The Cd burner is a Norcent 52x24x52;I used to burn at 4-12x/slowly,I mean/.What shall I do?
Thank you for your kindness

A:end of user area encountered on this track

It could be that your drive is wearing out. Cheap, low-quality drives just don't last long (although I don't know about Norcent's quality). What I'd do is that I'd open the drive, clean the laser lens and add a drop of grease to the axles.

Read other 1 answers

At my company, we have reason to believe that a user may have been visiting "inappropriate" sites. Is there anyway to track where he's been?

A:Can you track a user's internet browsing?

Read other 13 answers

I am the administrator for a home network. I don't need to reset user passwords at this time. Is there a way for me to simply find out what the user passwords are?

A:Administrator needs to track user passwords

Since it's a home network, why not just ask your family members.

Read other 9 answers

Does anyone know if there is a way to track who has logged onto a computer running Windows XP?

A:Solved: Track User Login - Windows XP

Read other 6 answers

Hi everyone,

First of all, I apologize if this might be out of the ordinary for posting but I have been trying to logon to the Sygate forum page for a couple hours now and as usually their web page bites. So I figure I'd come here and try with people that "know what they are doing". Well, anyways to my problem I have noticed when I read my Sygate traffic log there's something that sticks out that I'm not sure if it is normal activity or something I should be concern about. I do have Norton Anti-Virus, Ad-aware, Spotbot S&D, SpywareBlaster, Bazooka and WinPatrol running and have recently scanned my system. The scans come out clean. It seems that I get different remote hosts with the same IP addresses (38.113.220.??) with the last two numbers being different. These events are being logged even though I haven't been on that particular web page for hours (MTV). I also backtraced all of the IP addresses and they belong to Performance Systems International , Inc. Is this normal activity? I'm not sure if I being hacked or what. I have included a portion of my log below. Please I would appreciate any help you can give like I said before logging on to the Sygate Forums page is like trying to raise the dead. If someone could review my log and tell me if I need or not need to be concern about this activity I would really appreciate it. THANK YOU for your assistance and patience!

94562 11/20/2004 12:59:07 Allowed 10 Outgoing TCP
us.js1.yimg.com [3... Read more

A:Suspicious Firewall Activity???

Not sure if this will make you feel better or not, but I see from the trace it comes from DC!

Read other 3 answers

So lately my firewall has been getting a lot of bad activity, and although it's not major it's still a problem. Also just other general problems.


Logfile of HijackThis v1.99.1
Scan saved at 9:52:32 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE... Read more

A:Firewall getting lots of activity

Hello Xolias, and welcome to TSF. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I don't see anything obvious in your log, so let's run a couple of scans to see if anything turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.

Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.Load AVG Anti-Spyware and then click the Shield tab at the topClick on the word active to change it to inactive.

Click the Update tab at the top:Under Manual update, click Start update. After the update finishes, the status ba... Read more

Read other 1 answers

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:36 PM, on 10/02/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Ahead\InCD\InCDsrv.exeF:\WINDOWS\system32\spoolsv.exeF:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exeF:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeF:\WINDOWS\Explorer.EXEF:\WINDOWS\system32\hkcmd.exeF:\WINDOWS\system32\igfxpers.exeF:\WINDOWS\RTHDCPL.EXEF:\WINDOWS\system32\igfxsrvc.exeF:\WINDOWS\system32\umonit.exeF:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeF:\Program Files\Ahead\InCD\InCD.exeF:\Program Files\Microsoft IntelliType Pro\itype.exeF:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeF:\Program Files\WinZip E-Mail Companion\loadwzco.exef:\Program Files\Microsoft IntelliType Pro\dpupdchk.exeF:\WINDOWS&... Read more

A:Questionable firewall activity


Your log is several days old, looks ok but thats no guarantee of a malware free computer. Reply to post if you still need help
What do you mean by: "questionable firewall activity"

Read other 1 answers

Hello All,

New (l)user here. I'm just curious if there is a file somewhere I could check on Windows 2003 server to find out the last time a certain user logged in.

Also, anyone have links to tutorials on :

1. citrix
2. Windows Administration - too bad Windoze has no man pages. man Intro could have been very usefull...
3. AD

Thanks for putting up with my ignorance,

A:Does MS Windows Server 2k3 keep track of the last time a user logged in?

It took a few day s, but I answered my own question. Thought I'd let you know in case anyone else is interested.




Read other 3 answers

Hi folks,
Ok Ive been checking my firewall logs and found a date coloration between a suspect face book account.
On the same day that i received a message via facebook then checked the profile of the account holder I had a stack of hits on my avast firewall.
Now i'm not sure that the two are related but thought it worth checking out.
As a precaution I've ran Avast boot time scan and full Avast scan and a Malware bytes full scan and they have found nothing dumped on my machine.
Of note i was having issues with Chrome last month and it seems to have logged lots of events related to Chrome.exe perhaps a conflict between a chrome update and Avast?
Any advice

A:Facebook / Avast Firewall log odd activity?

Im just trying to upgrade my knowledge base on this kind of stuff,
Doesn't sound as if your dealing with anything too serious but its always worth checking things out, maybe your seeing advertiser tracking from visiting Facebook hitting your system?
My way of dealing with security with somewhat limited knowledge is to know my systems,so i know fairly quickly if anythings changed.
Use something like System explorer to keep an eye on things
Maybe visit Shields up and check for port vulnerabilities (should be stealthed or closed,not open)..(unless something supposed to be using a port for legitimate purposes,Vpn for instance).
Was just reading this in my research,worth a  look
As mentioned in the article,theirs loads of tools for security purposes,im currently grappling with the intricacies of Process Explorer,Wireshark,snort etc...the main thing is to  keep your systems well locked down in the first place i guess,updates,vpn or ip changer,good anti-malware etc,basically prevention is better
than cure..

Read other 9 answers

Something very strange just happened that I don't know if anyone can explain.

I logged into the forums here, and clicked on the security forum. As soon as I clicked, my computer rebooted. My firewall has now registered this activity: "A computer at www.techguy.org has attempted an unsolicited connection to TCP port 4649 on your computer."

I've been coming to techguy.org for a few weeks now and my firewall has never logged any activity from this site. Any ideas?

A:Activity from techguy.org listed on firewall?

Read other 6 answers

I do not understand this ICMP activity being blocked by my Firewall on default. Perhaps some kind person conversant with this matter will respond and enlighten me.My Firewall blocks these pulses by default. Although I can customize the settings and remove the blocking of ICMP traffic, since I regard my FW suppliers as knowing best, I see no reason to alter their settings. I have entered my IP as being "Trusted" in the hope that these pulses will stop being logged, but it has made no difference. They are blocked every few seconds, which makes an awful lot of FW event logs. They seem to be "Echo requests", which means nothing to me except it infers meaningless activity.My settings are shown on the two screen shots : 1 - the settings table and 2 - the event log after a few minutes browser use.1.Settings table :-2. Event log :-

A:Firewall blocking of ICMP activity

As nobody has replied, I have in fact concluded that my firewall is doing what it should do and blocking ICMP signals in and out.

I still do not understand why a signal from my IP to my IP should be an event log, since my IP is designated as trusted on my firewall, but it does not matter too much, I can live with it.

Please consider this thread closed.

Read other 1 answers

The last couple of weeks there has been unusual activity on my Norton Firewall from Microsoft, at first I wondered why Microsoft was accessing my computer so much (incoming), at first I let it in because the firewall had (permit recommended) low risk. After it became more frequent I started to get paranoid and started to block it. Now that there is a worm out there, my firewall is going off every 20 min. or so. The message is A Remote System is Attempting to access Microsoft Generic Host Process for Win 32 Services on your computer C\Windows\System 32\SvcHost.exe UDP Inbound doom 666, all local adapters 1026. The doom 666 is what caught my attention. Since then the Number has changed. I started looking to the alert assistant to see where they were coming from being they said Trusted company Microsoft and no Virus. The locations range from Boston, N.J., Colorado and two different province in China one being Guang Dong. Microsoft has no trouble alerting me to download the most recent Microsoft Security Patch which I download, I do have patch 823980, Spybot which I run with recent updates daily. Norton Anti Virus, spyware blaster, and of course Norton's Firewall. As of now my computer is running OK, Windows XP Home...but should I let it in? Could this be how you get the virus? Is this a legitimate connection? And why every 20 min. even after letting it in two days ago. Why all of this urgent and frequent wanting to connect to my computer...besides being a r... Read more

A:Unusual Norton Firewall Activity

The main thing is that your firewall is doing it's job...and very well, it sounds.
My guess is that it has to do with the attempted propagation of the current MSblast worm. You sound like you are safe.

Read other 1 answers

I'm not sure if this is the right forum, but here goes...I like to put my home PC on standby at night so scheduled tasks can run early in the morning. Unfortunately, incoming IP fragments keep my firewall busy (I have DSL) and that keeps waking my computer up. Usually 5 minutes after going into standby. Any suggestions other than unplugging my DSL modem?

A:Firewall activity wakes computer


By any chance are these coming on port 80? If so, this is due to the lovely Code Red, and most firewalls are getting battered because of this. Which OS are you running?

If its not this port, which is it?



Read other 3 answers

Im andy from Indonesia, I have web server for my Taxi's web services, im using wamp server and after installing it I make NAT forwading in my mikrotik and suddenly all my PC clients in my office getting a IIS7 or 404 Error and blank page. Maybe this is because port 80 which used in my NAT rule is being used by IIS7. So IIS7 blocked all http sites. I have 4 Public IP, and My web server has it own ip public and local ip use ether 2 for it's interface. Three other Public IP also use ether 1, 3, 4. Ether 1 use for Front Office (202.xxx.xxx.210) Ether 3 for 2nd floor (202.xxx.xxx.211), ether 4 is for side building (202.xxx.xxx.212) and ether 5 for wifi. The problem is that after try to forward port 80 to ther server IP (ether2) the rest of the internal network can't access web pages (HTTP) suppose that happen because the router forwards all traffic on port 80. Please If anyone who see this thread could help me to fix my problem.

A:Mikrotik NAT Rule

You need to provide up a network diagram to show the traffic flow of how you have the firewall/router set up. Reading through your description is confusing at best.

Read other 1 answers


I have this problem, that I can not resolve (I'm too green for in this staff).

I have RouterBoard 750 with RouterOS v3.29 in office.
We have 2 different internet providers ("Online" and "Wanex"), I want to connect both of them in RB 750.
I've pluged Online in first interface and want it to come out in third one, Wanex into second and want it to come out in forth interface.

I also created 2 gateways ( for Online and for Wanex, both have there own DHCP servers), which are working properly.

also I've done this and I don't know if this is correct.

This are routes:

so, what I want is to seperate 2 ISP in LAN with different gateways (users that are under to use Online and under - Wanex) and same time have 1 network, so that they can share files, if possible.

I will very greatfull if you help me, my job depends on it

sorry for my poor english.

A:MikroTik RB 750, help configing

I recommend that you ask the question at http://forum.mikrotik.com. They are more proffessional in Mikrotik

Read other 1 answers

I have a serious problem with all internet acivity blocked and the ethernet adapter not showing in task manager.
When booting up a brief message appears to say ad-aware firewall is not turned on.
I had been using ad-aware 10 but uninstalled it. 
Network adapters in Device manager shows:
   sis 900 based pci fast ethernet adapter
   sis 900 based pci fast ethernet adapter bitdefender firewall ndis firewall miniport
   wan miniport bitdefender firewall ndis filter miniport
I have disabled the two bitdefender items.
At present I have the machine in a working state when I switched off the firewall via internet security.
I've made a restore point which means I can (for the time being) get to an ethernet working point.
What seems to happen is that there is a sudden change and the firewalls become active again.
If I remove the bitdefender items using device remover 0.9 the sis 900 adapter shows as 'working correctly' but there is no ethernet access.  Trying to use 'repair' fails.
What do you suggest please?

A:bitdefender firewall blocks all ethernet activity

Well...it's possible that you only have 1 problem...the fact that the adapter doesn't appear in Device Manager has nothing to do with the firewall. 
Ad-aware firewall...is not the same as the bitdefender firewall.  Two different products/developers.
Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.

Read other 11 answers

I have DSL, and can surf the internet fine with the windows xp-1 firewall turned on. I cannot connect to my software vendor's VPN over the internet with the firewall turned on. It connects fine with the firewall off.
My DSL uses a dynamic address & I do not have a router. The DSL modem is connected directly to an ethernet port on the computer.

A:Windows XP-1 Firewall, any way to allow activity to be able to access corporate VPN?

What type of VPN client are you using? Have you allowed access to the VPN Gateway IP address in the XP firewall?

Read other 2 answers

I have just setup ATA on a 5 node hyper-v cluster...
The DC and ATA VMs are spread across nodes.
I have configured all the mirroring etc... however when I open ATA Center and search for user, the user appears but there is no activity for logon etc...

Read other answers

Well I'm having a brain fart!

I think my brother is going on my computer when I'm at work. Yes I have a password on it but I think he keeps getting on. I know you can go in and see when a user has logged in and so on, if you are the admin. I can't seem to remember where to go for that, or Windows 7 is different then XP.

I just need to know when people have logged on.

A:User Activity

Oh Crap...sorry I found it

My bad.

Read other 7 answers

I am kinda worried of all this "NetBIOS" thing being reported in the Alert Log. It happens about every minute for 6 to 7 mins before before suddenly silenced. I did an updated virus scan but found nothing.

At first I thought it was sort of a 'heartbeat' from the ISP to check if my PC is still connected (and those were blocked by ZoneAlarm) because after not using the internet for sometime, it says I am working Offline.

But the catch is that all this NetBIOS activity happens only between 2pm to 6pm GMT, 10pm to 2am in Singapore, and it sporatically happens for a short period of time before nothing else is reported.

I don't use a public computer, but a home PC connected to a wireless internet router via LAN. Wireless so that it can transmit an internet connection to my family's laptops.

I am still a computer newbie, so I know nothing of the complicated stuff of 'whatyacallit'. I just follow the manual and somehow it work.

A:ZoneAlarm Firewall keeps reporting activity related to NetBIOS

Well what you could do is remove NetBios support in the network properties since it is not necessary to have.

Read other 2 answers

Could anyone tell me of a firewall (free or paid) that has a taskbar icon that turns to flickering lights whenever internet activity takes place.  I use Windows 7 Pro and would really appreciate anyone letting me know of such a firewall.
I have XP on a second older computer with ZoneAlarm Pro and I love how ZoneAlarm's little 'Z' in the taskbar changes to flickering lights to let you know when there's internet activity.  I have no idea why the company decided to remove this wonderful feature from later versions of the program.  This feature is invaluable for letting me know if there is NO activity where there SHOULD BE ... or if there IS activity when there SHOULDN'T be.
I found a small utility call 'LanLights' that put an activity light in the taskbar, but what I really want is a firewall that has that feature built-in as part of the program.

A:Firewall with taskbar icon that shows internet activity

I believe that Comodo FW as a tray animation.

Read other 4 answers

A warning message with the title of Antivirus Pro Firewall Alert ? Keylogger activity detected! began popping up recently. The HKCU\Software\Microsoft\Windows\CurrentVersion\Run key in the registry referenced the following values which were removed manually already.
Value Name: 42825f0a-6c43-4e0e-8dfe-9b9d31d56181
Value Data: rundll32.exe "C:\ProgramData\42825f0a-6c43-4e0e-8dfe-9b9d31d56181.dat", tbjcuymnbt
C:\ProgramData\42825f0a-6c43-4e0e-8dfe-9b9d31d56181.dat was renamed to .old
C:\ProgramData\42825f0a-6c43-4e0e-8dfe-9b9d31d56181.ico was renamed to .old
\...\AppData\Local\temp\wrk1525.tmp was renamed .old
\...\AppData\Local\temp\ins4421.tmp was renamed .old
Your help is greatly appreciated! Thank you so much for what you do!

DDS (Ver_11-03-05.01) - NTFSx86
Run by Dave at 20:23:22.88 on Sat 05/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.2036 [GMT -4:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Win... Read more

A:Antivirus Pro Firewall Alert Keylogger activity detected!

Hello ! Welcome to BleepingComputer Forums! My name is Chris and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time Now let's get down to business:I'm currently a trainee in the Malware Removal Training program and therefore my answers have to be checked by a Teacher before they get posted to you. There may be a delay due to this. I apologize in advance if this happens. Hold tight while I get the first set of instructions out to you.

Read other 4 answers

I have a server and some zero clients in a local network. Zero clients connect to server remotely (directly, not using VDI solutions). I need some management
on user's traffic, data usage, etc using kerio. It's ok when there is a domain, I can manager users by their username, but in a workgroup, when one user log into kerio all users have internet. Is there any way to manage users connected to server with zero
client by kerio in a workgroup network?

Read other answers

I am having problems, configuring tl-wa701nd in wireless repeater mode,to extend my network from a mikrotik hap lite router, the repeater does not seem to get an IP from the router, and I disabled dhcp from the repeater, please help

Read other answers

I have a network problem, and it may be a bit hard to explain my situation fully, but I'll try to cover the pertinent information. Basically, when I do anything network intensive, like a file transfer, the file transfer will work, but it will kill all other network activities. I can't browse the web or IM during this time as Firefox will say that it's timed out and IM will drop off and disconnect.

The network setup I'm using is hard to explain fully, but the basic core of it is a router with an access point linked via WDS. The router provides wifi through the house, and also connects to the AP with WDS (@ full 54g signal). The AP basically just gives me hardwired Ethernet ports for my equipment (which is in a location where it would be very difficult to hardwire). Both the router and AP are running the latest "tomato" aftermarket firmware FWIW.

Almost all of my transfers involve going from wired to wireless. I tested my transfer speed during several file transfers and got just a tad over ~3MB/s (~24mbit/s), which seems ok to me since it's going from wired to wireless g. If I do a transfer over ethernet to ethernet (no wireless), it does not seem to cause the problem.

Basically it seems like the router is not dividing up wireless bandwidth as it should. It seems to be only allowing the one transfer to use the wireless at any given time. Is there a setting that might help me? I was thinking maybe a QOS setting might help, ... Read more

A:Wireless network file transfer stops all other network activity?

Have you tried another router or changed the routers location?

Read other 3 answers

Next weekend my Toshiba laptop, running Vista Home Premium SP1, is going to be used to access a wiki, at a public venue. I would like to create an account that can only run a web browser which can only access the wiki, and have the account not be able to access any files on the laptop, that are not owned by that user.

How do I do that?

Once the account is setup, how do I restrict the browser to only access the wiki site? I prefer to use Firefox 3, but can use IE 7, if it is easier to setup.


Read other answers

So, we already have ATA sending it's suspicious activity alerts to our SEIM. I'm now curious if it's possible to send user activity logs to the SIEM, specifically RDP events. They can be filtered and viewed in the Center UI, so these events have to be
logged somewhere. Anyone have any ideas?

Read other answers

Its impossible for me to get an internet connection where I live. And I am using the landlords wireless router (with his permission) connecting via a wireless dongle. But this is very prone to dropping as his house is a long way away. So I want the use a MikroTik Routerboard 153 http://www.aerial.net/shop/product_i...roducts_id=270
To connect that I was using at a previous address on a WAN service
I have managed to get the Mikro Tik Router logged onto the landlords wireless router and from Winbox the control program for the Micro Tik and from a command prompt can ping it successfully.

However I cannot get out onto the internet or any one have any suggestions as to what might be the problem

I am using windows 7 home premium

Windows IP Configuration

Host Name . . . . . . . . . . . . : theatreofdeligh
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet
Physical Address. . . . . . . . . : 00-40-2B-42-55-6E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d1f4:a003:7a2c:4800%11(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Lease Obtained. . . . . . . . ... Read more

A:connecting MikroTik Routerboard too wireless router

Hi and welcome to TSG.

Although your landlord may have given you permission to connect to their router, it is very likely that their Internet Service Provider does not allow them to share their Internet connection outside of family members and visitors to their household. The service provider may cancel the landlord's service should they find out about them sharing it outside of their own household.

Read other 3 answers

Im over a network but my computer keeps shutting down, I've been checking eventlogs and everything got event id's (1074) but ... is there a way to know who started the shutdown process? like the ip address or computer name???


Here are a couple artcles that address the problem. You could use the Shutdown Event Tracker to find more information.


Read other 3 answers

Let me start off by saying that I am not a IT specialist but I consider myself pretty knowledgable.

I live in a co-op apartment with about a dozen or so tenants, some who I not know but we all share the same isp provider (we're all connected through 1 single router). I am the designated net admin. Due to a previous occurance, in which our network was compromised and our service was shut off (someone downloaded illegal material / said computer was turned into a bot because of which said material) I took it upon myself, with the landlords approval, to block all known file sharing / p2p applications and their relative ports. Normal / non file sharing activity was not affected.

Recently, few new tenants moved in and I noticed a decrease in the networks overall throughput. The filters that I have setup are functioning and the routers log indicates that a user is trying to connect to something. Each time its blocked it the user switches ports ranging from the low 1000's up to 60,000. The routers logs only go up to 20 pages (each page logging 10 events) and those 20 pages get filled up within a minute. Within those logs are intermittent (1 out of ever 15 or so) indications of torrent use (ports 6881 - 6889). I am aware that most torrent applications now will use a varying array of ports.

I just want to confirm that what this user is doing is probably ffilesharing and not anything else. It is because everying in the apartment is connected through 1 single IP address tha... Read more

A:Network security question suspicious network activity

Yep, that sounds like P2P.

What kind of a router is it? If it's Cisco, may be able to drop with NBAR.

Read other 3 answers

I have an aging Dell Dimension 8200 desktop with a Pentium 4 2.2Ghz processor and 512Mb memory. I only want to use it for Outlook, Internet Explorer and Office 2003 but it is now running extremely slow due to what appears to be excessive disk thrashing on any user activity - moving between apps or Explorer tabs, opening new web pages etc. I have pagefile management set to Windows management and a pagefile presently of 1289Mb on a seperate disk but there always appears to be lots of physical memory available. ccSvcHst.exe has the highest I/O reads and writes and page faults by far. It seems very similar problem to an earlier post http://forums.techguy.org/malware-r...854676-disk-thrashing-most-user-activity.html

I have tried to discover the cause of the problem but I am now at my wits end and would really appreciate some help. I would like to know whether it is time for a new system (upgrading the memory is quite an expensive option) or if there is some other cause of the slowness, such as malware. I have Norton Internet Security 2010 installed and have run Malwarebytes' Anti-Malware without any reported issues.

The HighJackThis logfile is below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:24, on 01/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\lsass.e... Read more

Read other answers

Hi there,
I have a disk thrashing issue, that occurs on almost all disk activity. This shows up especially when changing tabs (IE8), my hard disk can thrash for about a minute before responding, but also slow when receiving emails, general browser exploring etc so dont think its browser specific. It seems to get worse the longer I go between restarts.
This is not a new PC, the problem started around the time I upgraded to IE8 and Outlook 2007. The dreaded Windows Search installed itself, I have disabled/uninstalled it but things have been stuffed since. I run full suite of Norton Systemworks / Utilities, so dont believe it to be a virus or disk / registry fragementation issue, and this regularly cleans out temp internet folders etc, and I was running this software before the problem started. I suspect it could be caching management / swapping, I have 512Mb RAM, and have page file management set to Windows management.
What I would like to do is identify which process is involved with all the disk access, would then give some idea what to fix! I have searched some of the other posts - I suspect HJT is in my near future, will download and install to get a start!

A:Disk thrashing on most user activity

Read other 16 answers

At various times, but mostly after booting, Windows 7 Pro 64-bit loses track of the network, both the local net and Internet.

The light on the Win-7 port on the router is flashing rapidly and continuously and there is no connectivity.

The only way to recover the net is to disable and then re-enable the Local Area

Is there a cure for this nonsense?

A:Windows Loses Track of Network

Usually it's the router in need of a firmware update or the network driver isn't the correct one. This is a very typical problem when one of those isn't correct.

Read other 4 answers

For linux users, there is an option to run a Network wide DNS server which has tracklists block.

According to the author, who goes by the name quidsup (also in youtube, under same name, known for his Linux videos):

NoTrack is a network-wide DNS server which blocks Tracking websites from creating cookies or sending tracking pixels. It does this by resolving the IP address of known tracking sites to a web server running on the NoTrack device inside your network.Click to expand...

Current build/version is 0.7.8, available at:
GitHub - quidsup/notrack: NoTrack is a network-wide DNS server which blocks Tracking sites

Please do watch his videos on the project to learn more:

Spoiler: videos about No Track

Also, if you run OpenDNS, perhaps check this video to at least see the potential of OpenDNS (skipping how to configure it to run on Ubuntu 12.04 at time of the video):

Spoiler: OpenDNS


Read other answers

I have a little project that I need to complete and am a bit unsure on how to do it. I am in need of some sort of tracking system for my network. Specifically, I want to track the number of connections to the wireless router. So basically just a system that will increment the total every time a device connects to the router. Ideally I am looking for something to show these totals in weekly, monthly, and yearly formats. I dont require any other data to be tracked, such as usage; however, it is not a big deal if the program or software used comes with this.

I already expect to replace the current networking hardware in order to do this, so I am not really limited in that regard. As long as the hardware reasonably priced. Best case scenario is there is some sort of firmware and software that can be setup to do what I want. If this is not possible I do have some experience with coding, so I could possible write something to do what Im looking for.

A:System To Track Network Connections

Read other 11 answers

I'm wondering if a person with a limited user account in Windows XP has access to see what the administrator ahs been doing on the internet? Is there a built in component of Windows that log time spent on internet sites? I'm wondering cause one of my limited users appears to know what and where Ive been and for how long. I don't know how they figured it out but I know that I don't even know where to look for a timer for my own activity much less someone elses. Please advise as to how this was acomplished so I can quit felling perplexed.

A:Limited user account able to spy on administrator activity in Xp???

Read other 8 answers

Do you know if ATA detect user failed login as suspicious activity? If is so, how many times the user has to fail for ATA detect suspicious activity.

Read other answers

I have a new Windows 7 (64) build that seems to be having trouble indexing. When I search in Outlook 2010, I get "Search results may
be incomplete because items are still being indexed". 
When I look at Indexing Options via Control Panel, it says “indexing speed is reduced due to user activity”, even when there is no user activity. 
If I start closing applications and processes to reduce the “user activity”, it changes the status to “Indexing Completed”. 
Then if I start Outlook again, it goes back to "Search results may be incomplete because items are still being indexed". 

When I look at CPU usage, it is near zero, so it would be nice in the indexer would kick it up and get the indexing finished so that I can search my emails. 
Why is the speed reduced?  Is there no way to control it?

- Mark

Read other answers


I noticed on one of our computers that it was very slow with doing anything - running programs or getting on the internet. I did some investigating and process explorer showed one of the svchost processes was taking up to 50% to 90% of the CPU time. this happened before and it turned out to be a rootkit. I ran malwarebytes and avira anti-virus and they both found some things and I had them removed. but It still was not right. I did some DDS, OTL and MBRcheck scans and I noticed some suspicious things. I am a junior trainee and I thought I would be able to remove them myself but I still don't know enough and I want to be sure I handle it correctly. Here are my logs:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bernie at 14:37:51.28 on Fri 04/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.406 [GMT -4:00]
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.ex... Read more

A:network hijack (unusual network activity)

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should a... Read more

Read other 16 answers

Hey all,

I am on a network of around 25 computers and need to be able to track my network traffic, specifically to which machine is using the most bandwidth.

Can anyone tell me how I can do this? From researching what I could on google, it looks like I will need to set up a PC (perhaps just a device) that acts as a gateway, and track it through that?

Any help is appreciated. If I havent clearly illustrated what I want let me know!

A:Need to track network traffic, what software, equp, etc?

Shameless bump. Any help is appreciated.

Read other 2 answers


That is a screenshot of the Device List on my Linksys WRT54G router.
The computers I KNOW for sure that belong to my network ARE:
.132 (Me, wired)
.102 (Brother, Wireless)
.114 (Sister, also wireless)

The mystery person on my network is the one ending in .147 and the one with the REALLY weird IP
So how do I track down that mystery guy / block him out and any other potential future mystery people?

A:How do I track down this mystery person on my wireless network?

Read other 16 answers