Who is accessing my modem and how do I stop them?

[UncleWick]

Who is accessing my modem and how do I stop them?

I received an email stating I have downloaded a movie using BitTorrent (do not have). This is the second time they have sent me a similar message and are now warning they could denying me internet for 6 months. Below is a copy of part of the email (ip address redacted).

I ran Mbam, SpyBot S&D, and my paid antivirus Avast Internet Security, to make sure I was clean, I was/am.

I set each of my devices to a static ip address and reserved them, according to their mac address, in the LAN setup menu of my modem so I can tell at a glance what is accessing it.

I turn off UPnP. I do not have an Xbox.

I tried to apply some kind of MAC filtering but my modem (Netgear r6300v2) does not offer a means to do that. (not that I can find anyway)

I tried to renew my IP address but it kept applying the same one, called Cox and explained the situation and asked for a new IP to be assigned and they said it is renewed automatically every 24 hours. Well I still have the same one that was in the email so something is off there.
One thing that did come of the conversation was that some sites offering free streaming “could” do this as well. She mentioned a couple names but when I looked for them they all look legit.
---------------------------------------------------------------------------------------------------------------------------
Reason I am here...

Is there a way to block something like BitTorrent from using my router, I do not have another computer to put “in the dmz” between the world and the router.

Is there a way to apply some type of MAC filtering?

Is there a list of sites that offer free streaming of movies and television shows I can add to the “blocked sites” list in my router? I have monthly memberships to both Amazon Prime and Netflix, I have no use for any others.
----------------------------------------------------------------------------------------------------------------------------
Part of the received email. I have a copy of the modem's log but it is long and unless you need it cannot see wasting the space on the page.

---Start ACNS XML
<?xml version="1.0" encoding="UTF-8"?>
<Infringement xsi:schemaLocation="http://www.acns.net/ACNS http://www.acns.net/v1.2/ACNS2v1_2.xsd" xmlns="http://www.acns.net/ACNS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">      <Case>
                <ID>222137573922</ID>
                <Status>OPEN</Status>
                <Severity>Normal</Severity>
                <Ref_URL></Ref_URL>
        </Case>
        <Complainant>
                <Entity>AMC Film Holdings LLC</Entity>
                <Contact>AMC Film Holdings LLC</Contact>
                <Address></Address>
                <Phone></Phone>
                <Email>Amc.antipiracy@ap.markmonitor.com </Email>
        </Complainant>
        <Service_Provider>
                <Entity>Cox Communications</Entity>
                <Contact>DMCA Agent</Contact>
                <Address>Cox Communications Inc.   1400 Lake Hearn Drive   Atlanta   GA   30313   US   </Address>
                <Phone></Phone>
                <Email>abuse@cox.net</Email>
        </Service_Provider>
        <Source>
                <TimeStamp>2017-01-18T15:09:03.14Z</TimeStamp>
                <IP_Address>**.**.**.***</IP_Address>
                <Port>37778</Port>
                <DNS_Name>ip**.**.**.***.hr.hr.cox.net</DNS_Name>
                <Type>P2P</Type>
                <SubType BaseType="P2P" Protocol="BITTORRENT" />
                <Number_Files>1</Number_Files>
                <IsSource>false</IsSource>
        </Source>
        <Content>
                <Item>
                        <TimeStamp>2017-01-18T15:09:03.14Z</TimeStamp>
                        <AlsoSeen Start="2017-01-18T15:08:41.24Z" End="2017-01-18T15:09:03.14Z"></AlsoSeen>
                        <Title>WALKING DEAD, THE</Title>
                        <Artist></Artist>
                        <FileName>The Walking Dead S07E05 INTERNAL 720p HDTV x264.mp4</FileName>
                        <FileSize>346847212</FileSize>
                        <Type>Video</Type>
                        <Hash Type="SHA1">33976E655BC3C2B8274EEC095A9F61D04E1DF45D</Hash>
                </Item>
        </Content>
<History></History>
<Notes></Notes><Type Retraction="false">DMCA</Type>
        <Detection>
                <Asset>
                        <OriginalAssetName>WALKING DEAD, THE</OriginalAssetName>
                </Asset>
                <ContentMatched Audio="true" Video="true" Text="false" Human="false"/>
                <HashMatched>true</HashMatched>
                <MetadataMatched>false</MetadataMatched>
                <VerificationID>Manual and hash verification</VerificationID>
        </Detection>
        <Verification>
                <VerificationLevel Type="DT">3</VerificationLevel>
        </Verification>
        <TextNotice><![CDATA[Cox Communications

Thank you for looking.

 

[UncleWick]

i asked them if they could provide anything beyond the IP of my router and they said no... so it could be someone has hacked my router i guess. it is impossible for me to have done it, i do not have a torrent.

i live alone and no one was here during the time the download was done. if i read the email correctly it happened around 3pm yesterday, i wasn't even home.

The time was 2017-01-18T15:08:41.24Z -- Z for ZULU or London time. You local time is probably 5 or 6 hours EARLIER depending on what time zone you are in. Since the notice came from COX in GA, I am assuming US Eastern which would be 10AM local ...

thank you... 10am i was home but still in bed, disabled and had therapy at 4, i slept in.

 

[UncleWick]

could all this mean i have something accessing the internet that shouldnt be?

[Admin login] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:42
[Site allowed: su.ff.avast.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:41
[Admin login] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:41
[Site allowed: analytics.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:29
[Site allowed: analytics.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:17
[Site allowed: widgets.worldtimeserver.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: fonts.gstatic.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: www.worldtimeserver.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: fonts.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: media.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: analytics.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: cdata.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:16
[Site allowed: inimage.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: logging.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: widgets.getsitecontrol.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: cdata.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: route.carambo.la] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: pixel.watch] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: www.worldtimeserver.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:20:15
[Site allowed: cdn.bluestacks.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:19:29
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:18:18
[Site allowed: cdn.bluestacks.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:18:15
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:18:03
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:59
[Site allowed: api.viglink.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:50
[Site allowed: tag.crsspxl.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: bounceexchange.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: cdn.viglink.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: tags.bluekai.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: t.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: in.ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: cm.g.doubleclick.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:49
[Site allowed: ib.adnxs.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: x.bidswitch.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: d3ezl4ajpp2zy8.cloudfront.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: cm.g.doubleclick.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: script.crazyegg.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: ib.adnxs.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: tag.crsspxl.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: ap.lijit.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: sync.c1exchange.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: tags.bkrtx.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: static.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: l.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: srv-2017-01-20-01.config.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: w.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: ramp.purch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: w.estat.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: secure-us.imrworldwide.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: s.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: w.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: static.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: ads.servebom.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:48
[Site allowed: www.googletagservices.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: logc22.xiti.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: media.bestofmicro.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:47
[Site allowed: ads.servebom.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: www.googletagmanager.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: fonts.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: yui.yahooapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: ajax.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:46
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:45
[Site allowed: pagead2.googlesyndication.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:17:39
[Site allowed: image.providesupport.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:16:56
[Site allowed: pagead2.googlesyndication.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:16:23
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:16:23
[Site allowed: image.providesupport.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:56
[Site allowed: www.serversmtp.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:56
[Site allowed: platform.twitter.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:56
[Site allowed: www.serversmtp.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:55
[Site allowed: cx2.ic-live.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:55
[Site allowed: beacon.krxd.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:55
[Site allowed: aa.agkn.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: p.rfihub.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: bcp.crwdcntrl.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: beacon.krxd.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: track.hubspot.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: cdn.krxd.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: img-aws.ehowcdn.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: externalextended.dmtracker.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: p7.ic-live.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: c7.ic-live.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: images.taboola.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: metrics.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: cdn.krxd.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: trc.taboola.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: cdn.taboola.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:54
[Site allowed: js.hs-analytics.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: nexus.ensighten.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: trc.taboola.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: externalextended.dmtracker.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: external.dmtracker.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: www.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:53
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: www.googletagmanager.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: pagead2.googlesyndication.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: cdn.taboola.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: img-aws.ehowcdn.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: nexus.ensighten.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: ww1.hdnux.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: pagead2.googlesyndication.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: cdn.optimizely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: ajax.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: smallbusiness.chron.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:52
[Site allowed: p001.sb.avast.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:15
[Site allowed: v7event.stats.avast.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:15
[Site allowed: emupdate.avast.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:15:15
[Site allowed: su.ff.avast.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:14:03
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:12:36
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:12:21
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:12:17
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:12:07
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:12:06
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:56
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:51
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:46
[Site allowed: api.viglink.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:37
[Site allowed: tag.crsspxl.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: bounceexchange.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: cdn.viglink.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: tags.bluekai.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: in.ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: cm.g.doubleclick.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: ap.lijit.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: d3ezl4ajpp2zy8.cloudfront.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: ib.adnxs.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: script.crazyegg.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: tag.crsspxl.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: sync.c1exchange.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: x.bidswitch.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: cm.g.doubleclick.net] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: tags.bkrtx.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:36
[Site allowed: t.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: srv-2017-01-20-01.pixel.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: static.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: srv-2017-01-20-01.config.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: l.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: w.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: ramp.purch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: ads.servebom.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: w.estat.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: secure-us.imrworldwide.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: s.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: w.sharethis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: static.parsely.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: www.googletagservices.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: b.scorecardresearch.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: logc22.xiti.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:35
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: media.bestofmicro.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: www.googletagmanager.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: ads.servebom.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: fonts.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: yui.yahooapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: ajax.googleapis.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: m.bestofmedia.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: ml314.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:34
[Site allowed: www.tomshardware.com] from source 192.168.1.2, Thursday, Jan 19,2017 20:11:33
[Log Cleared] Thursday, Jan 19,2017 20:11:16

 

[UncleWick]

if you can please... tell me how this is even possible...

file size downloaded according to email .. <FileSize>346847212</FileSize>
download avg on my modem yesterday .. 49025

snap shot of my router traffic meter
https://goo.gl/photos/dPTCNAdzpV5Pw82D8

 

[kanewolf]

That screen cap, if I am reading it correctly says that 16GB was downloaded and 32GB was uploaded. The file size listed is only 346MB.

With that amount of traffic, you should be able to see one wired port flashing like mad. I don't think that amount of traffic could be WIFI.

 

[UncleWick]

i wasnt sure how to read that but i watch netflix and amazon movies all day. my tablet has a couple games on it and messenger, and my phone is VOiP so there is that... but i know i have not downloaded any movies and they are welcome to check my computer for any evidence i have.
but the size they say was downloaded... what is that number in the hundreds of millions. i mean that is insane. my computer is the only thing plugged into the router, so whatever (if anything) did the download had to be wifi and i only have an android phone and an android tablet, neither could hold that file.

 

[kanewolf]

What would more concern me is the 30GB UPLOADED. Watching netflix or amazon won't do that. Try this, RESET the counters which might require rebooting your router. Leave your desktop UNPLUGGED for a couple hours and check your counts. Reboot again to clear the counters and then plug in your desktop and just leave it logged in but sitting at windows desktop. Check your counters in a couple hours. Your desktop could be infected with something that is causing this....

 

[UncleWick]

What would more concern me is the 30GB UPLOADED. Watching netflix or amazon won't do that. Try this, RESET the counters which might require rebooting your router. Leave your desktop UNPLUGGED for a couple hours and check your counts. Reboot again to clear the counters and then plug in your desktop and just leave it logged in but sitting at windows desktop. Check your counters in a couple hours. Your desktop could be infected with something that is causing this....

have screen shots if needed but here is what i got... times are not perfect but close

first thing i did was use a password generator set to 20 and change the password again. it was set to 14 but that was a year ago.

PC unplugged only android devices on.
UL = 2.33 , DL = 48.19
PC plugged in but sitting idle android devices active
UL = 2.22 , DL = 46.71
PC in moderate use (check email, weather, answer a message on messenger)
UL = 2.51 , DL = 28.46 (why lower)

now i guess i use as normal and see what it is in the morning?
should i DL hijackthis or am i jumping the gun?

 

[UncleWick]

Maybe a stupid thing to post but here goes, (mod if this is harmful to me please delete).

192.168.1.2 is my PC
192.168.1.3 is my Phone
192.168.1.4 is my Tablet

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.


C:\**\**>netstat -o

Active Connections

Proto Local Address Foreign Address State PID
TCP 127.0.0.1:2861 www:60144 ESTABLISHED 4
TCP 127.0.0.1:9000 www:58057 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58087 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58088 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58090 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58092 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58154 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58157 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58165 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58174 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58223 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58233 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58242 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58267 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58296 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58327 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58536 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58550 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58602 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58700 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58701 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58850 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58913 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58974 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:58997 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:59051 ESTABLISHED 27636
TCP 127.0.0.1:9000 www:59240 ESTABLISHED 27636
TCP 127.0.0.1:57742 www:57743 ESTABLISHED 48956
TCP 127.0.0.1:57743 www:57742 ESTABLISHED 48956
TCP 127.0.0.1:57745 www:57746 ESTABLISHED 48240
TCP 127.0.0.1:57746 www:57745 ESTABLISHED 48240
TCP 127.0.0.1:57891 www:57892 ESTABLISHED 1992
TCP 127.0.0.1:57892 www:57891 ESTABLISHED 1992
TCP 127.0.0.1:57894 www:57895 ESTABLISHED 1992
TCP 127.0.0.1:57895 www:57894 ESTABLISHED 1992
TCP 127.0.0.1:57988 www:57989 ESTABLISHED 50936
TCP 127.0.0.1:57989 www:57988 ESTABLISHED 50936
TCP 127.0.0.1:58057 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58087 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58088 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58090 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58092 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58154 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58157 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58165 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58174 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58223 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58233 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58242 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58267 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58296 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58327 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58536 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58550 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58602 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58700 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58701 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58850 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58913 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58974 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:58997 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:59051 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:59240 www:9000 ESTABLISHED 51512
TCP 127.0.0.1:60052 www:2861 TIME_WAIT 0
TCP 127.0.0.1:60144 www:2861 ESTABLISHED 27636
TCP 192.168.1.2:55696 ce:https CLOSE_WAIT 125708
TCP 192.168.1.2:55700 a23-54-187-27:http CLOSE_WAIT 78108
TCP 192.168.1.2:56845 msnbot-65-52-108-226:https ESTABLISHED 4600
TCP 192.168.1.2:57118 nyc16:http ESTABLISHED 1992
TCP 192.168.1.2:57455 r-252-42-234-77:http CLOSE_WAIT 1992
TCP 192.168.1.2:57749 ec2-52-37-202-94:https ESTABLISHED 48956
TCP 192.168.1.2:58194 qh-in-f188:5228 ESTABLISHED 51512
TCP 192.168.1.2:59927 lga25s40-in-f14:https ESTABLISHED 48956
TCP 192.168.1.2:60055 ec2-54-147-177-201:9339 ESTABLISHED 51512
TCP 192.168.1.2:60059 lga25s56-in-f17:https TIME_WAIT 0
TCP 192.168.1.2:60060 yi-in-f106:https ESTABLISHED 48956
TCP 192.168.1.2:60064 lga25s40-in-f195:https ESTABLISHED 48956
TCP 192.168.1.2:60065 iad30s09-in-f1:https ESTABLISHED 48956
TCP 192.168.1.2:60066 lga25s40-in-f14:https ESTABLISHED 48956
TCP 192.168.1.2:60067 lga25s40-in-f14:https ESTABLISHED 48956
TCP 192.168.1.2:60069 iad30s07-in-f10:https ESTABLISHED 48956
TCP 192.168.1.2:60076 lga25s40-in-f14:http TIME_WAIT 0
TCP 192.168.1.2:60077 lga25s40-in-f14:http TIME_WAIT 0
TCP 192.168.1.2:60088 iad23s44-in-f170:https ESTABLISHED 48956
TCP 192.168.1.2:60096 xx-fbcdn-shv-02-mia1:https ESTABLISHED 48956
TCP 192.168.1.2:60103 lga25s40-in-f195:https ESTABLISHED 48956
TCP 192.168.1.2:60104 a23-217-51-134:http TIME_WAIT 0
TCP 192.168.1.2:60106 server-52-85-142-184:https TIME_WAIT 0
TCP 192.168.1.2:60107 server-52-85-142-184:https TIME_WAIT 0
TCP 192.168.1.2:60109 ec2-34-192-139-143:https TIME_WAIT 0
TCP 192.168.1.2:60110 a23-217-51-134:http TIME_WAIT 0
TCP 192.168.1.2:60111 server-52-85-142-184:https TIME_WAIT 0
TCP 192.168.1.2:60112 server-52-85-142-184:https TIME_WAIT 0
TCP 192.168.1.2:60117 lga15s44-in-f2:http TIME_WAIT 0
TCP 192.168.1.2:60118 lga15s44-in-f2:http TIME_WAIT 0
TCP 192.168.1.2:60119 lga25s40-in-f194:https ESTABLISHED 48956
TCP 192.168.1.2:60120 edge-star-mini-shv-02-mia1:https ESTABLISHED 48956
TCP 192.168.1.2:60121 ec2-52-0-22-157:http TIME_WAIT 0
TCP 192.168.1.2:60123 qv-in-f154:https ESTABLISHED 48956
TCP 192.168.1.2:60125 54.239.25.192:https TIME_WAIT 0
TCP 192.168.1.2:60133 server-52-85-142-21:https TIME_WAIT 0
TCP 192.168.1.2:60134 server-52-85-142-21:https ESTABLISHED 48956
TCP 192.168.1.2:60135 server-52-85-142-21:https TIME_WAIT 0
TCP 192.168.1.2:60136 server-52-85-142-21:https TIME_WAIT 0
TCP 192.168.1.2:60137 server-52-85-142-155:https ESTABLISHED 48956
TCP 192.168.1.2:60140 6a:http TIME_WAIT 0
TCP 192.168.1.2:60143 ec2-54-221-192-241:http TIME_WAIT 0
TCP 192.168.1.2:60145 13.107.21.200:https ESTABLISHED 34940
TCP 192.168.1.2:60146 13.107.21.200:https ESTABLISHED 34940

C:\**\**>

maybe i am just being crazy but this is the second time, i do not want a third. talked to my neighbor and he said he had a similar issue a year or so ago. i dont know what to do. that is why im here...

thank you for your help and suggestions, i am following them all.

 

[UncleWick]

issue resolved, thank you for all your help.

 

[USAFRet]

issue resolved, thank you for all your help.

So what was the resolution?

 

[UncleWick]

A combination of everyone's help.

kanewolf brought my attention to the traffic counters; watching them I noticed a huge drop when I changed the password.

USAFRet said to look for someone else using wifi.

bill001g not trusting relatives.

Then I remembered, my son was just here for the holidays and spent a lot of time flirting it up with the neighbor's daughter. I have made it known that my wifi is not a public domain but I will not be turning a 14yo kid in either.
I let my ISP know it will not be happening again and hope for the best. I am sure they have better things to worry about than me.

Thanks for everyone's help here. Still worried but at least I know.

 

[Mousemonkey]

Is she called Mia?

 

[UncleWick]

Is she called Mia?

LOL... you know her? No but i assume she isn't the only kid doing this.