Has our home network been hacked?

You need to take action right away.
If possible, use Windows' System Restore to restore the operating system to a time BEFORE you installed the new Arris gateway/modem.
Next, turn off your computers. Don't use Sleep or Standby or Hibernate; use Shutdown.
Unplug the network cables from the computers.
Use a friend's computer or one at work to download some free security scan programs. Use a fresh USB flashdrive (one that's never been connected to any computer in your home).
Download, install and run the free version of MalwareBytes on the infected computers:
https://www.malwarebytes.com/
If necessary, use Windows' Safe Mode to install and/or run the scan(s).
Also obtain and run one or more rootkit scanners mentioned here:
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
Obtain and run the free version of CCleaner:
https://www.piriform.com/ccleaner/download
If all the steps above fail to restore normal operation you can save your photos or other data onto a spare flashdrive and then reinstall Windows from scratch.
When you're satisfied the computers are running normally again then it's time to fix the modem.
Use an unfolded paperclip or a pencil point to press and hold the tiny Reset button on the back of your Arris gateway (tiny hole above the USB port) for 10 or 15 seconds. Consult the Arris user guide for instructions on this.
Create a new username on the modem sign-in screen to replace the default "admin" username. Also create a complicated password in the space below the username. Write them down on a piece of paper.
Set up the modem's security with a new, long password using WPA-2 security. Use upper and lower case letters, some numbers and a some special characters. Write down the password and put it somewhere safe. Make sure the Guest Network is turned off.
On your computers, consider using a Guest account when you're on the internet. It's much harder to hack.

Unless some worm was inserted into your machine/s prior, when you secured the modem you locked any hackers out. They/he/she would have to crack your ID and/or password and the Arris can be set to not accept remote entry.
As to the rest; Some could be your browser, some could be remember this settings in browsers and Win 7. If time warner like Xfinity has Guardian software that installs with the free security stuff does funny and intrusive stuff.

Others will have better input. Best of luck.

Hi Peggy

First-off there is no security protocol that YOU can enable for your modem. That’s all handled by your ISP (TWC). Your vulnerability comes when you turn on your computer. Even then someone has to be using it - opening infected emails and attachments, transferring files via an external drive from an infected computer, surfing the web to dangerous sites, opening a share session with a fraudulent computer tech, downloading stuff – in short someone has to open a gateway (email, file or browser) to somewhere.

If none of the above occurred while you were away, then your issues can probably be corrected by…

1. A computer re-boot into safe mode and back out. Here’s a link on how to boot Windows 7 into safe mode.

.http://www.pcworld.com/article/2851718/windows-8-and-windows-7-safe-modes-how-to-enter-and-when-to-use-them.html

2. System Restore to a point prior to the TWC installation is a good idea. Any files or programs installed after the restore point will be removed. Here’s a link on how to perform/select a System Restore:

http://www.dell.com/support/article/us/en/04/SLN85604

Here comes the “IF” again…..If the above failed then….
Take your computer to a professional and have it cleaned and restored. Depending upon the extent of the infection the cost can run upwards to $200.

If you are a DiY’er here’s a link on how to save a few dollars to clean your Windows system:

http://www.pcworld.com/article/243818/security/how-to-remove-malware-from-your-windows-pc.html

You can also wipe the hard drive and start over with a clean install of the OS or a system restore from an external HD that has a clone of your system from before you switched to TWC.

Whether you enlist the aid of a professional or take the DiY route…off load your documents, files and photos to an external HD. You can have the professional scan them or you can do so yourself after you get your computer back-up and have installed an antivirus program (other than the one you had) to scan the drive before placing them back on your computer. Not to worry 99.9% of spyware finds a home in your systems registry. The clean –install or system restore includes an uncontaminated system registry.

One program that I use on a monthly is Malware Bytes. There is a free and a pay version. I rum Malware Bytes once a month in addition to my anti-virus program that is always on.

Assuming nothing has corrected the issues….I don’t want to push the manic button, but you’ve got some funky things going on with your computer. Sounds like it’s possessed. All jokes aside I’d stop worrying about my computer at this point and start concentrating on how to protect your finances, identity and family.

Random characters appearing when typing sign-in passwords are reminiscent of a key-logger having been downloaded to your system. These days a computer is a gateway to your life. Even if you don’t have critical data stored on it spyware can capture passwords you use for online banking, shopping, social media or anything where a secure sign-on is required.

Although it can be very frustrating and a feeling that you have been violated – I strongly suggest you replace all of your credit cards, change your bank account number, scrub social media accounts, change every frick’n password you use and get a new email account - preferably one that doesn’t end in “xx.rr.com” (TWC). Email addresses are often used as online ID’s. I know what I suggested can be a pain in the Derrière, but so can having your finances ruined or losing your identity.

I hope you are able to resolve your issues quickly and in the simplest way possible. Good Luck!

Together Everyone Achieves More = T.E.A.M.

Hi Peggy, you have some good and comprehensive advice from gaucherre and ajtrek already. It certainly sounds like you have some sort of infection but it must have been picked up while your computers were running.

Running offline scans such as Malwarebytes, Kaspersky, Trend Micro and others would be a first step. Some of these can be run from a bootable CD/DVD download, which would limit any malware from interfering with them.

I would assume your TWC modem has an inbuilt hardware firewall, in addition to your personal firewall on your computers. Check the documentation to make sure it's blocking everything you don't use.

If you do decide to wipe the computer system disks, a drastic step, make absolutely sure you have (preferably two) verified backups of your data. Then don't just reformat them, use something like Partition Wizard live CD/DVD to secure erase all the partitions and reallocate them. Do a full format when you reload your system. If you have a known clean full system image backup of your systems from before the problem started, reload that and you are good to go. Otherwise, re-install your system and applications from the distribution disks and run your malware scanners against any data you transfer from your backups you made before wiping your disks - it's fairly easy to hide malware in JPG images, for instance.

Last thought, does TWC subscribe to any of the shared hotspot schemes - like FON in Europe, Telstra Air in Australia? The idea is that you can log into other people's modems when travelling, in exchange for allowing others to log into yours. Telstra and FON say it's completely secured at the router - I disabled my Air!

Good luck.

The fact that your virus scanning activities haven't turned up anything is concerning but by no means conclusive. Lots of malware includes code to detect a virus scan and will effectively go into hiding during a scan.
Advice about replacing cards, bank account details etc. is sound and those measures may be a necessary pain.
Scanning the computer while it is running under its own operating system is unconclusive, theref ore some peopel have a Linuy based "virus scan disk" (CD or DVD, so that it cannot be corrupted by the virus you are after. On the other hand it may not even be useful to know the identity of what hit you, since the best option in all probability will be a clean install anyway.
You do want to back up your data to an external disk, though - but be aware that that backup might contain copies of the virus or its source (it could be in a PDF file, a Word document or even a JPG image - or multiples of those.)
It is not entirely proven to me that the cause of your problem is in the specific internet access product you are using - the issues you describe could have come via any other internet connection as well, which would explain why the TWC tech rep didn't have any enlightenment for you. Still, it is a good idea to lock up your modem/router (or whatever they call the device you are using for your connection) as described earlier - for many good reasons.
Once you have a clean install of your OS again - on a fresh disk or at least one that has been thoroughly repartitioned and not-quick formatted preferably under control of the install CD/DVD - you need to run a few thorough malware scans on your backup data before you let anything on your new system touch your data again - lest you end up with exacly the same problem all over again. You may not find anything during those scans, by the way. If the infection came from an email attachment or a file on a web page that you opened without permanently storing it on your system that source of the problem may be long gone, without, alas, taking the infection with it ...
And going forward, learn to be wary of all email attachments, especially those that com from unknown parties, and even more so if the email is in bad English (or bad whatever language is customary aroud your life) and/or it is made very urgent that you should open the attachment and/or react to whatever they warn you about.
And don't visit websites that unknown parties want to send you to or - even worse - that links in an email point at.
I get a lot of this kind of dangerous junk mail and must assume that practically everybody does as well. My email client will reveal the address behind a link in an email when I hover the mouse pointer over it. It is totally crazy to see where some of those alleged web pages of your home bank are hosted. And have you ever wondered why you get so many mails from banks that you don't even bank with? So, what makes you think that the mails that seem to come from your actual bank are any less fraudulent? If in doubt go to your bank's homepage (typing the URL in by hand to make sure it wasn't jippoed in your browser's bookmarks - yes, they can do that, too!) and if from that homepage you can't find the page you were supposed to reach from the link in the email - then the link in the email is bogus. Really, it is!
In my opinion the above covers the vast majority of opportunities to get into trouble on the internet.

We have a Time Warner modem that has the Wi-Fi, but, we do not use TW's Wi-fi, with instructions from TW you can do whats called a BRIDGE CONNECT, which means your bypassing TW Wi-Fi and using your OWN Wi-Fi- thru your Router....

I tried the various suggestions and found no viruses or malware on my computer. I discovered during that process that someone had installed a remote access progam on my computer. I deleted it and disabled all the remote access services. I had already turned off the remote access option a long time ago under the Remote settings on Computer but this overode it. The problem with my desktop icons, etc, has no longer occurred.
However, lightening struck our gateway. At that time, I found out that the cabling from my ISP was not grounded. I later discovered that it also damaged my ethernet port. TWC replaced the modem but since my ethernet port did not die until about a week later, they do not think they're responsible for paying for the replacement.
I'm going to try a USB to ethernet adaptor until I can get it replaced.
Thanks to everyone for your assistance!
Peggy S.

Probably an remote agent that is not detectable with most software. Would rebuild myself, format reload .etc Hopefully no identity data was on it. Firewalls are available and cheap for what they protect. Use more than just a wireless router with minimal protection ....Identity theft is one of the most damaging infringements one can experience.Even when the credit companies know it can take many years to clear up.

If you do reinstall, whether a clean install or from a backup, I suggest replacing the hard disk instead of wiping and reinstalling. Hard disks are cheap now--a name brand 1TB drive is $40.

There are three benefits from "Replace, don't wipe":

1) You still have the old disk. I guarantee you there will be something you forgot about. Even with backups, you can't run backups. Sometimes you need to see a program running to remember a setting, or something else.

2) It's a lot faster. Although you should back up anyway, you actually don't need to--you still have the old disk.

3) Less worry--you don't have to hope everything will work, load, reactivate, etc. You have the old disk.

Regarding "reactivate", although you usually can get MS to grant reactivation, with other vendors' programs sometimes the activation server has been shut down, the vendor is out of business, the program has reached the maximum number of installs and the vendor refuses to increase that number, etc. If you have to access that program, you can swap the old drive back in, run the program, and then swap back to the new drive when you're done.

"Replace, don't wipe", is a cheap "belt and suspenders" approach. (If you're wearing a belt, why do you need suspenders? If you're wearing suspenders, why do you need a belt? "Just an extra precaution.")

And if the original disk is a decent size, eventually just buy an external enclosure, wipe the drive at that point and you've got an additional backup drive.

If you had a remote access program on your computer, then you were hacked. Scary, right? Did you turn the wireless off on the new gateway? New ethernet cards are really inexpensive and easy to install. Ethernet goes out on computers very easily. In fact, you will probably pay less for a new ethernet card than you would for the usb access. You just need to know what kinds of add on slots you have in your computer to get the right one.

Make certain that nobody is allowed to use your computer unless you are present. You'd be surprised how many people think it is "fun" to mess with someone else's computer. A computer is a personal item. It is not for public use. Make sure your guests know this. Put proper security programs on your computer, use a good password (do not give it out to anyone), and make sure that you set the computer up so that it locks out anyone who tries to access it when you are not there. I went as far as to get a cheap computer for my living room. My good computer is in my bedroom, and I do not allow anyone else to use it. If someone needs to use a computer, I have a guest computer that they can use. If they mess it up, then I can reset it to factory state easily. I only install security programs and a few browsers on it. If they break it, then my guests can complain all they like. They just won't have a computer to use. I did my best.

Also don't forget that you can make separate accounts for everyone in your household, and only one needs to have administrator access. You can even shut out everyone's ability to install new programs without your permission.

If you are on XFINITY/COMCAST and are renting the cable moden/ router you may be running an open WiFi on your connection.

XFINITY is promoting their HOTSPOT WiFi service for their customers. This uses a 2nd WiFi port (RF Channel) that runs requires a user to login with a XFINITY/COMCAST ID.

First of all this does use some of the bandwidth of your Internet cable service. My understanding is that it is not counted in you data usage.

The more serious issue is that if a neighbor attaches to the HOTSPOT you are hosting they can use it to do Bit Torrent hosting via your Internet IP address. Be aware that the Copyright police don't care who is doing the repeat g as they look strictly at your Internet IP address.

You can call Comcast Technical Support and they will re- provision your hardware to keep the HOTSPOT RF Channel turned off.