Is it normal for IE history to log system activity/contents?

I should begin this by stating that I know I've got security issues. For instance, My BIOS password was changed (and even Dell Tech Support couldn't reset it), the user-side password to access the browser-based settings console to my Linksys router was changed, locking me out (I've quit using the router for now), the built-in Administrator account has been logged into and a password set ... and many other events, but right now I just have a specific question.


I'm on a home PC (Dell L702X) running Windows 7 SP1 and am not knowingly connected to any network (though various monitoring apps on my system are telling me otherwise).

I use Firefox, never IE, but just on a hunch I thought I'd take a look at IE's history. It showed the browser as having visited certain security-related sites which I'd been to, it had been to the IP address of my router console (specifically the wireless security page, where I'd disabled the device's wireless capability) and has also accessed certain documents on my system, typically saved logs and other files related to my attempts at security forensics.

The day after I found this suspicious activity in the IE history, I noticed that IE had switched to private browsing.

Some people with whom I've shared this are speculating that this is probably just one way Windows natively logs certain types of activity, but given what's shown up there I find this suggestion less than tenable.

Is this likely to be the case, or not?


Thank you!

Jacee said:

Who else shares this particular computer with you?

Who else shares your Internet connection in your home? (other computers?)

Nobody, and nobody (legitimately, anyway). Nor does anybody have physical access to it.

Hi Jacee,

Any more you can add to my original question?

Thank you.

Thank you ThrashZone! Yeah, I'd imagine MS may get a lot of flack for what they've put into Windows 10.

What I've seen with IE however shows up even on fresh installations, not immediately but after I've taken the system online yet before any WUs are installed.

papilio said:

~~~
I'm on a home PC (Dell L702X) running Windows 7 SP1 and am not knowingly connected to any network (though various monitoring apps on my system are telling me otherwise).
~~~

Can you keep the computer off of the internet?

What monitoring apps?

What network(s) did the computer connect to?

UsernameIssues said:

papilio said:

~~~
I'm on a home PC (Dell L702X) running Windows 7 SP1 and am not knowingly connected to any network (though various monitoring apps on my system are telling me otherwise).
~~~

Can you keep the computer off of the internet?

What monitoring apps?

What network(s) did the computer connect to?

Hi UsernameIssues, thank you for your reply.


I'm variously shown as being connected to Local Area Connection, Local Area Connection 2 and Local Area Connection 3. The IP configurations of each of these have shown up in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles.


I've installed WinPatrol and GlassWire. I've set WinPatrol to monitor some of the TCP keys in the registry and it's reporting the changes in network configuration which I'm seeing. GlassWire seems to be doing a good job of alerting me to the comings and goings of unknown network devices, changes in DNS settings and other elements of my IP configuration.

A family friend who is a retired programmer with Seagate has also written for me a Python program to monitor a comprehensive list of settings but it hasn't yet shown him enough to allow him to come to any conclusions. He's looking for the hacker's entry point and his feeling currently is that it seems to be a BIOS exploit.

Which brings me to the issue of keeping off of the internet -- I can disable my adapter and even unplug the Ethernet cable from the router, thereby losing my own ability for any internet activity (set up via the router as exclusively Wired and having none of my PC's Wireless adapters installed). Yet evidence of Remote Access, which I've disabled as well as I know how, continues under these conditions.

It is primarily these events which lead my Seagate friend to suspect a BIOS exploit, these along with the apparent absence of such activity before my BIOS was hacked and the password changed.


For a time I was using Windows 8.1 Pro and had locked down system access to some extent via Group Policy, but Event Logs would report changes in the Group Policy profile along with entries reporting Group Policy as having been changed to a shared resource.



I'd not seen evidence of significant tampering with system settings for about the past couple of weeks until a few nights ago when my connection was lost, the Network Troubleshooter reported that my Gateway (ordinarily my router) was unavailable and my Network Adapter had been disabled (this was not displayed in the Device Manager). The diagnostic details reported the Gateway as being located on an unknown remote host.

ThrashZone said:

Hi,
Not sure about all of the other issues you've encountered but you might review Control panel/ Internet options/ General section and browser history settings button,
There should be three sections
Temporary internet files set it to Never if you don't use ie,
History 0 days
Cache and databases Uncheck use cache.... first set it to 0mb.

Save that and go to Delete button and Check all boxes except for the very top box leave it unchecked,
Apply and okay your way out.

Firefox has it's own setting I'm sure you're aware of

With a click/ click to continue generation too silly to read terms of usage it will take time before people realize what win-10 actually does.
The new Google is where M$ want to be because Google is way more successful and people don't seem to mind all of the spying so M$'s view is join them as Android has proved people really do not care

Thank you ThrashZone, very helpful info to have. My understanding of networks, their settings and issues is still quite elementary.


What I'm hoping to learn currently is whether the activities in the IE history (and a good number of other suspicious settings, registry changes and Event Log entries) are just normal Windows behavior which I'd not yet noticed, or whether they might point to evidence of the intrusion which I'm experiencing.

ThrashZone,


p.s. Going into Internet Settings and making the changes which you suggest reminded me that I had initially done some of those things upon first discovering the activity in IE history. The following day I noticed that IE had been changed to Private Browsing.