is it possible to telnet or 139 into LAN computer without windows7 user password by using ARP Poisoning and sniffer
Before installing the firewall, I realize some stranger was using my wireless network. I’m not sure if my document and others have already been stolen or not ???
Did you have sharing of files and printers enabled would be my first question. What encryption do you use? WEP or WPA (2)?
When sharing was disabled and you are using strong WPA (2) encryption then your system should have been hacked in order obtain your documents.
You can check your system for malware following What to do if you’re infected - eXPerience Rev.3. After that let Gmer search for rootkits.
I use WPA2 but I have to share the internet connection with guest sometimes. My windows system is clean, All setting are default, I didn’t change anything or install any mal-software, no firewall and no antivus. I have password for each user account.
Can they hack into my windows system, and read my document? I have to make sure because there’re some unauthorized access to my email and other online account.
Step 1 - don’t use DHCP!!!
Disable it on your router and apply a static IP address to your PC. If you have visitors then, tough, they’ll have to put a static on their PC while they visit and remove it when the leave.
Step 2 - change everything now. Router passwords, bank passwords/PINs, all Windows login passwords on your PC, remove guest file sharing accounts, set a password on all documents to enable editing.
Ewen 
Why don’t you use windows “steadystate”
read about it their, I think this could be a permanent sollution for you
Correct!!! But also on your router use MAC Address filtering. Do an ipconfig /all from a CMD prompt and put your MAC address in the router. No unauthorized computer should be allowed in this way. MAC addresses are hard coded into your NIC Card or onboard NIC no two are the same in the world. This is a little extra added protection. Then go thru every page of your router settings looking for things to adjust to harden up best as you can. Change the router password (make it symbols, letters capped and uncapped and numbers, NO discernable words make it gibberish and long), If wireless check for WPA2 or WPA2 Enterprise. TKIP or AES. Make a strong wireless password as well that is not the same as the on for the router admin. I like 13 or more letters, numbers and symbols. Yes PIA to remember, but it is strong!
Also folder encryption is a good idea for documents. I do not use the user ones I make ones on other drives for this and encrypt.
port 139 is always broadcasting. Even in a domain I have an inbound policy blocking 138 and 139 when it does not meet my filter list. Outbound is not effected. If I request something to leave that is fine. Something in is not.
I also suggest buying a great router. Something that will let you make rules to block or allow ports on an individual basis. Most comsumer models under $200.00 don’t. They just let you open ports for gaming and such but not close them.