Hmm it just shows my tmobile gateway device, and my computer. I deleted some of my old printers it had on it, and one of them was active "XPS something" That might have caused it. I couldnt find any ip address for any of them though, even when i went into properties etc. I am using Vista, so that might be the case. I dont have a router, i just use my phone as a modem and that could be the case.

The one thing i dont understand is, is that I have used this for months on end, and this is the first time it has shown it (i looked in the full history). The only other thing is, is that both ip address i put up, are linked to a DNS server from some posts i saw on various websites, and it has a link with tmobile mobiel broad band. But that still brings me to the point as to why this is happening now all of a sudden, and not the whole life time of my device.

From doing a bit of Googling myself, yes it does appear that 10.177.0.34 is the primary DNS nameserver for T-Mobile, which certainly explains why you are seeing these communications on Port 53 (DNS).  So there is nothing to worry about here.  Sometimes a program update to Norton software will result in things being logged that had not been logged previously.  I recall some Norton Tamper Protection entries that started to appear after the last major patch was issued for NIS 2009.  Because the communication is now understood, you can rest easy that it does not represent a danger.

Ah ok thanks, I just wanted to make sure, This is the first time i have come accross something like this. My last question though is about he AU_.exe thing i noticed. It appeared again, but this time i uninstalled raptr. The first time it appeared i uninstalled Firefox. I also uninstalled some other programs and they came back differently. Now is this just being cause by the uninstall, or is it something worse?

Its something else i have looked up and some came up as false negitives, and some came up as its a bad virus. The only things i ever cought were tracking cookies, and that hijack.displayproperties on malwarebytes yesterday. About 3-5 months ago norton blocked a trojan, but i highley doubt it has anything to do with this, since it was so long ago.

Thanks again for all the help everyone.

Can you look in your Norton Security History for the full path for AU_.exe, using the “More Details” option? 

Well on case of it came up as 42 changes and it was to the system configuration, windows startup settings, internet explorer settings, and program start up settings.

Now its just showing it happening one time, today, but i remeber it showed up before ( i did a search in the full history).

Do you see a full file path, such as “C:\Program Files\Mozilla Firefox\Uninstall\AU_.exe” or something similar?

Well i cant seem to find the firefox one, but i think this came up shortly after the rapter one. I also have deleted my temp files manually 2 times recently, so im not sure if that is related. I have pictures below(from tinypic) showing you the files that were changed. Keep in mind, trickster online, and some others i uninstalled a long time ago.

http://tinypic.com/r/axiicp/4

http://tinypic.com/r/29wlsg/4

http://tinypic.com/r/35cla2g/4

http://h30434.www3.hp.com/psg/board/message?board.id=OSandSW&thread.id=2743

I also read on here saying that it might just be something that happens when you unistall some programs. IT still worries me though, since alot of bad stuff has AU_.exe as its name. as of right now its not a process running, i just noticed it under norton's history.

Norton classified this as a low risk, so I would not be too concerned, especially if the actions happened as a result of something that you initiated (uninstalling a program).  If the entries correspond to something that you did or caused to happen, then there is no reason to suspect malware.

Also you have to take what you read on these file-lookup sites with a grain of salt;  a lot of malware disguises itself with the names of legitimate files.  I really don't give a lot of weight to some of the descriptions on these sites that make it sound as if everything could be malware.  The important thing to look for is the file path to make sure that something that claims to be a Windows system file is not running from something like a temp folder.

hello, azurecubia.

you've asked some good questions.

au_.exe --- that is part of the uninstall process of firefox.  i encountered that some time ago and did some search and that was the consensus.

tmobile ip address intrusion --- i get the same from a few verizon wireless ip addresses.  i use no router.  once in a while, it is blocked as a medium risk on port 53 udp.

malwarebytes hijack --- i always get that on a scan of a fresh install of operating system.  mbam thinks it should be set one way and microsoft keeps it the other way as default.

scan files --- i believe that was answered satisfactorily.

Thanks for all the help everyone, is thier a way i can select multiple solutions? I dont want to leave people out XD.

Well i decided to choose and answer to the problem that was bothering me the most, I have never really come across something that was classified as “intrusion”. Thanks again everyone.