Feels buggy

Hello,

I'm posting because I am sensing some suspicious activity with my computer as follows:

1) A week or so ago, a split second glimpse of a window, from desktop, running in background

2) ZoneAlam logs - under rules, it usually says "Block all2". For the past week, it would just report, "Block". I'm not certain what the difference is in those two terms but as of today, it's blocking everything as "All2" again.

Last night, I disabled all remote access services along with "Telephony" and "Terminal Services". At the time I was doing that, I could not get the "Remote Access Auto Connection Manager" service to stop although it did after I rebooted. (I don't know if this has anything to do with anything but it seemed strange that I could not get the service to stop)

3) Computer would take around 3 mins to shut down. Computer would take 5 minutes to boot, then, I'd log in and get a black screen with only the pointer displaying and another 5 minutes before anything else would display on the screen - sometimes, nothing would and I'd have to reboot.

----------------------
WHAT I'VE BEEN MOST CONCERNED ABOUT
4) When I log onto my webhost, I see activity properly reported under my IP address. I also see the usual bots and hack attempts under thier IPs. Then, accessing almost all the same files (simultaneously) reported accessed under my IP address, I see an odd 'string' for another IP, which when I google it, appears to be a clone of my IP address. I believe this was confirmed when I blocked it and in so doing, my IP address was also blocked. That 'string' is as follows:

cpe0007e9a13ef7-cm0019477f9144.cpe.net.cable.rogers.com
-------------------------

From my novice point of view, it seems that my computer has been 'bugged' and, that whatever/whomever it is, is able to access the places that I surf to, notably, the admin files in my web logs and web admin panels

Just for so, I also disabled all FF add-ons (WebDeveloper, Firebug and Adobe DLM)

Of course I could be wrong but, when I ran this by support at my web host and ISP. Both of them had the same thought...so...here I am.

I've attached a zip of my logs. I could not get ComboFix to run although I was able to run it several weeks ago. I download HJ and ran it but the report seemed really short so, just in case, I added the Winpatrol and Spybots logs where I was also trying to find something. Stinger generated a 'clean' report.

I'd appreciate having a MajorGeek take a look and advise.

Thank you,

 

Thanks for your response.

My apologies - I said ComboFix wouldn't run but it did and that log was attached. However, it was MGTools which would not run...

 

Hi Tim,

I turned off everything and unplugged that cable connection. What happened when I ran it, I saw a window for a fleeting second before it disappeared. I will now try the procedure you last posted

Thank you,

 

As I did when I tried to run MGtools, I disabled everything before following the referenced instruction. I have attached a log of the session with messages.

Thanks