i'm wondering if you can help me determine if i've been hijacked.

well confirm it more in my mind.
anywho...

the signs have developed on two pc's and a ps3 that I can note. all working on the same network. the ps3 information isn't as pertinent or obvious as the copmuter information.

on my pavilion,
someone disabled my AV program. (i think). they had it reporting false viruses. i don't have the pavilion in front of me though, it is at hp being services because there were a lot of issues with it, unfortunately i can't say determinately the cause.

on this pc,
windows update has updated to service pack 1 twice. and it keeps trying to update to service pack 1, in addition, i'm getting notices to install video drivers when they are already up to date. the installation fails, because i fell for it once before i realized it may be a hijacking, and then did it a second time to test if it was just some bs.

i can't say why that update fails.
i also don't know what info you guys need to help me figure out what is going on with the pc. so if you can, please just ask me what to do.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

this will take some time and i'm about to run the steps now, give me a bit to answer because this could take a while.

ok, i downloaded superanti and checked all the stuff, and removed the internet connection.
physically.
as far as i know there are no wireless cards other than the external one we use to connect to the net.
i don't see any ethernet cables on the computer.

its still connected to the internet. :/

the linksys network adapter has been removed though, taken out of its base and the base detached from the pc.

there is an hp 802.11abg wireless lan
nvidia nforce 10/100/1000 mbps ethernet and it keeps prompting me to install a driver and refuses to install the driver properly.

there are also bluetooth modules and enumerators, i don't know if that would make it possible to retain a connection to the internet as well, or other wireless devices.
i don't know how to physically render the hp 802.11 incapable or the bluetooth devies.

EDIT: added device manager information. added bluetooth information, added name of wirelesss adapter.

thanks for your help btw, i presume this won't be resolved over night given our differences in schedule and my lack of knowledge. i appreciate you taking the time to help me.

so you know or may look at the pc info, this is an HP IQ770 Touchsmart Desktop PC.
My other computer which is being services is an HP Pavilion p6110f.

You said phsycially disconnect from the internet, otherwise i would have just disabled the connection via network discovery and rebooted in safe mode to continue. I thought I was phsyically disconnected from the net, apparently not.

Run Super in normal mode then.

i'll boot to safe and run it, but the net will remain physically connected. i can only prevent networking.

Ok.

superanti spyware doesn't report any malicious threats. i'm moving on to the next step in the instructions.

p.s. i've run MB on this pc before, just the c: and this time I'm doing c & d (which is recovery). It'll be quite a few hours and we will probably have to continue our correspondance tomorrow, where I'll likely be available, usually most other people are not.