Hi Jaydigs12,

Some routers, such as the Linksys WRT54G for example, have separate MAC addresses for the WAN (what your ISP sees) the LAN (what your wired ethernet network sees) and the WLAN (what your wireless network sees).  Each of these will be identical except for the last digit in the MAC address.

Moreover, spoofing a MAC address means that one is making a separate device appear to be the device that actually belongs to the legitimate MAC address in question.  The MAC address would look the same, not different.  What you describe is not MAC address spoofing, and would not permit an outside device to join your network by pretending to be an allowed device.

Further still, the Cloud 7. L and WS Trojan H submissions, unless they are being detected and removed by Norton during a virus scan, are simply files of interest that are submitted to Symantec for analysis.  If you are finding them listed in Norton Community Watch, but not in Quarantine or Resolved Security Risks, then they are not malicious and would not be related to anything you are reporting as an issue.

Networking can be difficult to troubleshoot sometimes, so it is hard to know what might be causing web page loading to be slower with one network connection than another - expecially if you are alternating routers (although if you are using both routers at the same time you could be having a problem with double NATing).  But from what you describe, it sounds like things are behaving normally (Norton firewall logs report new connections and closed connections all the time).  I wouldn't be too concerned about anything malicious going on, and the best thing to do if connection speed seems to be an issue would be to try to review all of your Windows and router wireless settings to make sure everything is setup correctly.

Well of course my routers have two Macs.  One for wired and a different one for wireless.  These are Linksys routers with DD-DRT firmware.  The Macs are configurable as well.  But I just leave them the stock Mac of the router.  By spoofing I mean that, the gateway listed in NIS is just two numbers off on two different column of  the address.  like changing a 55 to a 56 and a 61 to a 62.  But technically this is a different mac.   I don't use wireless anymore.  I know the mac of all my hardware.  And this appears to be a "semi-spoof" on the routers wired lan.  At first glance, it looks the same, but not.  When this event happens, web pages take longer to load, as if filtered.  CISPA is not started yet, it it?

The last time, I noticed it, the Mac was not even close to any hardware Mac that I have.  And was listed by NIS in history as a new gateway.  I don't get it.  Unless 'it' has back door help.

Win7 64 bit.  Always set to firewall to Public Place/ with no sharing in advanced sharing.  I noticed file and printer sharing was ticked.  I did not do that.  To my horror.  I rechecked all my sharing settings to NO Sharing.  Some thing is going on, I can tell you that much.  I don't even allow my machine name to be broadcast with  DNS.  TCP/IP helper is disabled.  Even tho I have been using Norton products since 95, I don't come to the Forums much, because I usually can work things out myself.  The technology is changing so fast on the internet end, Im playing catch up all the time.  When I first heard 'Cloud', I didn't like it.  It is insecure.

MAC addresses that are one digit off have been reported often (such as here) and I have seen it on my own system as well.  It is a matter of your router having separate MAC addresses for different networks.  I think if you dig around in the router settings you will find the unexplained MAC address listed somewhere.

Since you are using a wired connection, I am not sure what significance you are attaching to the MAC address.  I don't know how or why the MAC address could or would be tampered with, if that is what you are suspecting.  

What are the timestamps for the Norton History log events?  Do they correspond to system startup times?  Are there any entries associated with the new gateway entries, such as "network disappeared" entries?

Thanks for your help SendOfJive.  It seems that I had a bad Flash Plug-in for FireFox.  It would try to update even tho I was using Chrome!?  NIS said I allowed this update.  I didn't even know about it.   I removed all Flash Players and Plug-in's, then uninstalled FireFox.  I found some strange folders in my pictures folder.  It was called 'Operation Cannibus".  It had some weird pics in it, like pics of charles Manson, sticking his tongue out.  Weird stuff.  I think it was a Govt. hack.  Hope I got it all.

thanks