Hello everyone,

My name is mark & im a new member here at norton.com

I had a pc which was hacked or hijacked & i could not cure the problem so i baught a brand new computer yesterday but i think the infection has somehow spread to this new computer, i would be happy if someone here could tell me if the infection has spread to this new computer or if it is clean, i would also be happy to run any programs like hijackthis or whatever & post the results here.

All i have installed on this new computer is windows, the drivers & bundled software, NIS & adobe flash player.

Please help me, i would really appreciate it & become a norton customer for life.

Thank you, Mark.

A description of the precise problems or symptoms would be of enormous assistance. 

Are the machines shared?

Are you getting error messages?

Have you run full system scans on both machines, and what were the results?

Did you or do you have any other security products on either machine (new ones often come with trial software)? 

Have you transferred any files from the old machine to the new machine?

What are the operating systems and what version of Norton (under support>about) have you got?

Ok, im sorry about the lack of info, im new to this lot but me pc is under constant attack from surfaccuaracy .com

No the old hacked pc is off the network & has not been powered up since i got the new one.

Yes im on a free trial of norton internet security 2010 & thats the only security software i have installed.

No the machinines are not shared. (please forget about the old machine, its going in the bin)

No error messages that i have seen.

OS windows vista 32 bit.

Yes i ran a full system scan, it came back clean.

No files have been transfured at all, the pcs have not been connected but i am still using the old monitor, mouse, keyboard & headphones on this new machine.

While i was waiting for a reply here i installed java so i could have a game of chess & i got this notepad message on my desktop;

A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x09604adb, pid=5844, tid=5440
#
# JRE version: 6.0_25-b06
# Java VM: Java HotSpot(TM) Client VM (20.0-b11 mixed mode, sharing windows-x86 )
# Problematic frame:
# C  0x09604adb
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x06704000):  JavaThread "AWT-Windows" daemon [_thread_in_native, id=5440, stack(0x02300000,0x02400000)]

siginfo: ExceptionCode=0xc0000005, writing address 0x12c095ee

Registers:
EAX=0x09604af7, EBX=0x00000001, ECX=0x07660bf0, EDX=0x00000004
ESP=0x023ffa9c, EBP=0x023ffac8, ESI=0x06704128, EDI=0x07660bf0
EIP=0x09604adb, EFLAGS=0x00010292

Top of Stack: (sp=0x023ffa9c)
0x023ffa9c:   6d09c720 023ffb44 0000981a 00000000
0x023ffaac:   023ffb44 023ffbfc 06704128 023ffaa0
0x023ffabc:   023ffb5c 6d0c0038 00000001 023ffaf4
0x023ffacc:   774bfd72 000b04f0 0000981a 07660bf0
0x023ffadc:   00000000 0000981a dcbaabcd 00000000
0x023ffaec:   023ffb44 0000981a 023ffb6c 774bfe4a
0x023ffafc:   6d09c1e0 000b04f0 0000981a 07660bf0
0x023ffb0c:   00000000 c56d66dc 023ffc04 023ffbfc

Instructions: (pc=0x09604adb)
0x09604abb:   09 34 02 00 00 04 00 00 00 08 00 00 00 d0 4a 60
0x09604acb:   09 00 00 00 00 e1 14 c1 14 c1 15 c1 16 40 02 00
0x09604adb:   00 04 00 00 00 08 00 00 00 ec 4a 60 09 00 00 00
0x09604aeb:   00 c1 14 c1 15 e1 14 c1 16 68 02 00 00 03 00 00

Register to memory mapping:

EAX=0x09604af7 is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x07660bf0 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x023ffa9c is pointing into the stack for thread: 0x06704000
EBP=0x023ffac8 is pointing into the stack for thread: 0x06704000
ESI=0x06704128 is an unknown value
EDI=0x07660bf0 is an unknown value

Stack: [0x02300000,0x02400000],  sp=0x023ffa9c,  free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  0x09604adb
C  [USER32.dll+0x1fd72]  GetWindowLongW+0x4b3
C  [USER32.dll+0x1fe4a]  GetWindowLongW+0x58b
C  [USER32.dll+0x2018d]  GetMessageW+0x296
C  [USER32.dll+0x2022b]  DispatchMessageW+0xf

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.awt.windows.WToolkit.eventLoop()V+0
j  sun.awt.windows.WToolkit.run()V+52
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x0671d400 JavaThread "Thread-298" [_thread_blocked, id=5096, stack(0x09100000,0x09150000)]
  0x06718c00 JavaThread "Timer-4" [_thread_blocked, id=4500, stack(0x065f0000,0x06640000)]
  0x076d2400 JavaThread "Thread-296" [_thread_blocked, id=4724, stack(0x0a370000,0x0a3c0000)]
  0x09716400 JavaThread "TextField" daemon [_thread_blocked, id=4844, stack(0x06540000,0x06590000)]
  0x07941800 JavaThread "ClockTicker" daemon [_thread_blocked, id=5328, stack(0x0a2d0000,0x0a320000)]
  0x07941400 JavaThread "ScrollbarButtonRepeater" daemon [_thread_blocked, id=5768, stack(0x0a280000,0x0a2d0000)]
  0x06718800 JavaThread "TextFieldCaretBlinker" daemon [_thread_blocked, id=1124, stack(0x0a230000,0x0a280000)]
  0x09714c00 JavaThread "TickTimer" daemon [_thread_blocked, id=4172, stack(0x0a0a0000,0x0a0f0000)]
  0x07944c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=4308, stack(0x0a050000,0x0a0a0000)]
  0x07944000 JavaThread "InvalQueue-com.pogo.ui2.awt.q[ClientApplet-ChatPanel,0,276,458x127,layout=com.pogo.ui2.awt.e]-ClientApplet-ChatPanel" daemon [_thread_blocked, id=4912, stack(0x09db0000,0x09e00000)]
  0x07943800 JavaThread "ScrollBar" daemon [_thread_blocked, id=4992, stack(0x09d60000,0x09db0000)]
  0x07943000 JavaThread "TextField" daemon [_thread_blocked, id=5212, stack(0x09d10000,0x09d60000)]
  0x07942c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=4156, stack(0x09cc0000,0x09d10000)]
  0x07942400 JavaThread "TickTimer" daemon [_thread_blocked, id=4284, stack(0x09c70000,0x09cc0000)]
  0x07942000 JavaThread "ScrollBar" daemon [_thread_blocked, id=4616, stack(0x09c20000,0x09c70000)]
  0x06719800 JavaThread "BadgeStorage" daemon [_thread_blocked, id=4288, stack(0x071e0000,0x07230000)]
  0x0671c400 JavaThread "SocketConnection" daemon [_thread_blocked, id=5044, stack(0x091f0000,0x09240000)]
  0x0671e000 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=4964, stack(0x09330000,0x09380000)]
  0x0671cc00 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=4996, stack(0x09240000,0x09290000)]
  0x0671c000 JavaThread "Direct Clip" daemon [_thread_blocked, id=4908, stack(0x08db0000,0x08e00000)]
  0x0671b800 JavaThread "Thread-27" daemon [_thread_blocked, id=3856, stack(0x08d10000,0x08d60000)]
  0x0671b400 JavaThread "Thread-26" daemon [_thread_blocked, id=4244, stack(0x08320000,0x08370000)]
  0x0671ac00 JavaThread "Thread-25" daemon [_thread_blocked, id=4728, stack(0x082d0000,0x08320000)]
  0x06716800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=4816, stack(0x07540000,0x07590000)]
  0x0671a000 JavaThread "D3D Screen Updater" daemon [_thread_blocked, id=5380, stack(0x07280000,0x072d0000)]
  0x06719400 JavaThread "thread applet-com.pogo.game.client.chess2.ChessTableApplet-3" [_thread_in_native, id=4776, stack(0x07050000,0x070a0000)]
  0x0671a800 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=4212, stack(0x07230000,0x07280000)]
  0x06718000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=5588, stack(0x07190000,0x071e0000)]
  0x06717c00 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=4740, stack(0x07140000,0x07190000)]
  0x06717400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3332, stack(0x070f0000,0x07140000)]
  0x06716c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=816, stack(0x070a0000,0x070f0000)]
  0x06716000 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=4120, stack(0x063b0000,0x06400000)]
  0x06707800 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=884, stack(0x07000000,0x07050000)]
  0x06706c00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=5544, stack(0x06fb0000,0x07000000)]
=>0x06704000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=5440, stack(0x02300000,0x02400000)]
  0x06703800 JavaThread "AWT-Shutdown" [_thread_blocked, id=2936, stack(0x064f0000,0x06540000)]
  0x06703000 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4328, stack(0x064a0000,0x064f0000)]
  0x066fc000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=2256, stack(0x06400000,0x06450000)]
  0x022e0800 JavaThread "Timer-0" [_thread_blocked, id=5976, stack(0x06360000,0x063b0000)]
  0x022ba000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=6120, stack(0x06310000,0x06360000)]
  0x022a0800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=480, stack(0x06170000,0x061c0000)]
  0x0229c400 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=2464, stack(0x06120000,0x06170000)]
  0x02299c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=4272, stack(0x060d0000,0x06120000)]
  0x02297400 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2020, stack(0x06080000,0x060d0000)]
  0x0227c400 JavaThread "Finalizer" daemon [_thread_blocked, id=3852, stack(0x027c0000,0x02810000)]
  0x0227ac00 JavaThread "Reference Handler" daemon [_thread_blocked, id=4480, stack(0x02630000,0x02680000)]
  0x001ba800 JavaThread "main" [_thread_in_native, id=4432, stack(0x00150000,0x001a0000)]

Other Threads:
  0x0223ec00 VMThread [stack: 0x01b80000,0x01bd0000] [id=5536]
  0x022a1800 WatcherThread [stack: 0x061c0000,0x06210000] [id=4784]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
 def new generation   total 9728K, used 5214K [0x2c100000, 0x2cb80000, 0x2eba0000)
  eden space 8704K,  50% used [0x2c100000, 0x2c5494f8, 0x2c980000)
  from space 1024K,  80% used [0x2c980000, 0x2ca4e438, 0x2ca80000)
  to   space 1024K,   0% used [0x2ca80000, 0x2ca80000, 0x2cb80000)
 tenured generation   total 21332K, used 17338K [0x2eba0000, 0x30075000, 0x34100000)
   the space 21332K,  81% used [0x2eba0000, 0x2fc8e8e0, 0x2fc8ea00, 0x30075000)
 compacting perm gen  total 12288K, used 5347K [0x34100000, 0x34d00000, 0x38100000)
   the space 12288K,  43% used [0x34100000, 0x34638fc0, 0x34639000, 0x34d00000)
    ro space 10240K,  51% used [0x38100000, 0x3862dc00, 0x3862dc00, 0x38b00000)
    rw space 12288K,  55% used [0x38b00000, 0x3919c300, 0x3919c400, 0x39700000)

Code Cache  [0x028c0000, 0x02be8000, 0x048c0000)
 total_blobs=1741 nmethods=1493 adapters=181 free_code_cache=30270912 largest_free_block=384

Dynamic libraries:
0x00400000 - 0x00424000  C:\Program Files\Java\jre6\bin\java.exe
0x77d50000 - 0x77e78000  C:\Windows\system32\ntdll.dll
0x76420000 - 0x764fc000  C:\Windows\system32\kernel32.dll
0x77ee0000 - 0x77fa6000  C:\Windows\system32\ADVAPI32.dll
0x76700000 - 0x767c3000  C:\Windows\system32\RPCRT4.dll
0x74590000 - 0x745ae000  C:\Windows\system32\ShimEng.dll
0x76220000 - 0x7624c000  C:\Windows\system32\apphelp.dll
0x676e0000 - 0x67768000  C:\Windows\AppPatch\AcLayers.DLL
0x774a0000 - 0x7753d000  C:\Windows\system32\USER32.dll
0x77e90000 - 0x77edb000  C:\Windows\system32\GDI32.dll
0x76960000 - 0x77471000  C:\Windows\system32\SHELL32.dll
0x77540000 - 0x775ea000  C:\Windows\system32\msvcrt.dll
0x77a10000 - 0x77a69000  C:\Windows\system32\SHLWAPI.dll
0x76580000 - 0x766c5000  C:\Windows\system32\ole32.dll
0x77cc0000 - 0x77d4d000  C:\Windows\system32\OLEAUT32.dll
0x762a0000 - 0x762be000  C:\Windows\system32\USERENV.dll
0x76280000 - 0x76294000  C:\Windows\system32\Secur32.dll
0x71330000 - 0x71372000  C:\Windows\system32\WINSPOOL.DRV
0x75e00000 - 0x75e14000  C:\Windows\system32\MPR.dll
0x77480000 - 0x7749e000  C:\Windows\system32\IMM32.DLL
0x77740000 - 0x77808000  C:\Windows\system32\MSCTF.dll
0x77e80000 - 0x77e89000  C:\Windows\system32\LPK.DLL
0x76500000 - 0x7657d000  C:\Windows\system32\USP10.dll
0x75120000 - 0x752be000  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
0x7c340000 - 0x7c396000  C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000  C:\Program Files\Java\jre6\bin\client\jvm.dll
0x74db0000 - 0x74de2000  C:\Windows\system32\WINMM.dll
0x74b90000 - 0x74bcd000  C:\Windows\system32\OLEACC.dll
0x6d7a0000 - 0x6d7ac000  C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000  C:\Program Files\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14b000  C:\Program Files\Java\jre6\bin\awt.dll
0x75420000 - 0x7545f000  C:\Windows\system32\uxtheme.dll
0x763e0000 - 0x763e7000  C:\Windows\system32\PSAPI.DLL
0x6ef70000 - 0x6f12a000  C:\Windows\system32\d3d9.dll
0x75bd0000 - 0x75bd8000  C:\Windows\system32\VERSION.dll
0x70a60000 - 0x70a66000  C:\Windows\system32\d3d8thk.dll
0x71b90000 - 0x71b9c000  C:\Windows\system32\dwmapi.dll
0x67bf0000 - 0x67f2c000  C:\Windows\system32\atiumdag.dll
0x6d7e0000 - 0x6d7ef000  C:\Program Files\Java\jre6\bin\zip.dll
0x67920000 - 0x67be2000  C:\Windows\system32\atiumdva.dll
0x60c40000 - 0x60ca9000  C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ASOEHOOK.DLL
0x736f0000 - 0x73793000  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\MSVCR90.dll
0x737a0000 - 0x7382e000  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\MSVCP90.dll
0x6d420000 - 0x6d426000  C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000  C:\Program Files\Java\jre6\bin\deploy.dll
0x75cf0000 - 0x75de2000  C:\Windows\system32\CRYPT32.dll
0x75e60000 - 0x75e72000  C:\Windows\system32\MSASN1.dll
0x77a70000 - 0x77b56000  C:\Windows\system32\WININET.dll
0x77810000 - 0x77813000  C:\Windows\system32\Normaliz.dll
0x775f0000 - 0x77723000  C:\Windows\system32\urlmon.dll
0x77820000 - 0x77a09000  C:\Windows\system32\iertutil.dll
0x6d6a0000 - 0x6d6e6000  C:\Program Files\Java\jre6\bin\regutils.dll
0x6d600000 - 0x6d613000  C:\Program Files\Java\jre6\bin\net.dll
0x766d0000 - 0x766fd000  C:\Windows\system32\WS2_32.dll
0x77730000 - 0x77736000  C:\Windows\system32\NSI.dll
0x75a50000 - 0x75a8b000  C:\Windows\system32\mswsock.dll
0x75b20000 - 0x75b25000  C:\Windows\System32\wship6.dll
0x6d620000 - 0x6d629000  C:\Program Files\Java\jre6\bin\nio.dll
0x6d230000 - 0x6d27f000  C:\Program Files\Java\jre6\bin\fontmanager.dll
0x75a40000 - 0x75a45000  C:\Windows\System32\wshtcpip.dll
0x74b80000 - 0x74b8f000  C:\Windows\system32\NLAapi.dll
0x75c50000 - 0x75c69000  C:\Windows\system32\IPHLPAPI.DLL
0x75c10000 - 0x75c45000  C:\Windows\system32\dhcpcsvc.DLL
0x75ea0000 - 0x75ecc000  C:\Windows\system32\DNSAPI.dll
0x75c00000 - 0x75c07000  C:\Windows\system32\WINNSI.DLL
0x75a90000 - 0x75ab2000  C:\Windows\system32\dhcpcsvc6.DLL
0x72580000 - 0x7258f000  C:\Windows\system32\napinsp.dll
0x72000000 - 0x72012000  C:\Windows\system32\pnrpnsp.dll
0x72030000 - 0x72038000  C:\Windows\System32\winrnr.dll
0x77b60000 - 0x77ba9000  C:\Windows\system32\WLDAP32.dll
0x725c0000 - 0x725c6000  C:\Windows\system32\rasadhlp.dll
0x758a0000 - 0x758db000  C:\Windows\system32\rsaenh.dll
0x6d790000 - 0x6d79f000  C:\Program Files\Java\jre6\bin\unpack.dll
0x6d510000 - 0x6d534000  C:\Program Files\Java\jre6\bin\jsound.dll
0x6d540000 - 0x6d548000  C:\Program Files\Java\jre6\bin\jsoundds.dll
0x6ec50000 - 0x6ecc0000  C:\Windows\system32\DSOUND.dll
0x756d0000 - 0x756ea000  C:\Windows\system32\POWRPROF.dll
0x74a40000 - 0x74a6f000  C:\Windows\system32\wdmaud.drv
0x74d80000 - 0x74d84000  C:\Windows\system32\ksuser.dll
0x75520000 - 0x75548000  C:\Windows\system32\MMDevAPI.DLL
0x75460000 - 0x75467000  C:\Windows\system32\AVRT.dll
0x767d0000 - 0x7695a000  C:\Windows\system32\SETUPAPI.dll
0x754c0000 - 0x754ed000  C:\Windows\system32\WINTRUST.dll
0x763f0000 - 0x76419000  C:\Windows\system32\imagehlp.dll
0x74a10000 - 0x74a31000  C:\Windows\system32\AUDIOSES.DLL
0x74970000 - 0x749d6000  C:\Windows\system32\audioeng.dll
0x74b70000 - 0x74b79000  C:\Windows\system32\msacm32.drv
0x748a0000 - 0x748b4000  C:\Windows\system32\MSACM32.dll
0x74890000 - 0x74897000  C:\Windows\system32\midimap.dll
0x77c30000 - 0x77cb4000  C:\Windows\system32\CLBCatQ.DLL
0x6d1a0000 - 0x6d1c3000  C:\Program Files\Java\jre6\bin\dcpr.dll
0x6d440000 - 0x6d465000  C:\Program Files\Java\jre6\bin\jpeg.dll

VM Arguments:
jvm_args: -D__jvm_launched=3915198619 -Xbootclasspath/a:C:\\PROGRA~1\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~1\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Xmx128m -Dsun.plugin2.jvm.args=-D__jvm_launched=3915198619 "-Xbootclasspath/a:C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- -- -Xmx128m
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2860_pipe3,read_pipe_name=jpi2_pid2860_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
USERNAME=master
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 16 Model 5 Stepping 3, AuthenticAMD

---------------  S Y S T E M  ---------------

OS: Windows Vista Build 6002 Service Pack 2

CPU:total 4 (4 cores per cpu, 1 threads per core) family 16 model 5 stepping 3, cmov, cx8, fxsr, mmx, sse, sse2, sse3, popcnt, mmxext, 3dnow, 3dnowext, lzcnt, sse4a

Memory: 4k page, physical 3405028k(2119556k free), swap 7023580k(5797832k free)

vm_info: Java HotSpot(TM) Client VM (20.0-b11) for windows-x86 JRE (1.6.0_25-b06), built on Apr 14 2011 01:04:32 by "java_re" with MS VC++ 7.1 (VS2003)

time: Tue May 10 23:27:23 2011
elapsed time: 1565 seconds

Im also getting messages from NIS 2010 about attacks from the website / web address i mentioned, surfaccuaracy .com but NIS 2010 tells me it has been blocked & no attention is required.

I will not install anything else on this pc untill this problem is resolved, thanks for teying to help me.

[edit: Masked the hyperlink to a possible malicious website to conform with the Participation Guidelines and Terms of Service]

Nis 2010 will not allow me to copy the info in the warnings to post them here, please tell me if there is a way i can do that.

The warning from norton 2010 say, Application Name :  \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

I really have no idea how to deal with this.

I have run another full system scan with NIS 2010 & it came back clean.

Here is the history from NIS 2010, everyting i have listed is from the begining of my pc setup so the most recent problems are at the bottom of this list.

My biggest question at the moment is should i delete all the .exe's that have been tatgeted in the system32 folder & the registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\" ?
My next question is should MRT.exe be in my computer or not?
Is there a way i can completely block this attack from my connection?
Should i ask my ISP for a new IP address?
Can this attacker be prosecuted & if so how do i go about getting it done?

As you can probably tell i have no idea what im doing so your help is all i have.

Actor : C:\WINDOWS\SYSTEM32\A TIESRXX.exe
Target : C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MRT.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MRT.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SERVICES.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE
Target : C:\Program Files\Windows Sidebar\Norton.Gadget\cs-CZ\Gadget.css
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.7.0.12\ccsvchst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SERVICES.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.7.0.12\ccsvchst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Error Type : Error Condition Detected
Product Name : Noton Internet Security
Product Version : 17.7.0.12
Process Name : ccSvcHst
Process Version : 109.0.3.4
Module Name : CCEMLPXY
Module Version : 109.0.3.4

This message will not fit in the post so i will continue it with another post

CONTINUED From My Last Post.

Error Type : Error Condition Detected
Product Name : Noton Internet Security
Product Version : 17.7.0.12
Process ID : 0x7B0
Process Name : ccSvcHst
Process Version : 109.0.3.4
Module Name : avModule
Module Version : 17.7.0.12

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Error Type : Error Condition Detected
Product Name : Noton Internet Security
Product Version : 17.8.0.5
Process ID : 0xE80
Process Name : ccSvcHst
Process Version : 109.0.3.4
Module Name : NPCStatus
Module Version : 17.8.0.5

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MRT.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MRT.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\MRT.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SERVICES.EXE
Target : C:\Program Files\Noton Internet Security\Engine\17.8.0.5\ccsvcHst.exe
Reaction : Unauthorized access blocked

Actor : C:\WINDOWS\SYSTEM32\SVCHOST.EXE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\Control\
Reaction : Unauthorized access blocked

Serverity High
An intrusion attempt by 66.152.93.130 was blocked.
HTTP SurfAccuracy Config Request
66.152.93.130,80
attacking url xxx.surfaccuracy. com/sacc/roi2.php?m=p&iadv=6105

[edit: Masked the hyperlink to a malicious URL to conform with the Participation Guidelines and Terms of Service]

Hi

You want have to worry about the Unauthorized Access Blocked Alerts

When a Windows/Other program process gets  too close to Norton  Blocks it.

As for the Config Request goes.Their is a chance you may have a threat or a bundled application may be causing the problem

Please Visit the Following Free Malware Removal Forums.

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Links provided by Delphinium)

They will check your PC for any Hidden threats and help you get rid of them.

After they Give you a clean Chit.

Please Post back Results and also Download and install the Latest  Version Norton 

You can use this link to update http://updatecenter.norton.com/

Please Update Norton only after the Forum people have given you  a clean Chit

Hi Agin Mark

Here is some info on surfacc

Please Read the information in the below link it suggests it is sometimes bundled with software

http://www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99

Before You pay a vsit to those Forums

I Recommend You download Malware bytes Antimalware From Here

Install Update and run a full system Scan.

Please Post the Log File of Malware Here in the Forum

Thank you midou, 

I will follow all those steps & post the logs.

I will also upgrade to the best version of norton once my pc is clean & i will resubscribe for life, i really have learnt the hard way, these hackers & malware/viruses have cost me two computers so far & thats not including this new computer im using now.

I will also remain active on this great forum because i dont want to loose another computer ever again. 

 I would suggest resetting your router.  No need to worry about tamper protection as BanMidou said. 

Thank you delphinium,

I will reset the the router for sure.

Its also great to hear NIS is safe from being tampered with.

Gayathri_R you have my apologies for posting those nasty links, i should have know better, it will not happen again.

I have to go to work now, back later.

Heres the mbam log after running a full scan, it looks clean to me.

Malwarebytes' Anti-Malware 1.50.1.1100
xxx.malwarebytes.org (removed link)

Database version: 6558

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

12/05/2011 01:36:22
mbam-log-2011-05-12 (01-36-22).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 246800
Time elapsed: 31 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Im still concerned about the java messages im getting on my desktop in .txt files.

Every single game of chess i play online gives me a new java .txt message on my desktop simular to the one i posted earier in this thread, i have never seen these .txt messages on my desktop in the past & i have played chess online & on the same website for a few years, its always been java based.

I have had a new type java .txt message too, heres the start of the message.

# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_PRIV_INSTRUCTION (0xc0000096) at pc=0x07575d21, pid=2844, tid=1420
#
# JRE version: 6.0_25-b06
# Java VM: Java HotSpot(TM) Client VM (20.0-b11 mixed mode, sharing windows-x86 )
# Problematic frame:
# C  0x07575d21

This is not normal for java users is it?

I have finish running anti spyware scans & im now happy to move on to the links provided by midou.

I have also reset the router so i have a new ip address.

Here is the log file from a full scan using spybot search & destroy.

--- Search result list ---
Congratulations!: No immediate threats were found. (Status)

--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)

--- Startup entries list ---
Located: HK_LM:Run, HDAudDeck
command: C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
   file: C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
   size: 1713152
    MD5: 8B44B4343A96E30E2CDEC8D0A7F321C0

Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
   file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
   size: 98304
    MD5: 86EC130BD272606A113060387F116DF1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
   file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
   size: 253672
    MD5: 13B19DD5EBEB6FDDBD11DD77490A3585

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
   file: C:\Program Files\Windows Defender\MSASCui.exe
   size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, Sidebar
  where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
   file: C:\Program Files\Windows Sidebar\Sidebar.exe
   size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
  where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
   file: C:\Windows\system32\oobefldr.dll
   size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, Sidebar
  where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
   file: C:\Program Files\Windows Sidebar\Sidebar.exe
   size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
  where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
   file: C:\Windows\system32\oobefldr.dll
   size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

--- Browser helper object list ---
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (Symantec NCO BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Symantec NCO BHO
        CLSID name: Symantec NCO BHO
              Path: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\
         Long name:        coieplg.dll
        Short name:                  
    Date (created): 10/05/2011 06:03:06
Date (last access): 10/05/2011 06:03:06
 Date (last write): 04/09/2010 00:31:30
          Filesize:             396144
        Attributes:  readonly archive
               MD5: F36295D5519DBA6D9AE59D845AA22364
             CRC32:           5D8C7053
           Version:         2010.6.1.3

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Symantec Intrusion Prevention
        CLSID name: Symantec Intrusion Prevention
              Path: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\
         Long name:         ipsbho.dll
        Short name:                  
    Date (created): 10/05/2011 06:03:08
Date (last access): 10/05/2011 06:03:08
 Date (last write): 14/05/2010 02:41:20
          Filesize:              79224
        Attributes:  readonly archive
               MD5: E60F55692DE0DF4F393A2A18C7FB9662
             CRC32:           3C09EEC1
           Version:            9.1.2.5

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name:
        CLSID name: Windows Live ID Sign-in Helper
              Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 21/09/2010 14:08:38
Date (last access): 10/05/2011 06:49:20
 Date (last write): 21/09/2010 14:08:38
          Filesize:             439168
        Attributes:           archive
               MD5: 6BF01E200063D7274F3AF06D226671F5
             CRC32:           C8953126
           Version:       7.250.4225.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name:
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files\Java\jre6\bin\
         Long name:         jp2ssv.dll
        Short name:                  
    Date (created): 10/05/2011 22:58:26
Date (last access): 10/05/2011 22:58:26
 Date (last write): 10/05/2011 22:58:26
          Filesize:              41760
        Attributes:           archive
               MD5: EC48890B04D283371DC2CADAC40AD5B5
             CRC32:           713D949B
           Version:          6.0.250.6

--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_25
         Installer:
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link:
       info source: Patrick M. Kolla
              Path: C:\Program Files\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                  
    Date (created): 10/05/2011 22:58:26
Date (last access): 10/05/2011 22:58:26
 Date (last write): 10/05/2011 22:58:26
          Filesize:             112416
        Attributes:           archive
               MD5: C3EEF71D8F5C44820AE064D84CA5AEE6
             CRC32:           B5FF42F7
           Version:          6.0.250.6

{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_25
         Installer:
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
              Path: C:\Program Files\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                  
    Date (created): 10/05/2011 22:58:26
Date (last access): 10/05/2011 22:58:26
 Date (last write): 10/05/2011 22:58:26
          Filesize:             112416
        Attributes:           archive
               MD5: C3EEF71D8F5C44820AE064D84CA5AEE6
             CRC32:           B5FF42F7
           Version:          6.0.250.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_25
         Installer:
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
       description:
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link:
       info source: Safer Networking Ltd.
              Path: C:\Program Files\Java\jre6\bin\
         Long name:    npjpi160_25.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 10/05/2011 22:58:26
Date (last access): 10/05/2011 22:58:26
 Date (last write): 10/05/2011 22:58:26
          Filesize:             141088
        Attributes:           archive
               MD5: 50726B3211F606965CA8AE00300570F1
             CRC32:           0B421029
           Version:          6.0.250.6

--- Process list ---
PID: 3172 (1976) C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
 size: 126392
  MD5: 8E643FD5F38FA9A2EDA27268A1E9499F
PID: 3224 (1064) C:\Windows\system32\taskeng.exe
 size: 171520
  MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 3456 (1052) C:\Windows\system32\Dwm.exe
 size: 81920
  MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3508 (1064) C:\Windows\system32\taskeng.exe
 size: 171520
  MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 3528 (3208) C:\Windows\Explorer.EXE
 size: 2926592
  MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 3644 (3508) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
 size: 5756544
  MD5: 2252A0D8EB1D73FDBA7454FF7D395825
PID: 3768 (3528) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
 size: 1713152
  MD5: 8B44B4343A96E30E2CDEC8D0A7F321C0
PID: 3816 (3528) C:\Program Files\Common Files\Java\Java Update\jusched.exe
 size: 253672
  MD5: 13B19DD5EBEB6FDDBD11DD77490A3585
PID: 3828 (3808) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 size: 65536
  MD5: E7704CBF568815C1CAA6E513387BD3F2
PID: 2796 (3828) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 size: 65536
  MD5: 74EF310FAC89341CE2897B7F2C4A7B0F
PID: 2184 ( 404) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID:    0 (   0) [System Process]
PID:    4 (   0) System
PID:  412 (   4) smss.exe
 size: 64000
PID:  480 ( 468) csrss.exe
 size: 6144
PID:  544 ( 468) wininit.exe
 size: 96768
PID:  552 ( 536) csrss.exe
 size: 6144
PID:  588 ( 544) services.exe
 size: 279552
PID:  616 ( 536) winlogon.exe
 size: 314368
PID:  628 ( 544) lsass.exe
 size: 9728
PID:  644 ( 544) lsm.exe
 size: 229888
PID:  804 ( 588) svchost.exe
 size: 21504
PID:  864 ( 588) svchost.exe
 size: 21504
PID: 1000 ( 588) atiesrxx.exe
 size: 172032
PID: 1024 ( 588) svchost.exe
 size: 21504
PID: 1052 ( 588) svchost.exe
 size: 21504
PID: 1064 ( 588) svchost.exe
 size: 21504
PID: 1176 (1024) audiodg.exe
 size: 88576
PID: 1200 ( 588) svchost.exe
 size: 21504
PID: 1220 ( 588) SLsvc.exe
 size: 3408896
PID: 1264 ( 588) svchost.exe
 size: 21504
PID: 1284 (1000) atieclxx.exe
 size: 352256
PID: 1416 ( 588) svchost.exe
 size: 21504
PID: 1664 ( 588) spoolsv.exe
 size: 128000
PID: 1692 ( 588) svchost.exe
 size: 21504
PID: 1976 ( 588) ccsvchst.exe
PID:  328 ( 588) svchost.exe
 size: 21504
PID:  456 ( 588) svchost.exe
 size: 21504
PID:  536 ( 588) WLIDSVC.EXE
PID: 1388 ( 588) SearchIndexer.exe
 size: 441344
PID: 2088 ( 536) WLIDSVCM.EXE
PID: 2200 (1064) taskeng.exe
 size: 171520
PID: 2476 ( 804) dllhost.exe
 size: 7168
PID: 3844 ( 588) svchost.exe
 size: 21504
PID:  772 (1064) taskeng.exe
 size: 171520

Spybot search & destroy log continued.

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/05/2011 09:48:23

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.google.co.uk/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://go.microsoft.com/fwlink/?LinkId=54896

--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  1: MSAFD Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  2: MSAFD Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  3: MSAFD Tcpip [TCP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  4: MSAFD Tcpip [UDP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  5: MSAFD Tcpip [RAW/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip [*]

Protocol  6: RSVP TCPv6 Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  7: RSVP TCP Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  8: RSVP UDPv6 Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  9: RSVP UDP Service Provider
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDF4FAEB-6EC3-4418-AD1C-F5A0E8DAE851}] SEQPACKET 4
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CDF4FAEB-6EC3-4418-AD1C-F5A0E8DAE851}] DATAGRAM 4
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5EB13D9F-3BAD-4905-9169-8148841BB5DA}] SEQPACKET 0
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5EB13D9F-3BAD-4905-9169-8148841BB5DA}] DATAGRAM 0
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9E23FCAC-AA62-4DAF-BAA7-D48589F614C6}] SEQPACKET 1
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9E23FCAC-AA62-4DAF-BAA7-D48589F614C6}] DATAGRAM 1
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CDF4FAEB-6EC3-4418-AD1C-F5A0E8DAE851}] SEQPACKET 5
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CDF4FAEB-6EC3-4418-AD1C-F5A0E8DAE851}] DATAGRAM 5
        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP NetBios protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD NetBIOS *

Namespace Provider  0: Network Location Awareness Legacy (NLAv1) Namespace
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

Namespace Provider  1: E-mail Naming Shim Provider
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

Namespace Provider  2: PNRP Cloud Namespace Provider
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

Namespace Provider  3: PNRP Name Namespace Provider
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

Namespace Provider  4: Tcpip
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  5: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS

This is the spybot version & file contents, please let me know if anything is a miss.

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-05-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

You could have a look in add/remove programs to see if surfaccuracy has been installed as a toolbar.  This would be the best way to get rid of it.  It may just be considered to be a "potentially unwanted program" in which case, nothing will find it.

I would suggest a couple of things:

Uninstall Java and start over.  Was Java installed using the admin account or through a limited user, using run as administrator.  This appears to me to be a series of Windows errors, and or conflicts with the Java installation.  It does not appear to be an infection.

Your Norton is a year out of date.  You can save your login data as an NPM file and install the latest version from here.  Since your system has some issues, I would remove NIS through add/remove and then run the removal tool. Once installed, restore the logins.

http://www.symantec.com/symnrt

www.norton.com/nis11

If you also have Teatimer running in Spybot S & D, it is going to cause some nasty conflicts with Norton.  Teatimer should be disabled, as well as Windows Defender.  Best to remove S & D.

Is this chess game in a browser, or the one on your system.  If in the browser, which browser are you using?

Have you updated your video and sound cards at the manufacturer's website for your machine.  Check into these areas first.

Hi

Removing Spybot is Better

Remember to unimmunize before removal

I` may be wrong but as afr as I see spybot is just not good enough for the todays malware

Please Have Malware Bytes update and regularly run scans.

Also Download CCleaner  From http://www.filehippo.com/download_ccleaner/

Run the CCleaner tool to remove all junk files

Also,After you download Open CCleaner>Tools>Uninstall

Their is a option Save to text file in the bottom right corner.

Post back the log file it will help Other members to Zero in on any unrequired toolbar / application

I don't recommend a cleaner in this instance.  Unless the user is fairly knowledgeable about cleaners and what they do, it can create a worse problem. 

Thank you once again delphinium.

I have looked everywhere for surfaccuracy but i cant find it, there is nothing by surfaccuracy in add/remove, i have also looked right through the services list & i have tryed many system searches with surfaccuracy as the name & or author but i cant find it.

I have uninstalled java But it is still in ie8 as an add-on/extension called "Java(tm) plug-in 2 SSV Helper, Publisher Control name is not available", i could really do with some more advice about this, i have disabled it for now, i would like to reinstall it soon.

The chess game is played through a browser, ie8, i would like to use another browser for the game but im not sure how to put norton's add-ons/extensions into new browsers.

I have upgraded to NIS 2011, thanks for telling me how to do that.

Spybot S&D, i did not install Teatimer or ie helper & i did not immunize, this was because i read it causes problems with hijackthis, i have uninstalled it now.

Windows Defender was already disabled, i think norton's installation does that.

I have now updated every driver in my system that there was updates available for including sound & video.

Thanks BanMidou, i will setup Malware Bytes as you suggested.

About CCleaner, i used to use it on my old computer, for a few months i thought it was great but somehow it started deleting files it should not have deleted, i have no idea how it did that but it kind of put me off using it again, it even deleted files belonging to AVG free antivirus & stoped it from starting up with windows.

Thanks again to both of you & please keep advising me, i really appreciate all your help, Mark.