get into safemode, load hijackthis!, do a scan, and on hijackthis! place a checkmark next to all of these values and select fix checked:

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

As long as I have been working with you, please disreguard the instructions posted by itgforlife. I am reviewing your logs and will be posting some script for you to run as soon as you can tell  me:

Do you know what these folders are for? The first one appears as a record of preferences for Runescape. Do you use it? Did you intentionally install Dutch Duck?

C:\Documents and Settings\A12312\jagex_runescape_preferences.dat
C:\Documents and Settings\A123\jagex_runescape_preferences.dat
C:\Documents and Settings\12113121322311323232
C:\Documents and Settings\A123\Application Data\Dutch Duck
C:\Documents and Settings\AAAAA
C:\Documents and Settings\AAAA
C:\Documents and Settings\A32113~4
C:\Documents and Settings\111111~4
C:\Documents and Settings\A32113~3
 C:\Documents and Settings\111111~3
C:\Documents and Settings\A32113~2
C:\Documents and Settings\111111~2
C:\Documents and Settings\A32113~1
C:\Documents and Settings\111111~1

I'm not sure how the first few ones are used so I don't mind them being deleted or something.  I did download Dutch Ducks for myself so those are there because of that.


Not sure about these if you asked:

C:\Documents and Settings\AAAAA
C:\Documents and Settings\AAAA
C:\Documents and Settings\A32113~4
C:\Documents and Settings\111111~4
C:\Documents and Settings\A32113~3
 C:\Documents and Settings\111111~3
C:\Documents and Settings\A32113~2
C:\Documents and Settings\111111~2
C:\Documents and Settings\A32113~1
C:\Documents and Settings\111111~1

Not sure if you asked about those but pretty sure they would just be the normal account files.

Those are folders, but if you are sure what's inside them is okay, I'll leave them.

Disconnect from the internet....pull the plug!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray.

Otherwise, they may interfere with running ComboFix.

Open Notepad and copy/paste the following text between the lines below.

Do not copy the dotted lines.

** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces.

It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------

Killall::

File::

C:\WINDOWS\system32\bthcii.dll

c:\windows\system32\dmsynthn.dll

C:\WINDOWS\system32\eitteybf.dll

C:\WINDOWS\system32\drivers\uxirffqh.sys

C:\WINDOWS\system32\drivers\ilyaj.sys []

C:\WINDOWS\system32\drivers\qghwvae.sys []

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B0FE8FA-E741-487A-AFD1-88E24F59652A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8B8A922-5039-4FA8-B8DF-2CCBECF33C67}]

----------------------------------------------------------------------------

Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe

You will be prompted to run Combofix again.

Follow the same instructions you did before for running ComboFix.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced here: C:\ComboFix.txt

In your next reply, please post that log along with a new HijackThis log.

Just a quick update so I don't forget to post here; I'll have that stuff done soon, have just been pretty busy lately but I'll make sure I do it soon.

I have ZoneAlarm on my computer from ZoneAlarm.com and it works like a dream. If I am on the internet and some one tries to hack my computer, it warns me and I can stop it from happening. Go to www.zonealarm.com, go to download and buy, but you don't have to buy, go to free downloads, and get the zonealarm free trial. Also helpful is www.filehippo.com, go to anti - virus, and get the free version of AVG as well. I hope that was helpfull. They go hand in hand with each other and they both alert you when a virus tries to enter your computer, or, let's say, a hacker. It shure has helped me tons.

Hintsu, you have replied to a log with a rootkit. We appreciate your trying to help but Undertaker already has an anti-virus installed and it would not be good for him to install another. The programs you have suggested will not help in this situation. They will conflict with tools that I am having him use.

Hey sorry it's taking me so long, I have final exams and a lot of work in the next few days.  If I take a while to reply, you can just wait a bit longer or work with someone else, and if that means that it might take longer to finish this stuff then that's fine too.  It shouldn't take too long though, just a bit more.

Thanks again

Thanks for letting me know.