Looks like the same log as before still with the end missing. The log can be found in C:\Qoobox.

Did you manage to upload that file for a scan? I need you to do that before we go further.
Although I appreciate the assistance, I will ask you to follow my instructions here or we can end up in confusion.

This file is not in the folder at this point?

That looks like a question that only you can answer . You need to take a look. It may be hidden, so you will need to uncheck that option in Folder Options.
Alternatively, you could copy/paste the full path into the line at Jotti's.

txt file in C:\Qoobox...

2009-11-06 00:35:56 . 2009-11-06 00:35:56 1,270 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}.reg.dat
2009-11-06 00:35:18 . 2009-11-06 00:35:18 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{744EC540-7CAC-4B6A-8581-CBD7CC81024B}.reg.dat
2009-11-06 00:19:55 . 2009-11-06 00:19:55 900 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.SYS.reg.dat
2009-11-06 00:19:02 . 2009-11-06 00:19:02 6,535 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-06 00:05:18 . 2009-11-06 00:10:56 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

If that is all that is there, it looks like it's gone.

Try the online scan for me for now then.

File was hidden. Ran it through both scanners nothing found in either one. Running online scan now.

I still do not like the look of it.

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://i5.photobucket.com/albums/y15...1/CFScript.gif


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt
• A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Will complete the above. In the mean time here is the online scanner log...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 03:53:02
# local_time=2009-11-04 10:53:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 93997415 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196917
# found=0
# cleaned=0
# scan_time=3294
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-05 01:01:57
# local_time=2009-11-05 08:01:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94030234 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196139
# found=0
# cleaned=0
# scan_time=3410
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1f641c9b381f4a418a2d939f1b97b45a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-06 02:54:45
# local_time=2009-11-05 09:54:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 94080213 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=194134
# found=0
# cleaned=0
# scan_time=3399

On doing the run I recieve an error message stating...

"This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel."

Thats a bit strange considering it has already run. Try the remedy given at http://keznews.com/4558_Restore_and_..._Windows_Vista for restoring file associations and try combofix again