It's your fault for not following instructions and not downloading Combofix to your desktop...
Let's remove it manually.

Delete 8cdft5ek78.exe from c:\users\Robert Lee Dorr\Pictures\Downloads
Delete Combofix, Qoobox folders,and Combofix.txt file from C:

Dear Brodi,
I am sorry. I think you may have misinterpreted my last post. In no way was I trying to indicate, that you were in any way to blame for the last action not working. Quite the contrary, I was trying to give you as precise information as possible about my actions, as I have done since my first post. I was not suggesting that anything was your fault, in any way, and I humbly apologize if it came across to you in that manner.
I thought I had followed your instructions and downloaded that program as you indicated, directly to the desktop. It was for that reason, it took me a long time to complete one of the earlier procedures you gave me involving it. Because I was unable to find it on the desk top, I had to look for it. Honestly, I feel like I am defusing a bomb by text messages. You had told me to DL a different program directly to the desktop earlier and I did, and it is still there. But, the truth is I can't say for certain if the program even asked me where to install it. If it had, I would have put it where you instructed me, as you are the pro, and I am the moron who screwed up the computer in the first place. Again, I am telling you this because i know you are analyzing the results of your actions through me, not because I am trying to say I am not guilty of not following your instructions. I could of very well screwed up. That said, I can tell you with absolute certainty that I did not choose the location for that program myself. Anyway, please understand how very appreciative I am that you are even assisting me in the first place.

I was able to delete the 8cdft5ek78.exe file
I did find the Qoobox folder in C:

I did not find the Combofix folder in C:, nor in the program files on C:

Each time the combofix produced a file, it said it would be located at C:Combofix.txt
It is not there, but i think I may know why. I did not save those files, because i thought they were already saved, since it said they would be on C:Combofix.txt

Inside the Qoobox folder is the following items:
BackEnv; file folder
Quarintine; file folder
add-remove programs; txt doc
CFScript_used_2010_02_07_13.56.57; txt doc
combofix2; txt doc
combofix-quarantined-files; txt doc
Snap shot at 2010-02-07_01.54.05; video CD movie

Please don't think I was trying to be a jerk in my last post, I truly was not. i'm probably guilty of giving to much info, I've heard that before. It is because I am afraid of failing. I am sorry.

I did not remove Qoobox yet, or delete the 8cdft5ek78.exe file from the recycle bin yet, because I am not sure if you still want me to follow that course of action, given that I cannot locate the Combofix folder.

Thank You, rob

I really didn't want to be harsh on you. I apologize, if it sounded bad
In any case, yes delete Qoobox folder, then see, if you have 8cdft5ek78 folder in C:\
If so, please delete it.

Qoobox deleted.

No 8cdft5ek78 located in c:\

The 8cdft5ek78.exe file I deleted from C:...\pictures\downloads was 3.47mbs in size


Sorry for just getting back to you, we are experiencing power failures, no problem for laptop cuz of battery, but kills the modem.

No hard feelings, and you were not harsh.
I think my performance will be better today, as I finally got some sleep last night after the black out.

Thank you, rob

OK, all good

Download Kenco.exe to your desktop

• Close all windows and run the program.
• It wont take long to run.
• Kenco will reboot the system if it finds anything.
• Post the log it gives you ( it will be saved in the same place as Kenco.exe).

Hi Brodi,

I downloaded Kenco. But when I double-clicked the download to install on the desktop, the program ran automatically, took only about 2 seconds and then generated this report:

Kenco by jpshortstuff (31.12.09.1)
Log created at 07:33 on 08/02/2010 (Robert Lee Dorr)

========== Task Unlocker ==========

========== KencoScan ==========
C:\Windows\system32\defrag.exe -> Error setting security information [5]!

========== C:\Windows\Tasks ==========
GoogleUpdateTaskMachineCore.job -> [12:28 27/10/2009] 900 bytes
GoogleUpdateTaskMachineUA.job -> [12:28 27/10/2009] 904 bytes
GoogleUpdateTaskUserS-1-5-21-2399084992-689958127-234286371-1000Core.job -> [11:20 27/10/2009] 896 bytes
GoogleUpdateTaskUserS-1-5-21-2399084992-689958127-234286371-1000UA.job -> [11:20 27/10/2009] 948 bytes
McDefragTask.job -> [18:34 26/12/2009] 360 bytes
McQcTask.job -> [18:34 26/12/2009] 338 bytes

-=E.O.F=-



Thank you , rob

Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log (mbr.log) file to your next reply.

Hi Brody,

I DL'd mbr.exe
when I doubleclicked on the download, this window appeared

window header: open file - security warning
body, top: This publisher could not be verified. Are you sure you want to run this software?
body,center: Name: ...rs\Robert Lee Dorr\Pictures\downloads\mbr.exe
Publisher: Unknown Publisher
Type: Application
From: C:\Users\Robert Lee Dorr\Pictures\Downloads\mbr.exe

I don't know if this is going to automatically go into my pics\download area again, and cause the same problem as with Combofix.

Everything is still ready to run, but i wanted to check with you this time, to be sure i am not making an error.

Thanks, rob

Do you click on "Download" or "Run" button?