spybot s+d and firefox

did as requested now get an error on screen saying cannot rename ComboFix as combo-FIX

Its saying after that please use another name preferably of alphanumeric characters

Problem now cannot put file into it

Hello.
Delete that renamed copy of Combofix and re-download it, without renaming this time. The rootkit is gone, so it will work fine.

did as requested ran the program again with the data loaded into it and it went fine and uploaded the info to a file for someone then the notefile appeared then it crashed?? did not get enough time to copy / save do you need me to run it again?

Combofix should have automatically saved it at C:\Combofix.txt

ComboFix 09-08-10.06 - User 11/08/2009 19:07.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.163 [GMT 1:00]
Running from: c:\documents and settings\User\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\96521zr5j201.exe
c:\windows\system32\97376viz5s206.cpl
c:\windows\system32\9773spam5z9273.cpl
c:\windows\system32\9a05threatz2819.cpl
c:\windows\system32\9a6bstezl2255.cpl
c:\windows\system32\9b79spyware2554z.bin
c:\windows\system32\9bd6thr5at44z3.exe
c:\windows\system32\9c65p9ware15z5.bin
c:\windows\system32\9c95vzr128.ocx
c:\windows\system32\9z1559y58b.ocx
c:\windows\system32\9z56vir6275.dll
c:\windows\system32\9z69s5yware370.dll
c:\windows\system32\9zcasteal3265.cpl
c:\windows\system32\9zfcsteal3055.exe
c:\windows\system32\a93th9ea528109z.ocx
c:\windows\system32\c7zsparse4259.dll
c:\windows\system32\d159hie5602z.ocx
c:\windows\system32\d50vi9936z.cpl
c:\windows\system32\ddba9d5aze1222.exe
c:\windows\system32\e21dowzlo9der58.exe
c:\windows\system32\z0025s9y4e3.dll
c:\windows\system32\z045vir9228.bin
c:\windows\system32\z092vir5s1eb.cpl
c:\windows\system32\z1b5a9dware27285.ocx
c:\windows\system32\z33est5a91023.exe
c:\windows\system32\z559or525c.bin
c:\windows\system32\z5799troj14.bin
c:\windows\system32\z60339p56eb.exe
c:\windows\system32\z6593hacktool9c2.dll
c:\windows\system32\z90595irus1cb.ocx
c:\windows\system32\z911thr5at22733.cpl
c:\windows\system32\z943s9ambot151.cpl
c:\windows\system32\zbb8sp9w5re1238.cpl
c:\windows\system32\zbe0thief9053.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 16:15 . 2009-08-11 16:15 -------- d-s---w- C:\combo-FIX
2009-08-11 13:57 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 13:57 . 2009-08-11 13:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 13:57 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 11:16 . 2009-08-09 11:16 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-09 11:15 . 2009-08-09 11:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 11:15 . 2009-08-09 11:15 -------- d-----w- c:\program files\MSBuild
2009-08-09 11:15 . 2009-08-09 11:15 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 11:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 11:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 11:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 11:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 11:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 11:13 . 2009-08-09 11:14 -------- d-----w- C:\de04f40eaf68a0ada3dca5ad6f0fe8
2009-08-09 11:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 11:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-07 15:55 . 2009-08-07 16:07 -------- d-----w- c:\program files\PrivacyCenter
2009-08-06 20:44 . 2009-08-06 20:44 -------- d-----w- c:\program files\Encore
2009-08-06 16:16 . 2009-08-06 16:16 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Microsoft Help
2009-08-06 16:15 . 2009-08-06 16:16 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-08-06 13:26 . 2009-08-06 13:26 -------- d-----w- c:\documents and settings\User\Application Data\EPSON
2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ABBYY
2009-08-05 13:53 . 2009-08-05 13:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-05 13:53 . 2009-08-05 13:53 62813 ----a-w- c:\program files\Uninstall.exe
2009-08-05 13:26 . 2009-08-05 13:31 -------- d-----w- c:\program files\Cooking Academy 2 - World Cuisine
2009-07-30 15:11 . 2009-07-30 15:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\GoBit Games
2009-07-30 15:09 . 2009-07-30 15:09 -------- d-----w- c:\windows\Your Product
2009-07-30 15:08 . 2009-07-30 18:10 -------- d-----w- c:\program files\Burger Shop 2
2009-07-29 10:31 . 2009-07-30 16:02 -------- d-----w- c:\program files\Haunted Hotel 2 Believe the Lies
2009-07-29 10:31 . 2009-07-29 10:31 -------- d-----w- c:\windows\Haunted Hotel 2 Believe the Lies
2009-07-28 18:28 . 2009-07-28 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Sarah's Emergency Hospital
2009-07-28 18:25 . 2009-07-28 18:25 -------- d-----w- c:\windows\Emergency Hospital
2009-07-28 14:27 . 2009-07-28 14:27 -------- d-----w- c:\windows\Cooking Academy 2 World Cuisine
2009-07-22 17:06 . 2009-07-22 17:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\UDL
2009-07-22 16:59 . 2009-08-06 13:21 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-07-22 16:55 . 2007-04-10 10:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-07-22 16:55 . 2007-12-07 11:08 86528 ----a-w- c:\windows\system32\E_FLBEFE.DLL
2009-07-22 16:55 . 2007-12-07 11:01 78848 ----a-w- c:\windows\system32\E_FD4BEFE.DLL
2009-07-22 16:55 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-22 16:55 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-22 16:48 . 2009-07-22 16:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\EPSON
2009-07-22 16:47 . 2007-07-12 23:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2009-07-22 16:47 . 2009-07-22 17:04 -------- d-----w- c:\program files\epson
2009-07-21 14:27 . 2009-07-26 14:24 -------- d-----w- c:\documents and settings\User\Application Data\Ubisoft
2009-07-21 14:22 . 2009-07-21 14:22 -------- d-----w- c:\windows\CSI - NY
2009-07-19 18:49 . 2009-07-19 18:49 -------- d-----w- c:\program files\RealArcade
2009-07-19 16:47 . 2009-07-19 16:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PlayFirst
2009-07-17 09:48 . 2009-07-17 09:48 -------- d-----w- c:\program files\Governor of Poker
2009-07-16 21:02 . 2009-07-16 21:02 -------- d-----w- c:\program files\iPod
2009-07-16 21:02 . 2009-07-16 21:04 -------- d-----w- c:\program files\iTunes
2009-07-16 20:29 . 2009-07-19 16:09 -------- d-----w- c:\program files\Oberon Media
2009-07-15 14:25 . 2009-07-17 09:48 -------- d-----w- c:\windows\Governor of Poker
2009-07-14 20:43 . 2009-07-14 20:43 -------- d-----w- c:\documents and settings\User\Application Data\Canneverbe_Limited
2009-07-14 20:41 . 2009-07-14 20:42 -------- d-----w- c:\program files\CDBurnerXP

.

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 17:52 . 2009-07-12 15:29 -------- d-----w- c:\documents and settings\User\Application Data\Free Download Manager
2009-08-11 17:13 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll.tmp
2009-08-11 13:58 . 2009-05-27 09:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-11 07:28 . 2009-05-27 09:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 07:15 . 2009-07-12 15:30 -------- d-----w- c:\program files\Software Informer
2009-08-10 21:29 . 2009-04-11 08:30 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-10 21:26 . 2009-05-27 09:13 -------- d-----w- c:\program files\SpywareBlaster
2009-08-10 17:42 . 2009-03-30 19:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-09 14:45 . 2009-05-17 09:41 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-08-09 14:33 . 2009-03-31 10:54 21768 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 10:07 . 2009-04-09 14:09 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-07 20:19 . 2009-05-27 09:21 -------- d-----w- c:\program files\SpywareGuard
2009-08-07 15:55 . 2009-07-12 15:29 -------- d-----w- c:\program files\Free Download Manager
2009-08-06 16:24 . 2009-05-07 14:00 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2009-08-05 09:07 . 2009-04-15 08:52 -------- d-----w- c:\program files\Java
2009-08-02 09:18 . 2009-04-17 10:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-30 18:21 . 2009-05-12 21:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 04:23 . 2009-04-15 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 17:11 . 2009-03-25 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 17:08 . 2009-03-25 19:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-20 07:56 . 2009-05-07 16:16 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 11:32 . 2009-04-20 15:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Entriq
2009-07-16 21:02 . 2009-04-08 14:51 -------- d-----w- c:\program files\Common Files\Apple
2009-07-13 07:48 . 2009-04-13 14:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki
2009-07-12 15:51 . 2009-07-12 15:51 -------- d-----w- c:\program files\Windows Defender
2009-07-12 15:45 . 2009-05-14 12:45 -------- d-----w- c:\program files\DivX
2009-07-12 15:44 . 2009-05-14 12:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-12 15:29 . 2009-07-12 15:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FreeDownloadManager.ORG
2009-07-05 15:00 . 2009-07-05 15:00 -------- d-----w- c:\documents and settings\User\Application Data\Disney Mix It Plug-in
2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 09:38 . 2009-05-14 13:01 -------- d-----w- c:\documents and settings\User\Application Data\DivX
2009-06-29 18:49 . 2009-06-29 18:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DigitalBlue
2009-06-27 07:45 . 2009-06-27 07:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-06-27 07:44 . 2009-06-27 07:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-27 07:42 . 2009-05-07 16:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 07:42 . 2009-05-07 16:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 22:23 . 2009-06-21 21:29 -------- d-----w- c:\program files\Graboid
2009-06-21 21:39 . 2009-04-08 15:05 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-06-21 21:35 . 2009-06-21 21:35 -------- d-----w- c:\documents and settings\User\Application Data\MozillaControl
2009-06-21 21:33 . 2009-06-21 21:33 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 12:36 . 2009-04-08 14:52 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-04-08 14:52 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-14 12:57 . 2009-05-14 12:57 0 ----a-w- c:\windows\nsreg.dat
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-11_15.29.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 17:57 . 2009-08-11 17:57 16384 c:\windows\Temp\Perflib_Perfdata_8b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-04-06 146944]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-30 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-30 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 07:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/05/2009 17:16 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/05/2009 17:16 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [10/05/2009 21:23 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/05/2009 21:20 1195008]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/06/2009 08:42 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:50 55152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [10/05/2009 21:20 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [10/05/2009 21:22 257432]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [07/03/2009 12:54 222336]
S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles\vsboyxsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vsboyxsd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-08-11 19:21
ComboFix-quarantined-files.txt 2009-08-11 18:20
ComboFix2.txt 2009-08-11 17:44
ComboFix3.txt 2009-08-11 15:39

Pre-Run: 23,772,917,760 bytes free
Post-Run: 23,724,601,344 bytes free

338 --- E O F --- 2009-08-10 20:46

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Spybot is up and running again not checked the web on firefox yet to see if i will be pulled to pages not required.spybot also claimed whilst i was loading it up something about advertising?? what appeared to be the problem and what advice do you have to prevent this happening again?
I had spybot,malware,outpost and spywareblaster and spyguard

Firefox seems fine at the moment thank you very much, why was i being redirected to stupid sites on firefox

mbam now loading up with one click too thanks

A rootkit was present on the machine, causes re-directions.

Thank you very much for all your time patience and help and come my next pay day i shall make a nice donation to yourselves for all the help and assistance,its people like yourselves that give computing a good name.
was there any other problems within the scan you came across that i may wanna avoid in future?
and did the rootkit cause the block on the spybot and malware?

Yes it did.

Any final recommendations?

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.