Hello

I was interrupted a few hours ago while online by a strange pop up error stating that the computer had to restart due to some error. The error box
could not be closed in any way. After restarting i suspected this might be a virus so i ran SpyBot S&D it came up with something
called W32...so i fixed it and moved on. Now everytime i restart my computer I recieve this error message "Registry editing has
been disabled by your administrator"as well as another error message "Windows cannot find 'C:\WINDOWS\czsrv.exe'. Make
sure you typed the name correctly, and then try again." I'm guessing czsrv.exe was the malware worm that spybot fixed and now something
linked to it is trying to execute it on bootup but it can't find it and thus the error popups occur.

I tried googling around for solutions to getting rid of the popups but none of them worked. My regedit is accessible. I went into gpedit.msc
and User Configuration -->Administrative Templates -->System, Double-clicked "Prevent access to registry editing tools" and set it as
"Not Configured" (it was already set as this so i enabled then disabled, according to the instructions given). Didn't work.

I downloaded a file "reg_enable.vbs", put it on my desktop, opened command prompt, already set as administrator as default, entered
the following:

cd /d %userprofile%\desktop
ENTER
wscript.exe reg_enable.vbs
ENTER
...and it said "Error: Unable to remove registry key "HKEY_USERS\S-1-5-21-1844237615-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\DisableRegistryTools"."

I then tried going to Start -->Run, and entered the following command: "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f". Restarted
computer....same problem.

So then i decided to use system restore and restore the machine to last evening before any of the above problems were present. After the computer restarted it hanged on the loading screen for a bit
then told me it couldn't restore to the previous saved state and offered no explanation as to why.

I ran BitDefender free online scan, it came up clean.
I ran Trendmicro Housecall free online scan, strangely enough during the scan the same popup occured "Registry editing has been disabled by your administrator".
Once scan completed I clicked to fix selected vulnerabilites, restarted computer, nothing... same error popups occur.
System Mechanic 7.1 Trial version didn't solve anything. I tried RegistryBoost, nothing. The same error popups keep coming everytime i restart my computer.

I'm stuck and don't know what to do, please help! : (

Spec:
WinXP Pro SP1
NOD32 2.7 Virus Scanner
Agnitum Outpost Firewall

Moving this to Applications & Security forum. Please download HijackThis, unzip into a new folder on the HDD and then execute, making a log. Copy/Paste the entire log here (break into two+ sections if needed), and let the experts evaluate it before fixing anything.
http://www.spywareinfo.com/~merijn/programs.php

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:23 PM, on 9/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Opera\Opera.exe
D:\Documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\czsrv.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Outpost Firewall] D:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Szservice - Unknown owner - C:\WINDOWS\czsrv.exe (file missing)

--
End of file - 4508 bytes

Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall...

ComboFix 07-09-21.2 - "-" 2007-09-28 9:24:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.707 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.

2007-09-28 09:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 15:50 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2007-09-27 15:50 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-09-27 15:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\iolo
2007-09-27 15:49 425,064 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-09-27 15:49 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-09-27 15:49 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-09-27 15:48 <DIR> d-------- C:\Program Files\iolo
2007-09-27 15:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-09-27 15:44 <DIR> d-------- C:\DOCUME~1\-\APPLIC~1\iolo
2007-09-27 14:29 <DIR> d-------- C:\DOCUME~1\-\APPLIC~1\Uniblue
2007-09-27 14:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-13 06:58 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-09-13 06:58 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-09-13 06:31 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-05 02:01 <DIR> d-------- C:\Program Files\Analog Devices
2007-09-04 21:28 <DIR> d-------- C:\DOCUME~1\-\APPLIC~1\Ventrilo
2007-09-04 21:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-03 19:50 <DIR> dr-h----- C:\DOCUME~1\-\APPLIC~1\SecuROM
2007-09-03 19:50 <DIR> d-------- C:\DOCUME~1\-\APPLIC~1\Bioshock
2007-08-28 16:57 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-28 16:57 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-09-27 15:50 --------- d-------- C:\DOCUME~1\-\APPLIC~1\iolo
2007-09-27 14:58 102664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-27 14:29 --------- d-------- C:\DOCUME~1\-\APPLIC~1\Uniblue
2007-09-27 14:23 --------- d-------- C:\DOCUME~1\-\APPLIC~1\uTorrent
2007-09-27 12:25 40448 --a------ C:\WINDOWS\system32\ftp.exe
2007-09-27 12:25 16896 --a------ C:\WINDOWS\system32\tftp.exe
2007-09-27 12:23 133120 --a------ C:\WINDOWS\system32\sfc_os.dll
2007-09-05 02:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-04 21:40 --------- d-------- C:\DOCUME~1\-\APPLIC~1\Ventrilo
2007-09-04 11:48 --------- d-------- C:\DOCUME~1\-\APPLIC~1\Bioshock
2007-09-03 19:50 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-03 19:50 --------- dr-h----- C:\DOCUME~1\-\APPLIC~1\SecuROM
2007-08-27 16:07 --------- d-------- C:\DOCUME~1\-\APPLIC~1\Leadertech
2007-08-17 14:07 --------- d-------- C:\Program Files\Opera
2007-08-04 08:28 --------- d-------- C:\DOCUME~1\-\APPLIC~1\Roxio
2007-08-04 08:20 --------- d-------- C:\Program Files\Common Files\Roxio Shared
2007-08-04 08:19 --------- d-------- C:\Program Files\Sonic
2007-08-04 08:19 --------- d-------- C:\Program Files\Common Files\TiVo Shared
2007-08-04 08:19 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-04 08:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-08-04 08:10 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-27 10:44 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-27 10:44 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-27 06:44 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"OutpostFeedBack"="D:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-01-23 13:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-27 06:44]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 13:26]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 10:44]
"Outpost Firewall"="D:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-01-19 14:46]
"DiskeeperSystray"="D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-23 18:27:55]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-27 10:57:47]

R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cine msup.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\System32\driver s\DVDVRRdr_xp.sys
R1 SandBox;Outpost Firewall Sandbox Driver;\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS
R1 UDFReadr;UDFReadr;C:\WINDOWS\System32\drivers\UDFR eadr.sys
R1 VFILT;Outpost Firewall Kernel Driver;\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\D:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL
S2 Szservice;Szservice;"C:\WINDOWS\czsrv.exe"

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-09-28 09:25:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-09-28 9:25:31
.
--- E O F ---

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the Registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the Desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.


Tell me how the system is running.....

SDFix: Version 1.107

Run by - on Fri 09/28/2007 at 01:53 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\-\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
Szservice

ImagePath:
"C:\WINDOWS\czsrv.exe"

Szservice - Deleted


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Dummy:



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\-\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 4 Sep 2007 4,077 ...HR --- "C:\Documents and Settings\-\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:22 PM, on 9/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Opera\Opera.exe
D:\Documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OutpostFeedBack] D:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Outpost Firewall] D:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9317BBF0-A1B4-41AD-A931-5FC22DD6F657}: NameServer = 206.248.154.22 69.28.199.126
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4490 bytes

How hard is it to tell me how the system is doing? I can't help you anymore unless you keep me updated as to what is going on?


No Improvement
Some Improvement with the following issues:

A
B
C

Works Like a charm all better

you're too fast for me my friend, i just finished rebooting to make sure the popups were indeed gone b4 i got back to you with feedback on the results :D

popups are gone, the system boots up without any hangs so the coast looks clear. i'm gonna install spyware blaster alongside spybot s&d to help prevent this infection again in the future (hopefully).

many thanks for your help, i really appreciate it! :)
pc guide folks always pull through for me!

Your problems will not be solved with SpywareBlaster. You need to run Windows Update and make sure you install service pack 2. You can download a copy here (http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en).

Post back after installing SP2 and running Windows Update with a fresh HJT Log.

Your right on that, however i've been reluctant to update to SP2 for a long time due to the fact that there are a couple of software titles i frequently use that have compatibility issues with SP2. I will definitly consider updating or i just might get Vista if Agnitum, the developer for Outpost Firewall, releases a version that works with Vista.

If there are titles that don't work with SP2, you need to ditch them. Not having the security built into SP2 is probably what got you infected in the first place. You need to get that done ASAP....