I am pretty sure I contracted a virus.

All of a sudden a window popped up from the system tray telling me that 'windows security has detected an adware/spyware infection, click here to download the latest tools' or something like that. Then some random program starts scanning my drives for infections, called 'brave sentry'. I couldnt get it to cancel and ctrl alt delete produced 'your task manager has been disabled by your administrator'. Now that little warning window pops up incessantly, and my browsers typically don't work (I restart the system and apparently I can access the net for a short time before links don't work and pages don't load.)

My system is also running slower. I ran adaware and that seemed to help at first.

Here is the log file from hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:11 PM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\inet20001\winlogon.exe
C:\Windows\system32\netfilt4.exe
C:\Windows\system32\spoolsvv.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wdfmgr.exe
C:\Documents and Settings\Matrixhead\Application Data\m\mdelk.exe
C:\Windows\system32\netfilt4.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Tools AntiVirus\ScanningProcess.exe
C:\Program Files\PC Tools AntiVirus\Monitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\inet20001\mm6.exe
C:\Windows\ServicePackFiles\i386\IExplore.exe
C:\Windows\inet20001\socks.exe
C:\Windows\ServicePackFiles\i386\IExplore.exe
C:\Windows\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\ServicePackFiles\i386\IExplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\ServicePackFiles\i386\IExplore.exe
C:\DOCUME~1\MATRIX~1\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.241.170.37:8080
R3 - URLSearchHook: (no name) - {08E01F2A-5042-FBA7-F4A0-D173B4DFBDFF} - ms-its.dll (file missing)
F3 - REG:win.ini: run=C:\Windows\inet20001\winlogon.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\Windows\system32\rlcbk.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\Windows\system32\rlcbk.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - HKLM\..\Run: [netfilt4] C:\Windows\system32\netfilt4.exe
O4 - HKLM\..\Run: [spoolsvv] C:\Windows\system32\spoolsvv.exe
O4 - HKLM\..\Run: [xp_system] C:\Windows\inet20001\winlogon.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\Windows\inet20001\socks.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [WOOZ] C:\Windows\system32\sxe12.tmp
O4 - HKLM\..\Run: [avpmondll] NSYSCPLSTR.exe
O4 - HKLM\..\Run: [WhatsNewBot] MONITER.exe
O4 - HKLM\..\Run: [dmdul.exe] C:\Windows\system32\dmdul.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\Windows\system32\netfilt4.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [winshost.exe] C:\Windows\system32\winshost.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Matrixhead\Application Data\m\mdelk.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\Windows\system32\netfilt4.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\MATRIX~1\LOCALS~1\Temp\C.tmp
O4 - HKCU\..\Run: [sysconf16] vxdman.exe
O4 - HKCU\..\Run: [powerdll] Bogobot.exe
O4 - HKCU\..\Run: [pizda] _ctcp.exe
O4 - HKCU\..\Run: [xp_system] C:\Windows\inet20001\winlogon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Windows\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: DigiChat Applet - http://chat.onemodelplace.com/DigiChat/Dig...s/Client_IE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7A4F865-5E7F-47BF-86E8-5A11595B3BF1}: NameServer = 85.255.113.124,85.255.112.199
O20 - AppInit_DLLs: C:\Windows\system32\win_tw1.dll
O20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users\Documents\Settings\1_32bean32_1.dll
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Documents\Settings\3246762198745124975.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sdcard98 - sdcard98.dll (file missing)
O20 - Winlogon Notify: SensSrv - C:\Windows\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: skyx16 - C:\Windows\SYSTEM32\skyx16.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\Windows\system32\dcom_15.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\Windows\system32\kcgmlhic.dll
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe

Please help!
Thank you in advance....

Hi HuesCantLose,

Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.
If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.

How do you make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C:) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Once in Safe Mode, go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
• Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

Reboot into normal windows and post a new HiJackThis log.