I have teh VIRUS!

[stormy]

Everytime i open IE (i know stfu i got PWNT by IE), i get AVG saying "Virus Detected!" while opening CWINDOWS\csslw.dll Trojan horse Collected.2.F. I tell AVG to delete it and it says it does but it reappears next time i open IE. i can't even find the file itself (even though the path is given it doesn't seem to be there). It gives me pop ups and adds to my favorites and gives spybot and Adaware a bunch of stuff to clean. Even after running full system scans in all 3 programs(AVG, Adaware, and Spybot) and "fixing" everything till they come up clean the stupid thing is still here.

Is there another program i can try or something? I have all the current updates for everything i'm running now. This sucks.

As a word of warning to you, don't ever google ""donkey show", mexican". It's not worth it.

[stormy]

add Spyware Blaster and Microsoft Anti-Spyware Beta to the list of programs that will not fix my computer

[Melf]

Have you tried CW Shredder?

[stormy]

Have you tried CW Shredder?

no, because nothing came up with CWS in the title. Not that i know if that means anything.

I posted a hijack this! log on what seems to be a helpfull site. Now i wait for them to tell me what to do. I'll post it here for you all if anyone knows what it means.

Logfile of HijackThis v1.99.0
Scan saved at 8:52:03 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \WINDOWS\System32\smss.exe
C: \WINDOWS\system32\winlogon.exe
C: \WINDOWS\system32\services.exe
C: \WINDOWS\system32\lsass.exe
C: \WINDOWS\system32\svchost.exe
C: \WINDOWS\System32\svchost.exe
C: \WINDOWS\system32\spoolsv.exe
C: \WINDOWS\Explorer.EXE
C: \WINDOWS\System32\DSentry.exe
C: \Program Files\Dell\QuickSet\quickset.exe
C: \Program Files\Apoint\Apoint.exe
C: \Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C: \Program Files\Apoint\Apntex.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C: \Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C: \WINDOWS\d3gf.exe
C: \WINDOWS\System32\tibs5.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C: \PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C: \WINDOWS\System32\nvsvc32.exe
C: \WINDOWS\System32\oodag.exe
C: \WINDOWS\System32\svchost.exe
C: \WINDOWS\System32\wltrysvc.exe
C: \WINDOWS\system32\d3ip.exe
C: \WINDOWS\System32\bcmwltry.exe
C: \Program Files\AIM95\aim.exe
C: \Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C: \Program Files\Microsoft AntiSpyware\gcasServ.exe
C: \Program Files\Internet Explorer\IEXPLORE.EXE
C: \Documents and Settings\max\My Documents\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res: //C: \WINDOWS\wtkru.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {343F5412-0314-3087-1C40-49D852DB28F1} - CWINDOWS\ipbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DVDSentry] C: \WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C: \Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C: \WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] CProgram Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] CProgram Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "CProgram Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] CPROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_EMC] C: \PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C: \Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [d3gf.exe] C: \WINDOWS\d3gf.exe
O4 - HKLM\..\Run: [tibs5] C: \WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [gcasServ] "C: \Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C: \Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C: \Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: \WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: Yahoo! MLB StatTracker - http: //aud3.sports.dcn.yahoo.com/ja...lbst8408_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http: //go.microsoft.com/fwlink/?lin...67&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http: //us.chat1.yimg.com/us.yimg.co...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http: //a1540.g.akamai.net/7/1540/52...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http: //v5.windowsupdate.microsoft.c...?1097708946025
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http: //chat.yahoo.com/cab/yacsui.cab
O23 - Service: Adobe LM Service - Adobe Systems - C Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C: \PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C: \PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C: \Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - CWINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C: \WINDOWS\System32\oodag.exe
O23 - Service: WLTRYSVC - Unknown - C: \WINDOWS\System32\wltrysvc.exe C: \WINDOWS\System32\bcmwltry.exe (file missing)
O23 - Service: Network Security Service - Unknown - C: \WINDOWS\system32\d3ip.exe

[The_Meach]

http://www.mozilla.org/products/firefox/

The healing can begin.

Seriously. I get the same IE msg everytime I use the thing but no (see: zero) problems w/FF.