Hi,my problem is the following: every time i reboot my pc a virus appears.When i try to open my web explorers it says:Acces Blockes Virus Warning.I remove it with AdAware but the next time it appears again.Here are two logs-from AdAware and HiJack this AdAware: #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 616 ThreadCreationTime : 09.2.2005 г. 08:51:18 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 680 ThreadCreationTime : 09.2.2005 г. 08:51:21 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 09.2.2005 г. 08:51:22 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 748 ThreadCreationTime : 09.2.2005 г. 08:51:22 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 760 ThreadCreationTime : 09.2.2005 г. 08:51:22 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 924 ThreadCreationTime : 09.2.2005 г. 08:51:23 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1000 ThreadCreationTime : 09.2.2005 г. 08:51:23 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1120 ThreadCreationTime : 09.2.2005 г. 08:51:23 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1136 ThreadCreationTime : 09.2.2005 г. 08:51:23 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1456 ThreadCreationTime : 09.2.2005 г. 08:51:25 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe And here is the HiJack This' log: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\AVPersonal\AVGNT.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\Datecs\Flex2K.exe C:\Program Files\AVPersonal\AVGUARD.exe C:\Program Files\AVPersonal\AVWUPSRV.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\bbrowser55\biskvitka.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\FlashGetGet\flashget.exe D:\FixOpsrv.exe D:\hijackthis\HijackThis.exe O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: FlexType 2K.lnk = ? O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe I hope you will help:)Thanks in advance

Is System Restore turned off? If not, it might be re-infecting your PC; viruses often hide in SR when it's running. Disabling SR dumps all of its files--including any malware. Also, you could try scanning your box online at TrendMicro.

I turned it off yesterday,i did it again today;)But should i keep it on off?Ins't this dangerous?

You should leave System Restore disabled until you've repaired your machine. As Atlantic pointed out, if you leave SR enabled while you are still infected you will only be reinfecting yourself if you performed a restore to an earlier time. Therefore, disable SR and clean out your machine. I recommend following this guide: How to perform a clean boot in Windows XP When you've rebooted in the "clean mode", do a full system scan with your virus scanner and any other tools (Spybot, Ad-Aware etc) you have. The online Trend Micro virus scan Atlantic recommended is good, but so too is Panda ActiveScan. Try everything you can to disinfect your system. Please post back here and tell us what happened.

Hi iovo You could have a number of viruses and trojans csrss.exe isass.exe. services.exe winlogon.exe possible but not in XP ETC ETC All show up as potential viruses check the Running processes from the lists here http://www.answersthatwork.com/Tasklist_pages/tasklist.htm Download stinger first and run that, than try the online virus scanner and see if it removes any, then go onto the trojan scanners http://vil.nai.com/vil/stinger/ http://housecall.antivirus.com/housecall/start_corp.asp http://windowsxp.mvps.org/Scanners.htm Trojan scans http://www.windowsecurity.com/trojanscan/ http://www.pctools.com/spyware-doctor/ http://www.pcflank.com/trojans_test1.htm Downloads http://www.agnitum.com/download/tauscan.html http://www.emsisoft.com/en/software/free/ http://www.misec.net/ If you have an antivirus program update it otherwise get a free one here http://free.grisoft.com/freeweb.php/doc/2/ Also install a firewall http://smb.sygate.com/support/documents/spf/default.htm If any advice helps, please post back as it might help others.

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\fgiebar.dll O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Сваляне на всички с FlashGet - C:\Program Files\FlashGetGet\jc_all.htm O8 - Extra context menu item: Сваляне с FlashGet - C:\Program Files\FlashGetGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe Get rid of all the above also. Larry