Help anyone! I Was browsing the internet last night and a mysterious pop-up made an alert sound on norton that could not be deleted. However nothing was effected at the time. This morning I turned on my pc and everything also was fine besides the very slow start up. when I tryed to browse and folder on my desktop the CPU for explorer.exe went to 99 and I could not do anything at all. I am able to be on the internet obviously (since I am able to post this message). But i can only use programs that are on my desktop or I have easy access to. I canceled all mysterious proccess because last time this happened I had contracted "Gspotbot.exe" and once the proccess was canceled everything is back to normal. I have made a list of all of my startup proccess's and programs. please anyone who can analyze this situation pleas eehlp as soon as possible. Oh and I have already tryed Ad-Aware, Spybot, and HIJackThis!. No Such luck yet. StartupList report, 2/17/2004, 11:31:16 AM StartupList version: 1.52 Started from : C:\Documents and Settings\Belinda Waterford\Desktop\HijackThis.exe Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\Common files\updmgr\updmgr.exe C:\WINDOWS\System32\pctspk.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\ISS\BlackICE\blackice.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\ISS\BlackICE\blackd.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.exe C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe C:\Program Files\Second Nature\Snsicon.exe C:\WINDOWS\System32\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.exe C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Belinda Waterford\Desktop\HijackThis.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Belinda Waterford\Start Menu\Programs\Startup] Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.exe Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] BlackICE Utility.lnk = ? Date Manager.lnk = C:\RECYCLER\NPROTECT\00484261.exe GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe Image Transfer.lnk = ? Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe Microsoft Broadband Networking.lnk = ? Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe PrecisionTime.lnk = C:\RECYCLER\NPROTECT\00484266.exe Reality Fusion GameCam SE.lnk = ? --------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe HPAIO_PrintFolderMgr = C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.exe LogitechGalleryRepair = C:\Program Files\Logitech\ImageStudio\ISStart.exe LogitechImageStudioTray = C:\Program Files\Logitech\ImageStudio\LogiTray.exe wcmdmgr = C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe RunDLL32 = C:\WINDOWS\System32\srv32.exe 85584658.exe = C:\WINDOWS\System32\85584658.exe DeadAIM = rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs updmgr = C:\Program Files\Common files\updmgr\updmgr.exe PCTVOICE = pctspk.exe MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (Default) = --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices RunDLL32 = C:\WINDOWS\System32\srv32.exe --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Weather = C:\Program Files\AWS\WeatherBug\Weather.exe 1 AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\FIREST~1.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* --------------------- Enumerating Browser Helper Objects: MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - {07B18EA1-A523-4961-B6BB-170DE4475CCA} (no name) - C:\WINDOWS\aC7J30.dll - {466116CB-9DDD-4A71-9D74-9717DFA10595} (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} --------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Scan my computer.job Symantec NetDetect.job --------------------- Enumerating Winsock LSP files: NameSpace #4: C:\WINDOWS\system32\wshbth.dll --------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll --------------------- End of report, 7,744 bytes Report generated in 0.130 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Please Help ASAP~ Xplicit

Xplicit, Do you have any Antivirus programs installed?If not please download one,here are a couple trial versions http://www.zonelabs.com/store/content/company/products/zap/trial/zap4x_trial.jsp?lid=pdb_zaptrial http://www.pandasoftware.com/ I suggest doing an on line scan here>>> http://www.pandasoftware.com/activescan/ Good luck!

hi explicit, you have a lot of work to do> you have a lot of cleaning: get the latest defs of your anti-virus and scan your machine also if you have a good anti trojan scan your machine. Do the registry entries first, then reboot and then delete the files, and or directories preferably in Safe Mode, reboot your computer, and scan again if you wish. you have Gain, and a version of opaserve worm; check to see if you have and delete these files and entries: C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Common files\updmgr\updmgr.exe C:\Program Files\AWS\WeatherBug\Weather.exe you probably have Gain: in start up files delete this: GMT.exe Kill these running processes if you have them: programfilesdir+\common files\cmeii\cmeupd.exe programfilesdir+\divx\divx pro codec\gain_trickler_3102.exe programfilesdir+\divx\divx pro codec\gain_trickler_3202.exe programfilesdir+\gator.com\fsg\fsg.exe programfilesdir+\gator.com\gator\gatoroemres_gozilla_1825.exe programfilesdir+\gator.com\gator\gatoruninstaller.exe programfilesdir+\gator.com\gator\offers.exe programfilesdir+\gator.com\offercompanion\offers.exe programfilesdir+\grokster\fsg_4104.exe systemroot+\system32\fsg_3202.exe systemroot+\temp\adware\fsg_4104.exe systemroot+\temp\gatorsetup.execmesys.exe datemanager.exe gator.exe gator10.exe gatorstubsetup.exe gatoruninstaller.zl9.exe gmt.exe guninstaller.exe name this gator. it is trickler3016.exe precisiontime.exe trickler3103.exe trickler3103.notyetexpanded.exe trickler_3210.exe trickler_bic_gatordm_3202.exe trickler_bic_gatordm_4010.exe delete these dll's with Regserve32: programfilesdir+\common files\cmeii\gdwildeng.dll programfilesdir+\common files\cmeii\gformctm.dll programfilesdir+\common files\cmeii\glocl.dll programfilesdir+\common files\cmeii\gprcistm.dll programfilesdir+\common files\cmeii\gsvcmgr.dll programfilesdir+\common files\cmeii\gsvcsap.dll programfilesdir+\gator.com\gator\egleengine.dll programfilesdir+\gator.com\gator\gatorres.dll systemroot+\ctb3_shared\ctbrte2.dll systemroot+\downloaded program files\conflict.1\iegator.dll systemroot+\downloaded program files\iegator.dllcmeiiapi.dll eggcengine.dll egieengine.dll egieprocess.dll egnsengine.dll gappmgr.dll gcontroller.dll gdwldeng.dll giocl.dll gioclclient.dll gmtproxy.dll gobjs.dll gstore.dll gstoreserver.dll gtools.dll Remove these registry files with regedit: HKEY_CLASSES_ROOT\clsid\{06dfeda9-6196-11d5-bfc8-00508b4a487d} HKEY_CLASSES_ROOT\clsid\{29eeff42-f3fa-11d5-a9d5-00500413153c} HKEY_CLASSES_ROOT\clsid\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee} HKEY_CLASSES_ROOT\clsid\{4006e7b2-0fb2-4345-b388-083b138e80af} HKEY_CLASSES_ROOT\clsid\{456ba350-947f-4406-b091-aa1c6678ebe7} HKEY_CLASSES_ROOT\clsid\{54e7e082-1da6-412e-96b5-c290fcef5329} HKEY_CLASSES_ROOT\clsid\{6c8dbec0-8052-11d5-a9d5-00500413153c} HKEY_CLASSES_ROOT\clsid\{731918d2-517a-47e2-886a-3bc1380c591d} HKEY_CLASSES_ROOT\clsid\{a9ef28a2-55d1-480b-a403-84928d59f556} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gator ewallet HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\gator HKEY_LOCAL_MACHINE\ity (registry key) HKEY_LOCAL_MACHINE\software\classes\interface\{06dfeda9-6196-11d5-bfc8-00508b4a487d} HKEY_LOCAL_MACHINE\software\classes\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee} HKEY_LOCAL_MACHINE\software\classes\kbbar.kbbarband\clsid HKEY_LOCAL_MACHINE\software\gatortest HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\stashedgef HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\gator HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/conflict.1/iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\d:/winnt/downloaded program files/iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\conflict.1\iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\winnt\downloaded program files\iegator.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\gator HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\offers HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{456ba350-947f-4406-b091-aa1c6678ebe7} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{6c8dbec0-8052-11d5-a9d5-00500413153c} HKEY_USERS\.default\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain HKEY_USERS\.default\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gator ewallet In windows explorer remove these files if you have them: c:\documents and settings\all users.windows\start menu\programs\date manager\date manager website.lnk c:\documents and settings\all users.windows\start menu\programs\gain\gain website.url c:\documents and settings\all users.windows\start menu\programs\gator ewallet\gator ewallet.lnk c:\documents and settings\all users.windows\start menu\programs\gator ewallet\gator website.url c:\documents and settings\all users.windows\start menu\programs\precisiontime\precisiontimewebsite.lnk c:\documents and settings\all users.windows\start menu\programs\startup\date manager.lnk c:\documents and settings\all users.windows\start menu\programs\startup\gstartup.lnk c:\documents and settings\all users.windows\start menu\programs\startup\precisiontime.lnk c:\documents and settings\all users\menu start\programma's\gain\gain website.url c:\documents and settings\all users\start menu\programs\gator ewallet\gator ewallet.lnk c:\documents and settings\all users\start menu\programs\gator ewallet\gator website.url c:\temp2\gain website.url c:\temp2\gstartup.lnk commonprograms+\gain\about gain.lnk commonprograms+\gain\gain website.url commonprograms+\imesh\license agreement.lnk commonprograms+\precisiontime\precisiontimewebsite.lnk commonprograms+\startup\date manager.lnk commonprograms+\startup\gator ewallet.lnk commonprograms+\startup\precisiontime.lnk profilepath+\start menu\programs\gator\gator.lnk programfilesdir+\clickthebutton\ctb.dat programfilesdir+\common files\cmeii\appmgr\close.gif programfilesdir+\common files\cmeii\appmgr\debut.htm programfilesdir+\common files\cmeii\appmgr\gain.gif programfilesdir+\common files\cmeii\appmgr\gator.gif programfilesdir+\common files\cmeii\appmgr\gsn.gif programfilesdir+\common files\cmeii\appmgr\ready.jpg programfilesdir+\common files\cmeii\appmgr\welcome.htm programfilesdir+\common files\cmeii\cmeupd.exe programfilesdir+\common files\cmeii\gatorsupportinfo.txt programfilesdir+\common files\cmeii\gdwildeng.dll programfilesdir+\common files\cmeii\gformctm.dll programfilesdir+\common files\cmeii\glocl.dll programfilesdir+\common files\cmeii\gprcistm.dll programfilesdir+\common files\cmeii\gsvcmgr.dll programfilesdir+\common files\cmeii\gsvcsap.dll programfilesdir+\common files\cmeii\gui programfilesdir+\common files\cmeii\gui\appmgr\debut.htm programfilesdir+\common files\cmeii\gui\appmgr\welcome.htm programfilesdir+\common files\cmeii\gui\svcsap\applist.htm programfilesdir+\common files\cmeii\svcsap\applist.htm programfilesdir+\common files\cmeii\svcsap\applist.xsl programfilesdir+\common files\cmeii\svcsap\blank.txt programfilesdir+\common files\gmt\banners\13186.3\content16888-0.html programfilesdir+\common files\gmt\gator.log programfilesdir+\common files\gmt\mepcme.dat programfilesdir+\date manager\gator.log programfilesdir+\divx\divx pro codec\gain_trickler_3102.exe programfilesdir+\divx\divx pro codec\gain_trickler_3202.exe programfilesdir+\gator.com\fsg\fsg.exe programfilesdir+\gator.com\gator\egleengine.dll programfilesdir+\gator.com\gator\gator.com programfilesdir+\gator.com\gator\gatoroemres_gozilla_1825.exe programfilesdir+\gator.com\gator\gatorres.dll programfilesdir+\gator.com\gator\gatoruninstaller.exe programfilesdir+\gator.com\gator\offers.exe programfilesdir+\gator.com\offercompanion\offers.exe programfilesdir+\grokster\fsg_4104.exe programfilesdir+\precisiontime\gator.log systemroot+\ctb3_shared\ctbrte2.dll systemroot+\downloaded program files\conflict.1\iegator.dll systemroot+\downloaded program files\iegator.dll systemroot+\gatorfiledrop.log systemroot+\gatorminisetup.log systemroot+\gatorpatch.log systemroot+\gatorpdpsetup.log systemroot+\gatorplugin.log systemroot+\gatorsetup.log systemroot+\gatoruninstaller_gator.log systemroot+\gatoruninstaller_gator_u.log systemroot+\gatoruninstaller_offers.log systemroot+\gatoruninstaller_offers_u.log systemroot+\profiles\mindy\start menu\programs\startup\gstartup.lnk systemroot+\start menu\programs\gain\about gain.lnk systemroot+\start menu\programs\gain\gain website.url systemroot+\start menu\programs\gator ewallet\gator ewallet.lnk systemroot+\start menu\programs\gator ewallet\gator website.url systemroot+\start menu\programs\gator ewallet\gator.lnk systemroot+\start menu\programs\gator\gator website.url systemroot+\start menu\programs\gator\gator.lnk systemroot+\start menu\programs\offercompanion\offercompanion.lnk systemroot+\start menu\programs\startup\date manager.lnk systemroot+\start menu\programs\startup\gator.lnk systemroot+\start menu\programs\startup\gstartup.lnk systemroot+\start menu\programs\startup\precisiontime.lnk systemroot+\system32\fsg_3202.exe systemroot+\temp\adware\fsg_4104.exe systemroot+\temp\bundle.inf systemroot+\temp\gatorsetup.exe1.ga 1209-5.grp 1209-5.grp2 1313-150.grp2 1313-157.grp 13186.gbd2 13186.gbd3 13187.gbd2 13187.gbd3 13276.gbd2 13276.gbd3 14650.gbd2 14650.gbd3 14877.gbd2 14877.gbd3 14879.gbd2 14879.gbd3 1518-0.grp 1518-0.grp2 156.ga 16306.gbd3 16401.gbd2 167.ga 17733.gbd2 17733.gbd3 17856.gbd2 17856.gbd3 17874.gbd2 17874.gbd3 17936.gbd3 17942.gbd2 17985.gbd2 17985.gbd3 18176.gbd2 18176.gbd3 18202.gbd3 18220.gbd3 18223.gbd2 18254.gbd2 18254.gbd3 18330.gbd2 18330.gbd3 18518.gbd3 18531.gbd2 18531.gbd3 18674.gbd2 18716.gbd2 18771.gbd2 194.ga 20.ga 306.ga 416.ga 42.ga 448.ga 560.ga 613.ga 750.ga 779.ga 799.ga 895.ga ad-aware log04-08-02-225904.txt appcookieparser01[1].js appllist appmgr.cfg bannerhash2.dat bannerhash3.dat cmediagnostics.log cmeiiapi.dll cmesys.exe col datemanager.exe datemanager.htm datemanagercondebut.htm datemanagerdebut.htm divx.txt eggcengine.dll egieengine.dll egieprocess.dll egnsengine.dll gain_trickler_3102aawlog.txt gappmgr.dll gator.exe gator.reg gator10.exe gatorlicense.txt gatorstubsetup.exe gatoruninstaller.zl9.exe gbaxl.dat gbaxl2.dat gbdl.dat gcontroller.dll gdwldeng.dll giocl.dll gioclclient.dll gmt.exe gmt.exe.manifest gmtproxy.dll gobjs.dll gstore.dll gstoreserver.dll gta0248c01e.tmp gti1205.tmp gtools.dll gtr1205.tmp guninstaller.exe hfixcfg iegator.inf locappllist mepbs.dat mepcat.dat mepcmeft.dat meperr.dat mepgh.dat mepgus.dat mepimg.dat mepoem.dat meprca.dat mepsnd-gs.dat mepsnd-gs.dat.bak mepsnd.dat name this gator. it is trickler3016.exe notrgs.gbte notrgs.gdte odm.cfg precisiontime.exe q0tasjbqbgaaaleq-tobgnpj.gbt2 q0tasjbqbgaaaleq-tobgnpj.gdt2 sitehash4.dat svclist syscfg trickler3103.exe trickler3103.notyetexpanded.exe trickler_3210.exe trickler_bic_gatordm_3202.exe trickler_bic_gatordm_4010.exe user1.gub user1.gud Remove these directories if you have them: c:\documents and settings\all users.windows\start menu\programs\date manager c:\documents and settings\all users.windows\start menu\programs\gator ewallet c:\documents and settings\all users\start menu\programs\gain c:\documents and settings\all users\start menu\programs\gator ewallet c:\documents and settings\all users\start menu\programs\precisiontime commonprograms+\gain commonprograms+\offercompanion commonprograms+\precisiontime profilepath+\start menu\programs\gain profilepath+\start menu\programs\gator profilepath+\start menu\programs\gator ewallet profilepath+\start menu\programs\offercompanion programfilesdir+\clickthebutton systemroot+\start menu\programs\date manager systemroot+\start menu\programs\gain systemroot+\start menu\programs\precisiontime systemroot+\temp\adware You also have a Opaserve worm server in your autorun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run: RunDLL32 = C:\WINDOWS\System32\srv32.exe 85584658.exe = C:\WINDOWS\System32\85584658.exe delete this value and reboot your computer, then go to safe mode and delete the server srv32.exe and if found 85584658.exe Also: Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices RunDLL32 = C:\WINDOWS\System32\srv32.exe Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Weather = C:\Program Files\AWS\WeatherBug\Weather.exe 1 Enumerating Browser Helper Objects: MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D} mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - {07B18EA1-A523-4961-B6BB-170DE4475CCA} (no name) - C:\WINDOWS\aC7J30.dll - {466116CB-9DDD-4A71-9D74-9717DFA10595} all the best, murve

Thanks for the posts trying to help me I am about to reboot in safe mode and perform all acquired tasks to rid my system of these viruses and ad-ware. Oh and do you know that If I install XP Pro if this problem will go away? All I need is for me to have a way to get my much NEEDED files off of my computer to CD's long enough for me to run a newer version possible. Please dont give up hope though for me. I will only install XP Pro as a last resort. If anyone else would please analyze my 1st again just to get another view of the possible problems of why my CPU for explorer.exe is so0o high and will not go down. ATTENTION: If it helps any, I am able to get it back to normal by ending the explorer.exe task then going to run and running it again... But the second I try to browse my folders It shoots up again and nothing opens. Help!!! ~Xplicit

Xplicit First make a folder on desktop called Hijack, put hijackthis.exe in that folder because it makes backups and your desktop will be a mess. Update your norton antivirus. Disconnect from the internet and network if any (DO NOT SKIP THIS STEP) if you have a network you will need to do this to all computers on network. Start hijackthis (not startup list), run its scan, and check the following entries: 04 HKLM\...\run RunDLL32 = C:\WINDOWS\System32\srv32.exe 04 HKLM\...\runservices RunDLL32 = C:\WINDOWS\System32\srv32.exe (the entries may look slightly different in the hijack scan...I'm weeding them out of startup list.....you are looking for any 04 entries with srv32.exe in them) Click "fix checked" Reboot the computer to safe mode and delete the following: c:\windows\system32\srv32.exe <- file Still in safe mode run Norton antivirus and delete files found infected. (don't worry about files found in system volume info yet...that is system restore and norton cannot clean those if any are infected...we can clean out system restore later...it will not affect anything if it is not used) Reboot to normal windows. I suggest getting rid of kazaa or whatever file sharing program you use as it is polluted with spyware and will cause tons of performance problems. Post new hijackthis log here (not startup list log) along with nortons list of infected files (if any). We can weed out the spyware baddies later. Thanks! ___________________ I never give up!

Agree; post the hijackthis log rather than the startuplist. The 'Scan' button changes to 'save log'. Post this log here. From there it should be a simple operation. hth Ice

After untold frustration (trying all the methods described here and elsewhere) I finally figured out what was causing my explorer.exe to spike my CPU to 97-99%. I'm not sure exactly what virus\trojan it was, but I can tell you for 100% certainty where I got it. I was torrenting for a few episodes of "24" when I downloaded this b---tard. Norton 2004, Pestpatrol Corporate, and a few other of the biggies missed whatever it was that was causing the spike. I even did a direct scan on the file and it came up ok. The carrier filename of the bug was 24.311.pdtv-lol.[bt] size 360,312 kb It seems the bug activated when selected (not double-clicked, just selected) directly or when I modified any of the contents of the folder where it was stored. The file would not allow a direct delete or quarentine, so I was forced to delete the entire folder with a rightclick from windows explorer. Im sure there are other carriers, I just wanted to give a heads up on where I got it.