Hey can someone help me? I have the same problem with my norton antivirus program closing down on me. I thought I did something so I uninstalled the program and downloaded (for $60) a new version off the Norton Website. It is doing the same bloody thing. I did this scan with Hijack this and this is what I got: Logfile of HijackThis v1.97.7 Scan saved at 10:27:50 PM, on 2/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.exe C:\WINDOWS\System32\TFNF5.exe C:\WINDOWS\System32\TPWRTRAY.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\System32\svchost64.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Messenger\msmsgs.exe C:\Palm\HOTSYNC.exe C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\ieplore32.exe C:\Program Files\Norton\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Fawcett\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton\NavShExt.dll O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [svchelp] svchost64.exe O4 - HKLM\..\Run: [Internet Explorer] ieplore32.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\RunServices: [svchelp] svchost64.exe O4 - HKLM\..\RunServices: [Internet Explorer] ieplore32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.exe O4 - Global Startup: KODAK Picture Transfer Software.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.8871990741 O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fvoem1.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{62F5BD61-BA4D-48A1-96F2-82AFA57F7402}: NameServer = 61.77.63.1 168.126.63.1 this is all "greek" to me. Could someone help me out? thanks, Rick

Some viruses stop AV programs from working. I would suggest you try the free version of F-PROT www.f-prot.com It's a small Anti-Virus program that runs in DOS. You open the file f-prot.exe (I think) with you mouse then use the keyboard arrow & enter keys to work the scan. It has found suspect files on my PC that were in a text fromat. This text file contained charactors that were not read by Notepad etc. If it runs in DOS, it may not be hampered by your bug. Alternatively, do a free online scan at.... http://housecall.trendmicro.com/housecall/start_corp.asp It may not be affected by the bug.

Thanks, I tried to download and install another anti-virus program this morning, but the same thing happened. Just as I was going through the steps to intall it, the program disappeared. I tried a few times and it would just shut itself down automatically. I shall try your suggestion and let you know how it went.

same pb. to me... I detect that ieplore32.exe is f... my resources so i start in Safe Mode, look in the registry by "ieplore32.exe" and delete the keys (but save the keys before :), type "msconfig" in RUN (RUN programs, you'll find it in START button) and deactivate iexplore from startUP panel and go in /system32 folder and then cut/paste in another location the file, so i isolate it. Now, i have the virus in my hand and i look up on the internet to find what do this virus. I sugest RAV Antivirus (from my Countr, Romania) windows is down

svchost64.exe looks suspect to me. It got itself installed on a box that has known vulnerabilities on it. It is in your run key. Delete that runkey. Send svchost64.exe to someone for analysis. I had the RPC service shutdown on me, and the machine rebooted. When it rebooted this process was running and was causing lots of hard disk activity on the machine. I unplugged the network connection, and svchost64.exe got stuck in a loop burning 80%cpu. So I nuked it w/TaskMgr, and then deleted it from the disk. System file protection did not put it back, so it is NOT a protected Microsoft file. I then scanned the registry and found it under 2 different run keys. I nuked them both. I bet it is detecting when you try to run antivirus programs and is shutting them down. I did a search on google for svchost64.exe and this was the only spot that it turned up on all of google. I bet its a new backdoor program. Unfortunately, I did not save a copy for analysis, I simply nuked it.