Symantec won't live UPDATE (host can't be found)

Posted on 2007-10-11
Last Modified: 2013-12-09
I have a computer that isn't even lettling me go to the internet...CPU usage is 90-100% all the time...I installed Symantec Anti Virus Corp Edit and it found over  700 adware/trojan horse/errorsafe/etc viruses...But it's still not letting me LIVE UPDATE - big red X then No host found...But it's working a little better now (60-70%) CPU usage only now...

I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drivers\etc\host
2. added back a good copy from another computer
3. Can even get the
4. everytime I tried to go to "" or it just gives me a and website can't be found...But when I ping it from dos prompt it gives me for symantec...

I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...

Also every new browser that I open up the cookies are all allow in the internet tools option...

Question by:plam125
    LVL 20

    Expert Comment

    I wouldn't count on Norton being able to clean this completely, it may help but....

    I suggest that you download, run, and post a HijackThis log from the link below.

    NOTE: Do not fix anything with HJT at this point, just post the text from the log.
    LVL 10

    Expert Comment


    I suggest doing a full scan using superantispyware :

    There are some spyware that antiviruses won't detect

    LVL 23

    Expert Comment

    by:Mohammed Hamada
    Download Host expert and restore to Microsoft Host Files, after doing so make the files un-rewritable.
    Download Ccleaner from .
    run cleaner and fix all the issues found after you scan with Ccleaner.

    Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
    Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.

    Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
    here's the link..

    Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.

    Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.

    Good luck

    Author Comment

    Here's the log from HJT..Its foreign to me:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:15:20 AM, on 10/14/2007
    Platform: Windows XP  (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =*
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =*
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =*
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =^^^^etl`avdf&cd=&dcc=&drc=&mo=&sid=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832210339226033AAC
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgqbux.dll",sitypnow
    O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
    O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqsxpto.exe
    O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seathtk.exe
    O4 - HKLM\..\RunServices: [IESet] IExplorer.dll                                                              .dbt
    O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll                                                              .dbt (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone:
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted Zone: * (HKLM)
    O16 - DPF: Yahoo! Pool 2 -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} -
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-29967D9620F3} - C:\WINDOWS\System32\sriwx32.dll (file missing)
    O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-440C5C1A4AFC} - C:\WINDOWS\System32\Mfmdoe32.dll (file missing)
    O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-14FF2EEC5241} - C:\WINDOWS\System32\oefzn32.dll (file missing)
    O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-02D2F89DF0B1} - C:\WINDOWS\System32\muvw32.dll (file missing)
    O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-79C047203197} - C:\WINDOWS\System32\jvrbns32.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    End of file - 8970 bytes

    Author Comment

    It won't download...just keeps spinning
    LVL 23

    Expert Comment

    by:Mohammed Hamada
    Please try the Combofix first plam125.
    and then download hostsxpert from.
    This should reset your windows host files which there might be changed by a spyware...
    Restore to Microsoft original FIle.
    LVL 1

    Expert Comment

    best advice, re-install the operating system. you can clean your system from viruses, but spywares, forget it. unless you delete every entry from the registry. for that, you'd have to search for them which will take you more time than installing a fresh copy.
    LVL 20

    Expert Comment

    My apologies plam125, for some reason I wasn't subscribed to this thread and didn't get email notification.

    I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.

    Just my opinion.
    LVL 10

    Expert Comment


    Author Comment

    Thanks for all your help...I just told my friend the best thing was to re-install the OS and start over...So that is what I did...Thanks everyone...
    LVL 1

    Accepted Solution

    at last, you recommended your friend with my advice...aren't you gonna issue the 125 points for the resolution you followed???

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now