03-31-2012 06:12 PM
Looks like C:\Windows\System32\mswsock.dll is infected and Symantec has screwed itself over possilly causing no internet due to the firewall not working properly.
Try System restore to the one I did 3 - 4 days ago.
03-31-2012 06:31 PM
I started my computer in safe mode and when it asked me to continue on safe mode or restore system to one day i choose this last one... But when i restore the system, after rebooting, it says that it couldn´t restore the system to the day i selected. I tried whith the other days it offer, but the same happened.
what can i do?
03-31-2012 07:09 PM
ccapp.exe is Symantec and is causing a network problem and mswsock.DLL which some zeroaccess variants use
Start OTL, under Copy and paste what is below between the lines
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
hklm\software\clients\startmenuinternet|command /64 /rs
I have attached the custom scan data also.
03-31-2012 08:31 PM - edited 03-31-2012 09:28 PM
mswsock.DLL is in the correct location and the correct location and the correct MD5 of 5E11D375C92A0DDA7AC4D487FC4E1978.
Also C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe is running but I would say as I said the other day Symantec looks like is playing up, when ccApp.exe is not working right you can end up with no internet, as it's for the firewall.
I don't have the Symantec CleanWipe tool, I wonder if I can remove the troublesome Symantec with Combofix, but with OTL. Will have to think.
With a new downloaded Combofix and transferred over, then start the PC into Safe Mode (Not Safe Mode with Networking) does Combofix start and run.
You do have zeroaccess (again)
[C:\WINDOWS\$NtUninstallKB13314$] -> Error: Cannot create file handle -> Unknown point type