Inactive [InActive] Virus first, then can ping IP's, but not domain names!!!

Help! Fixing my sister's computer. She acquired the TSSD (????) virus. Got that removed, so I think, but now she can't use browsers to access the internet.

I can operate gotomypc just fine. And I can ping IP Addresses. But I cannot ping domain names such as yahoo, google, etc.

I have completely turned off the Comodo and Windows firewalls... I have studied the issue, but can only find google links that indicate there's something wrong with the DNS servers. But I can't seem to change any of that to make it work properly.

Did the virus damage needed networking files, perhaps? Is there something obvious that I've missed?

Thanks for any and all help.

 

Oops, sorry about the failure to follow protocol. It was a loooooong day yesterday. Here are the files required:

===============================
DDS.TXT
===============================

DDS (Ver_09-01-18.01) - NTFSx86
Run by Hanson at 8:07:25.37 on Tue 01/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768.469 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hanson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet 0.79\tools\BitCometBHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gotomypc.lnk - c:\program files\citrix\gotomypc\g2svc.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hanson\applic~1\mozilla\firefox\profiles\r8erk4uf.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-17 28544]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-17 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-17 31504]
R3 wind502u;ZyAIR G-200 Wireless LAN USB Adapter;c:\windows\system32\drivers\wind502u.sys [2008-1-24 336256]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\ad-aware\aawservice.exe [2008-9-10 611664]
R4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-1-17 618232]

=============== Created Last 30 ================

2009-01-19 23:18 230 a------- c:\windows\system32\spupdsvc.inf
2009-01-19 23:15 66,048 a------- c:\windows\ieResetIcons.exe
2009-01-19 22:18 <DIR> --d----- C:\SDFix
2009-01-19 21:12 <DIR> --d----- c:\program files\CCleaner
2009-01-19 16:52 <DIR> --d----- c:\docume~1\hanson\applic~1\Malwarebytes
2009-01-19 16:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-19 16:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 16:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-19 14:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 09:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\_comodo_
2009-01-17 16:56 101,776 a------- c:\windows\system32\drivers\cmdguard.sys
2009-01-17 16:56 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-01-17 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2009-01-17 15:52 <DIR> --d----- c:\program files\Ad-Aware
2009-01-17 15:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-17 15:06 42,792 a------- c:\windows\system32\gotomon.dll
2009-01-17 15:06 <DIR> --d----- c:\program files\Citrix
2009-01-17 15:05 3,902,784 a------- c:\documents and settings\hanson\gosetup.exe
2009-01-17 14:59 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-17 14:55 <DIR> --d----- c:\program files\Panda Security
2009-01-17 14:37 <DIR> --d----- c:\windows\pss
2009-01-17 13:51 268 a---h--- C:\sqmdata01.sqm
2009-01-17 13:51 244 a---h--- C:\sqmnoopt01.sqm
2009-01-17 13:51 268 a---h--- C:\sqmdata00.sqm
2009-01-17 13:51 244 a---h--- C:\sqmnoopt00.sqm
2009-01-16 13:03 51,403 a------- c:\windows\Sysvxd.exe
2009-01-05 15:33 3,751,995 a------- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-01-17 16:56 147,192 a------- c:\windows\system32\guard32.dll
2008-12-13 13:14 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-11 04:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 06:01 283,648 a------- c:\windows\system32\gdi32.dll

============= FINISH: 8:09:15.81 ===============







==============================
Attach.txt
==============================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2008 1:35:52 PM
System Uptime: 1/20/2009 12:44:11 AM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | <P4B>
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | PGA 478 | 1614/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 57.516 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: CNet PRO200 PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_50323030&REV_31\4&122329E2&0&58F0
Manufacturer: CNet Technology, Inc.
Name: CNet PRO200 PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_50323030&REV_31\4&122329E2&0&58F0
Service: DM9102

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 5.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
BitComet 0.79
Bonjour
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
COMODO Internet Security
EVEREST Ultimate Edition v4.20
FileZilla Client 3.1.3.1
Foxit Reader
Google Toolbar for Internet Explorer
GoToMyPC
Hello(Again) Client
Highlight Viewer (Windows Live Toolbar)
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel Application Accelerator
iTunes
Java(TM) 6 Update 3
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.14)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
Noiseware Professional Plug-in
Norton Security Scan
Odyssey Client
Panda ActiveScan 2.0
PDF Settings
Pdf995
Picasa 3
PrintMusic! 2001
QuickTime
SanDisk TransferMate
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Smart Menus (Windows Live Toolbar)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VCRedistSetup
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger
YanCEyWare Reader 2.07 Legacy Edition

==== Event Viewer Messages From Past Week ========

1/18/2009 8:27:36 PM, error: Service Control Manager [7022] - The GoToMyPC service hung on starting.
1/18/2009 11:39:01 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/18/2009 11:38:56 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/18/2009 10:18:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/18/2009 10:15:53 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2009 4:48:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard cmdHlp Inspect
1/17/2009 4:46:44 PM, error: Service Control Manager [7000] - The COMODO Firewall Pro Helper Service service failed to start due to the following error: The system cannot find the file specified.
1/19/2009 3:09:21 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2009 3:09:39 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).
1/19/2009 4:24:35 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2009 4:47:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/19/2009 5:21:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/19/2009 5:22:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi IntelIde
1/17/2009 3:28:13 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\svchost.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.

==== End Of File ===========================

 

Yikes. Sorry - I'm an idiot...

Thank you.

 

Hi Pharticus, and welcome to WindowsBBS


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Okay, sorry for the delay. Let me catch you up on where things stand:

The computer was physically brought to me. We decided to just format and do a clean install. In this process, however, I am getting a

Winnt_root\System32\Hal.dll missing or corruptlease re-install a copy of the above file.

I have toyed with the
*formatting options,
*the bootcfg (complete with deleting and rebuilding the hal.dll file),
*the chkdsk,
*slaving the drive and rewriting the boot.ini,
*slaving the drive and replacing the hal.dll file (from an existing computer and from 2 other xp disks)

SO AM I RIGHT TO ASSUME THAT THIS VIRUS MANAGED TO TAINT THE MBR OF THE HARDDRIVE?

And if so (or even if NOT), how do I successfully rewrite the MBR so that the stinking hard drive will function properly again? She cannot afford a new harddrive, nor can I afford to buy her one. Surely some malicious software can't permanently ruin the hardware, can it?

Thanks SO MUCH for any help at all.

 

Problem solved. Rewrote the boot.ini (properly this time) while slaved and the problem disappeared.

 

Glad to hear you've gotten things squared away.