Just recovered from Malware Issue - rootkit with several other goodies - on my mother's computer. See accompanying forum topic: http://www.bleepingcomputer.com/forums/t/492956/unidentified-malware/
I have been re-directed here to help fix the remaining issues that ao ppear to be Win XP-32 related. We have verified the computer is malware free. Her computer is running Windows XP SP3 on a dell latitude D620 (1.66 GHz Intel T2300 processor, 1Gb Ram, 80Gb HD). I have the computer in my posession for troubleshooting.
Prior to the computer being provided to me, my mother sought the assistance of Microsoft. They had her uninstall SP3 and IE8, then reinstall. Unfortunately the reinstall failed and rendered her laptop a paperweight as she got BSOD in Boot to safe mode, and Windows Activation on regular boot (which would error out). I had to batch the spuninst.txt file from recovery console to uninstall the IE8 update, to be able to finally activate the computer, then reinstalled SP3 and IE8.
Prior to the malware, none of the current issues were present. There are 3 issues that persist, and I believe at least two, if not all, of them are related:
1) Nvidia Quadro NVS 110M driver does not load on reboot. Device Manager shows Code 10. I can load the drivers, and they work until I reboot. When I load the driver through device manager, I can load the oldest (2006 driver) and the newest (2008 driver) and they work fine. Once installed I can open Nvidia control panel and make changes to the settings and within the nvidia control panel. The problem is that as soon as I reboot, it reboots with some default graphics driver and gives me a code 10 in device manager until I manually reload the driver again. I have uninstalled/reinstalled the hardware via device manager, re flashed the bios, reloaded the chipset drivers, attempted to delete the upper and lower filters from the registry (they didn't exist). I've tried several different drivers, all work until reboot. I've created additional accounts and can log in and log out of each user account and the driver stays loaded. It only fails to load on reboot. I've run the dell hardware diagnostic and it passed all the tests, particularly, the graphics adapter and display passed all the tests run using that diagnostic tool. I note that if I run the NVIDIA driver installation software, that upon reboot the screen gets to the point where it is about to flash to the reboot, then stops with a black screen and cursor. No HDD activity or anything else. When I get to this point I have to hold the power button to power down.
2) Laptop does not wake from Standby. I believe this is related to the graphics adapter driver issue. When I close the lid to the laptop the computer goes into standby, when I open the lid I get a black screen with cursor, and can see HDD activity light flashing intermittently as though its trying to do something. Ive let it sit for as long as 15 minutes without any change in activity. This requires me to hard boot. I haven't tried much troubleshooting on this, as I only recently discovered this issue. I will try to see if it is different between when the Nvidia driver is loaded and when the default VGA driver is loaded, and update this post as I have more information.
3) MSCONFIG generates error: I don't ordinarily use MSCONFIG to control startup programs, but when the initial malware problems occurred, you couldn't install anything, and there was no other way to turn off the malware that was loading on startup which was preventing any steps for removing them malware. Once we were able to recover the computer, we tried to re-enable all the startup programs from MSCONFIG. While it appears it accepted all the changes, it generated the error: "An access denied error was returned while attempting to change a service. You may need to log on as the administrator to make the changes." we get this error by simply opening up MSCONFIG without making any changes. This is low priority since we ordinarily dont use MSCONFIG to control services or startup programs, but I only mention it to see if somehow the issues are related.
I am wondering if there is a config file or some other system file that may have been corrupted by the malware, or had its permissions changed by the malware, that direct which drivers load on startup.
Any help is GREATLY appreciated.