Solved Cant Boot up

[Resolved] Cant Boot up

After Last run of Combofix computer could not get access Internet. I reinstalled ATI video card driver(per ISP suggestion) and now will not boot up.

After Windows log on screen monitor goes blank.

Thanks
Dave

 

Computer seemed slow but scans were clean. Just wanted to check.
Cant boot even in safe mode now.

 

I am able to access Safe mode.

 

Sorry I didnt realize that I shoudnt have run.
Computer was running slow.

 

How to roll back video driver?

 

WidowsXP
ATIRadeon HD4600Series video card

Went to device manager>Roll back video card>

Message says files needed, I have Driver CD in D, need file to roll back

 

I used the AMD Driver Installation CD and followed prompts.

 

OK, meanwhile here is Combofix scan.

ComboFix 12-05-08.02 - David Peters 05/08/2012 21:08:41.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.177 [GMT -4:00]
Running from: c:\documents and settings\David Peters\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\David Peters\Recent\542868981534272423447217372181546741864359736836891292538817861221634796645689769842688367454948981161375.261
c:\documents and settings\David Peters\Recent\639775318457314262275867869411489452142463771419274487172855337551852871514683179891369597632182242176623.178
c:\windows\$NtUninstallKB54225$\3160174477\@
c:\windows\$NtUninstallKB54225$\3160174477\cfg.ini
c:\windows\$NtUninstallKB54225$\3160174477\Desktop.ini
c:\windows\$NtUninstallKB54225$\3160174477\L\odetmngk
c:\windows\$NtUninstallKB54225$\3160174477\U\00000001.@
c:\windows\$NtUninstallKB54225$\3160174477\U\00000002.@
c:\windows\$NtUninstallKB54225$\3160174477\U\00000004.@
c:\windows\$NtUninstallKB54225$\3160174477\U\80000000.@
c:\windows\$NtUninstallKB54225$\3160174477\U\80000004.@
c:\windows\$NtUninstallKB54225$\3160174477\U\80000032.@
c:\windows\$NtUninstallKB54225$\3160174477\version
c:\windows\$NtUninstallKB54225$\4233186353
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Packet.dll
c:\windows\system32\sqlagent$sony_mediamgr.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_ELmon
-------\Service_ELmon
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 01:23 . 2012-05-09 01:23 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12980B1D-2943-4368-9652-419BAF31A13D}\offreg.dll
2012-05-09 00:49 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-09 00:30 . 2012-05-09 00:30 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-05-09 00:15 . 2012-05-09 00:15 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12980B1D-2943-4368-9652-419BAF31A13D}\MpKslbd2c4ed3.sys
2012-05-08 23:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12980B1D-2943-4368-9652-419BAF31A13D}\mpengine.dll
2012-05-07 09:54 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 23:49 . 2012-05-05 23:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 23:49 . 2012-05-05 23:49 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 23:49 . 2012-05-05 23:49 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 22:23 . 2012-05-09 00:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-23 09:18 . 2012-05-05 00:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 17:14 . 2012-04-15 17:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 16:38 . 2012-04-14 16:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 00:33 . 2011-06-23 02:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2009-09-13 10:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2010-03-26 01:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 18:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-10 18:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 23:49 . 2011-05-24 00:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 11:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-15_19.28.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-22 20:51 . 2011-07-22 20:51 94208 c:\windows\system32\dpl100.dll
+ 2011-10-20 23:26 . 2011-10-20 23:26 94208 c:\windows\system32\dpl100.dll
+ 2011-04-15 10:01 . 2012-05-09 00:33 1984 c:\windows\system32\d3d9caps.dat
- 2011-04-15 10:01 . 2012-04-15 10:18 1984 c:\windows\system32\d3d9caps.dat
+ 2012-05-05 00:33 . 2012-05-05 00:33 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-05 00:33 . 2012-05-05 00:33 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-23 09:18 . 2012-05-05 00:33 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-25 02:37 . 2012-04-25 02:37 301056 c:\windows\Installer\f8734a.msi
+ 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-04-25 02:39 . 2012-04-25 02:39 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-04-25 02:39 . 2012-04-25 02:39 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-04-25 02:38 . 2012-04-25 02:38 1826304 c:\windows\Installer\f87376.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-06 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-12-28 6144]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Share-to-Web Namespace Daemon "=c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
"MimBoot "=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe "
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe "
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe "
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe "
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\StubInstaller.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\ACS\\ACS\\ACS.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe "=
"c:\\Documents and Settings\\David Peters\\My Documents\\Downloads\\aswMBR(1).exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe "=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKsld19ebacf;MpKsld19ebacf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12980B1D-2943-4368-9652-419BAF31A13D}\MpKsld19ebacf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12980B1D-2943-4368-9652-419BAF31A13D}\MpKsld19ebacf.sys [?]
S2 gupdate1c9c3951be7f6a0;Google Update Service (gupdate1c9c3951be7f6a0);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/23/2012 5:18 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:55 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/2/2012 6:23 PM 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 7:49 PM 129976]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iastor
ELmon
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 00:33]
.
2012-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} - hxxp://192.168.2.125:81/cgi-bin/design/html_template/WebACS.cab
FF - ProfilePath - c:\documents and settings\David Peters\Application Data\Mozilla\Firefox\Profiles\xf6fq6m9.default\
FF - prefs.js: browser.startup.homepage - hxxps://webtop.webmail.optimum.net/cerulean/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dplaysvr - c:\documents and settings\David Peters\Application Data\dplaysvr.exe
HKLM-Run-dplaysvr - c:\documents and settings\David Peters\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-08 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB54225$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(264)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-05-08 21:28:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 01:28
ComboFix2.txt 2012-04-15 19:32
ComboFix3.txt 2012-03-29 00:48
ComboFix4.txt 2011-07-07 01:25
ComboFix5.txt 2012-05-09 00:43
.
Pre-Run: 51,265,126,400 bytes free
Post-Run: 51,386,544,128 bytes free
.
- - End Of File - - 021C080550E3AE6E3666582750164408

 

I am trying to install my Video driver from CD.
I get an error message saying setup did not find a driver compatible with my operating system and will now exit.

What can I do?

 

I followed your below instructions, but could not get video card to show desktop on monitor. After time on the phone with AMD rep (one hour)he recommended using System restore. I set it back to before last Combofix run when computer was good.
I can now connect to Internet and monitor is functioning properly.

 

To understand, you said Combofix log was fairly clean.