Posted 08 September 2009 - 05:16 PM
Ok, where to start. Some info on the PC:
Dell Inspiron 1501 (Laptop)
XP Home (SP2)
No backups, restore points, or CD's.
She rented and now owns it from a Rent-a-Center. (Yea.....I know)
1 user(Admin rights) no guest.
I received a computer from a friend of mine that was infected with "Windows Police Pro". The really bad part is she already tried removing the infection using some fake/questionable instructions. From what she describes, she went and deleted the Windows Police Pro folder from the Programs Files folder. I got the laptop the next day and it was bad. Couldn't run: Taskbar, msconfig, regedit, any .exe. Windows Police Pro started on boot, and gave me a error for every start prog that ran. Also, several weeks ago, the battery died and won't work without the cord. Around the same time she lost the power adapter and bought a 2$ replacement online.::sigh::. Takes 10min of fiddling to get it to boot, and even then powers off if I touch the power block.
I fallowed the bleepingcomputer guide up to step 9, but when I downloaded Malwarebytes, it got to the point to running a scan, ran about 2 seconds, then shut down. Then when I I tried to reopen, it would pop up onto the screen, not appear in task manager, then disappear. I tried rebooting into Safemode, got a BSOD on a driver error(Which i didnt write down and am unable to replicate). At that point I took a break. Next day booted it up into normal, and when I tried to run anything, its said " Windows cannot access the specified device, path, or file". I was talking to a friend and she suggested RootRepeal. I can open that, but I get a "Error - invalid PE image found" I hate a list of drivers it created, but everything else came up blank. Tried to run Combofix, but was unable to. Progress bar finishes, but then nothing. I have a.exe, b.exe, c.exe, and so on, running in the background. I was about to maybe try running anything by booting to command line, but then I noticed a tasktray icons for Antivirus Pro 2010. ::flail::. I can now atleast run safemode, so at least AVG is not a issue, but that isn't much.
And that is where I stand now. I don't have much hope. The research I have done into the "Windows can not access" suggest its a permissions issue. As of now, the laptop is turned off and I am not touching it until I have a gameplan. Please advise. Thanks!