I'm utterly frustrated, may I have help?

Hello All!!! I came upon this site while trying to fix my nephews HP mini running Windows XP, Ive tried doing your Run & Read Me, but no luck. I cant do most things in steps 1-4, I cant do many things in normal mode(the mini states that it cant read C:\Program) but some in safe mode. I tried to enable viewing the hidden files but the folder option in tools is not there, I was able to set up the MSConfig though. I'm trying to download and install the tools necessary but some wont, like malwarebytes and I did change the filename to no avail. May I please get some advice, because I dont know what he has downloaded. I think I was able to remove Windows Police Pro, but it now shows that Security Tools is another malware on the Mini. Thank You so much for your help!

 

I was finally able to get this log.

 

Welcome to Major Geeks!

Let's see if we can get some info so that we can determine which system file has been corrupted. That way we can try to replace it.

Please double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive C by "ticking" the box for drive C and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.

• C:\WINDOWS\system32\hjgruicjwbvmpe.dll
• C:\WINDOWS\system32\hjgruiexylkdri.dll
• C:\WINDOWS\system32\hjgruifgoflmek.dat
• C:\WINDOWS\system32\hjgruifjxtuedb.dll
• C:\WINDOWS\system32\hjgruikjdaqohe.dll
• C:\WINDOWS\system32\hjgruiliqpkjec.dll
• C:\WINDOWS\system32\hjgruioqrhskhc.dat
• C:\WINDOWS\system32\hjgruiqmkjobas.dll
• C:\WINDOWS\Temp\hjgruibafpxtmisa.tmp
• C:\WINDOWS\Temp\hjgruicbtismcigy.tmp
• C:\WINDOWS\Temp\hjgruicxbvoqpegh.tmp
• C:\WINDOWS\Temp\hjgruiiysecbvssa.tmp
• C:\WINDOWS\Temp\hjgruijibapwnlxv.tmp
• C:\WINDOWS\Temp\hjgruilnkinixgsa.tmp
• C:\WINDOWS\Temp\hjgruimrpajqikod.tmp
• C:\WINDOWS\Temp\hjgruioecbsyrnvw.tmp
• C:\WINDOWS\Temp\hjgruipymcxhxtqp.tmp
• C:\WINDOWS\Temp\hjgruiqytrfmmqwf.tmp
• C:\WINDOWS\Temp\hjgruivcdxbvtypy.tmp
• C:\WINDOWS\Temp\hjgruivutyxxrtce.tmp
• C:\WINDOWS\Temp\hjgruiweenftksmq.tmp
• C:\WINDOWS\Temp\hjgruiyvufieoufp.tmp
• C:\WINDOWS\system32\drivers\hjgruihtxgvpye.sys
• C:\WINDOWS\Temp\7zS1.tmp\7zS1.tmp

* After Wiping all files, immediately reboot your pc!

Now see if you can run the other scans.

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt


Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file)


Next, try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. See if you can save a log with it and attach it in the next reply.



Now run a new scan with MGtools and attach the log. Using MGtools



Next post please attach:

• c:\avplog.txt
• log.txt (from exeHelper)
• SAS log (if you can)
• New MGlogs.zip