a lost cause?

You need to attach a log from SuperAntiSpyware.

 

Uninstall the below old versions of software:
Java(TM) 6 Update 11
Java(TM) 6 Update 3

Is the below something that has knowingly been installed?
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Stephen Hilferty\Desktop\InterCasino £££.lnk (file missing)
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - C:\Documents and Settings\Stephen Hilferty\Desktop\InterCasino £££.lnk (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Stephen Hilferty\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk/ (file missing) (HKCU)
O20 - AppInit_DLLs: ihgejb.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

There are still a few problems.

First please delete the below files:
C:\Documents and Settings\Stephen Hilferty\Local Settings\Application Data\frdep.exe
C:\WINDOWS\be49f4daa.dat
C:\WINDOWS\f49f4d98.dat
C:\WINDOWS\system32\CF29850.exe


Now your C:\windows\explorer.exe file is not the correct size which could indicate an infection. We will attempt to fix this with the below procedure. PLEASE READ through all of the below first before actually running it. I also want you to make sure that you have no other windows or applications running when you do this other than what is necessary in the steps. It would be best to print the instructions.

• Download the attached ExpFix.zip file to your C:\MGtools folder.
• Then right click Start, Run, and enter Explore and click OK. This will open Windows Explorer.
• Navigate to the ExpFix.zip file and then extract the contents of the ExpFix.bat from the ZIP file into the same C:\MGtools folder.
• Then right click Start, Run, and enter cmd and click OK. This will open a command prompt Window where the prompt should be: C:\Documents and Settings\Stephen Hilferty>
• At the command prompt type cd C:\MGtools and hit enter. The prompt should change to C:\MGtools> to indicate that you have changed directories to the MGtools folder. (Note: there is a space after the cd ) If this does not happen, you cannot continue with the below.
• Now at the command prompt type ExpFix.bat and hit enter. This will try to replace the bad explorer.exe file with a valid one and it will create a log file named c:\FixExp.txt which I may ask for later.
  
  NOTE: When you run this batch file, your Desktop ( icons, wallpaper,..etc) will disappear for a short time while it runs. If it works properly your Desktop should reappear when it finishes and you can skip to the sections title New Logs. If it does not reload your Desktop, try the below
• At the command prompt, enter the below command and hit enter:
  • C:\WINDOWS\system32\dllcache\explorer.exe

New Logs

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Tell me if you had any problems doing any of the above. Also make sure you tell me how things are working now!

 

Okay that looks better!


You can now delete the below file.
C:\WINDOWS\explorer.exe.bad

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!