need to get this trojan off my back

[LightningBoard]

Hi everyone,
I need help getting rid off a trojan/spyware that causes my screen to go blank with a message prompting me to scan/buy their software, one of them being "PSGuard". I have tried spybot,spyware blaster but with no success. I downloaded hijackthis and this is the logfile it gave me, but i dont know what to "fix". any help would be greatly appreciated. thanks:

 

[RealBlackStuff]

Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
How to remove Begin2Search/Coolwebsearch and Other Nasties

Then see How to post your Hijackthis log-files as an attachment.

 

[LightningBoard]

Here you go RealBlackStuff:

I have attached my hijacklog as atext file. Could you please tell me which files to fix/delete. thanks.

 

[RealBlackStuff]

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.
On Windows 95/98/ME, press CTRL+ALT+DELETE.
On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there), click End Process for:
gglib.exe
intel32.exe

Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u bhomod00.dll

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: (no name) - {2E246FAE-8420-11D9-870D-000C2917DE7F} - (no file)
O2 - BHO: (no name) - {5D04BDC4-3DE5-4668-946C-2D87D0DDCE4A} - C:\WINDOWS\System32\nebp.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM32\h0wek9.dll (file missing)
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\bhomod00.dll
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.

 

[LightningBoard]

Thanks for you help

 

[LightningBoard]

I followed the steps you told me and it took care of the trojan problem,
but now I have a new kind of problem:

A windows installer dialogue keeps coming up and wont shut down. It first starts out saying its preparing to install PhotoGallery. Then it says please wait configuring PhotoGallery. Then it says feature can not be found insert CD ROM.

When I try to cancel it, it pops up once again and the whole thing keeps repeating itself. When I use task manager to shut down msiexec.exe, it shuts down but then pops up again. This little pest wont let me install other hardware such as my hp printer. I'm worried that i may have some virus concealing itself as msiexec.exe. Please help.

 

[RealBlackStuff]

Try booting in sage mode, then click Start/Run, type MSCONFIG and click OK and see if you can stop msiexec from the Startup tab or whatever tab it is under

 

[LightningBoard]

That helped. Thanks.