PS Guard is the Devil!!!

I have been infected with PS Guard, and who knows what else. I have followed all the mandatory instructions in the "How to: Spyware, Trojan And Virus Removal" with no success. While booting into Safe Mode I had two Program Error windows open. The first said "CONNEC~1.exe has generated errors and will be closed by Windows. You will need to restart the program." The second said "svchost.exe has generated errors and will be closed by windows. You will need to restart the program." I was unable to connect to the Internet in Safe Mode with Networking Support. I booted back to Normal Mode and ran Bitdefender and Rav. They found nothing. However, during the Bitdefender scan my McAfee virusscan popped up with "File C:\WINNT\System 32\WININET.dll is infected with the W32\Alemod.d.dll Virus." McAfee couldn't clean, delete, or quarantine. After running the online scans I booted into Safe Mode to run the rest of the scans. McAfee AVERT found nothing. I then ran the cleaner. Ad-Aware found 3 PS Guard items, 2 regkey's and 1 regvalue. I deleted all. Spybot found the following: DSO Exploit, eGroup.InstantAccess, Magic Control.Agent, PS Guard.msmsgs, PS Guard. I selected fix on all the above and immunized. The rest of the scans found nothing. When I rebooted to Normal Mode I got a RUNDLL window that said "Error Loading EGDAACCESS_1063.dll. The specified module could not be found." When I got to my desktop I ran Ad-Aware and Ps Guard was still there! I then ran Spybot, which still found "PS Guard.msmsgs."

Please keep in mind I am very much an ameture with computers. I would appreciate some help, as I am finding this situation to be extremly frustrating!

 

Thanks for the response. Here is the log...

 

Sorry about the mistake. When I run smitRem.exe, I enter the program and select start. The program then tells me the files have been extracted. However, the smitfiles.txt log is not being created. What am I doing wrong? I am using Windows 2000 if that matters. Please bear with me.

 

O.K, this time I think I've got it.

 

Spybot finds: eGroup. InstantAccess, Connect MFC Application, PS Guard, and PS Guard.msmsgs. Ad-Aware finds: PS Guard and EGroup Dialer. I think I need more help.

 

I performed all the steps and scans in the tutorial and PS Guard is still in there!

 

For some reason, when I boot into Safe Mode the text of the Ewido scanner is mostly unreadable. I ran the scan in Normal Mode. I also had HJK fix the listed problems. I looked for the mentioned files, but didn't find them. When I rebooted, McAfee poped up that C:\WINNT\System32\WINNINET.dll is infected with W32/Alemod.d.dll and can't be cleaned, deleted, or quarantined. Unless I disable McAfee this message continually pops up. I definately appreciate all your help, I just hope these problems can be resolved.

 

I'm having a couple of problems with your instructions. The first problem is that "My Computer" doesn't open when I click on it in Normal Mode. I can only open it in Safe Mode. I used the Search option on Windows Explorer in Normal Mode. In both instances I had the following results. I don't have a "C:\Windows\System32 folder". I do have a "C:\WINNT\System32 folder. Inside this folder are wininet.dll and the System32\Dllcache folders. When I tried to rename the wininet.dll folder a window opened that said I couldn't rename the folder because Windows is using it. When I searched the System32\Dllcache folder for wininet.dll nothing was found. Am I just cursed or is there an explanation for this???

 

When I followed your instructions I got "Access denied for wininet.dll". What should I do now? Should I post new logs or wait until the wininet issue is resolved? By the way, I am still getting some unwanted popup adds.

 

When I tried to rename wininet.dll to wininet.old I got an error window. It says,"Can not rename wininet: The specified file is being used by Windows." There is no wininet.dll file at C:\WINNT\System32\DLLCache. The only other place I could find wininet.dll was at C:\WINNT\ServicePackFiles\i386. I ran another Highjack this, and Ewido.

 

Same as before, when I enter "del C:\WINNT\System32\wininet.dll", I get "access denied". How do I gain access? What do I do now?