[Bluetip]

Hi,

I have been helping a freind trying to remove some spyware other stuff he has on his PC.

When he first booted up it came up with the - Tronjon;spy.html.smitfraud.c blue screen error.
As well as a Run Dll Error - Error in Boln.dll - Missing entry.

I followed what had been said at other posts regarding using - Kill box, cleanup, Del Domains, and hoster. This has seemed to remove the Blue screen error.

But he still has a background that says RazeSpyware Click here to purchase. And by changing the screen background does not remove it.

Also When you dial up to the Internet it comes up with an illegal Operation error -

Vxgame3
This program performed an illegal operation and will be shutdown.

VXGAME3 caused an invaild page fault in module KERNEL32.DLL.

Then his internal speaker keeps on making 2 beeps, and if you pick up the phone it seems like the modem is trying to dial out to another number as the phone says "This call could not be connect".

And then when you dial again it says the modem is not installed or not connected.

HELP

This is the HJT Log, i did mark some entires before but this is the lastest log file.


Logfile of HijackThis v1.99.1
Scan saved at 5:33:42 PM, on 10/05/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GENIUS NETSCROLL + SERIES MOUSE\MOUSEELF.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\CBER.EXE
C:\WINDOWS\RunDLL.exe
C:\IBMTOOLS\REGISTER\REMIND32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\TEMP\XWXLOAD.EXE
C:\WINDOWS\TEMP\MSLDF.EXE
C:\SMITH\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\cber.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [WindowsFY] C:\BSW.EXE
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - HKCU\..\RunServicesOnce: [CleanUp!] C:\PROGRAM FILES\CLEANUP!\CLEANUP.exe /WindowsRestart
O4 - Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\REFRESH.EXE
O4 - Startup: Reminder-ibm40201.lnk = C:\IBMTOOLS\Register\REMIND32.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {64FFE660-BEC4-11D9-98F2-00485487CAE3} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {64FFE660-BEC4-11D9-98F2-00485487CAE3} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {64FFE660-BEC4-11D9-98F2-00485487CAE3} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {64FFE660-BEC4-11D9-98F2-00485487CAE3} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .mov: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPQTW32.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au


I hope you can help.

Thanks,

Jeremy.