plesae help with log

I've posted my log before with some luck, thanks. Ok my issue now is that I keep getting new browser windows opened up to a Casino Plazzio page. Ive run Spybot, Adaware and CWShredder. (CW says I have a trojan in the win media player main executable file, It has deleted the file and I need to reinstall media player to fix the proble. Could this be my popup problem? Media player seems to still work fine.) These programs say they got rid of some infections, but my popups persist.

I just ran all 3 programs again and then rebooted. After the reeboot I ran Hijack. Any ideas you have would be a big help. Thanks

rrrel


Log is as follows.....

Logfile of HijackThis v1.97.7
Scan saved at 4:44:56 AM, on 5/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\lserver.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINNT\msopt.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sysdll32.dll] C:\WINNT\system\sysdll32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chaosunlimited.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.refurbdepot.com/CFIDE/classes/CFJava.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdq/downloads/msxml4.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7600.6246412037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = etotm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = etotm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = etotm.com
O19 - User stylesheet: C:\WINNT\winstyle.css

 

Hi rrrel,

Have only HijackThis running and fix :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINNT\msopt.dll

O4 - HKLM\..\Run: [sysdll32.dll] C:\WINNT\system\sysdll32.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load

O19 - User stylesheet: C:\WINNT\winstyle.css

Restart PC after doing so and remove (if still present) :

C:\WINNT\system\sysdll32.exe <- this file
C:\WINNT\system32\bridge.dll <- this file
C:\WINNT\winstyle.css <- this file

Clean temp internet files

Hope this helps

Cheers,

 

Unzy,

OK, I did what you said. The only file that was left after the reboot was the winsyle.css which I got rid of. Now its time to give it a go.

Thanks for your help, your the best

rrrel