Random "Favorites" additions

My problem began several weeks ago when I lost the ability to use Internet Explorer due to a problem associtiated with a file called accompat.txt. Once that problem was fixed (I don't remember what free download I used), I began having problems with pornography invading my browser, then MSN Explorer, which I used while troubleshooting IE. I have scanned my computer using Spy Sweeper, SpyBot, and HiJack This! Each time, several files are listed. I had initially tried to delete anything that looked like an internet address, but my problems persist. My computer's function has been restored to good working order, but the remnant of those renegade "Favorites" is still there. It makes it look like I surf the 'net for porn!
I have cable internet, which is obviously connected all of the time. And this is about when my problems began... I had been on dial-up prior to this problem. I doubt that that has anything to do with it, but it is another piece of the puzzle.
Any help that you can give me to make this demon be gone will be greatly appreciated. Thanks in advance!!!
The following is what was found by HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 4:06:51 PM, on 2/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\redirect5.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freshvideogals.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freshvideogals.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freshvideogals.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freshvideogals.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freshvideogals.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freshvideogals.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://freshvideogals.com/search/small.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [redirect] C:\windows\redirect5.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set
O4 - HKLM\..\Run: [AdobeFonts] C:\WINDOWS\Fonts\fonts.hta
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [orouw2fd2x] C:\WINDOWS\z2n4t5a8i1.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O19 - User stylesheet: C:\WINDOWS\sample.txt

 

Hi mealticket,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freshvideogals.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://freshvideogals.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freshvideogals.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://freshvideogals.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://freshvideogals.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://freshvideogals.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://freshvideogals.com/search/small.html

O4 - HKLM\..\Run: [redirect] C:\windows\redirect5.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set
O4 - HKLM\..\Run: [AdobeFonts] C:\WINDOWS\Fonts\fonts.hta

O4 - HKCU\..\Run: [orouw2fd2x] C:\WINDOWS\z2n4t5a8i1.exe

O19 - User stylesheet: C:\WINDOWS\sample.txt

Then download, unzip and run:
CWShredder

Then reboot and delete:
C:\WINDOWS\z2n4t5a8i1.exe
C:\WINDOWS\sample.txt
if they survived.

Regards,

Pieter

 

Thank you very much for your help, Pieter. My problem seems to have been eradicated

 

Glad we could help.

Pieter