Posts by dlh6213

Glad we could help :) Just a bit more to do now.

Scan with hijackthis and have it fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitemwb32.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

Then go to C:\windows\system32 and delete elitemwb32.exe

As a precaution, get CWShredder from:
http://www.downloads.subratam.org/CWShredder.exe

Open CWShredder, click on Check for updates, and after it's finished updating, click on Fix.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

In addition to SpywareBlaster that Crunchie recommended earlier, you should get:
Ad-Aware SE (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=pop)
Spybot Search and Destroy (http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html?tag=pop)

Keep them all updated, along with your anti-virus program, and run them frequently (about once a week).

And finally, avoid adult-oriented sites and file-sharing (aka P2P) :)

Boot into Safe Mode

Run Pocket Killbox and paste the full path of this file in the box:

c:\misb22.exe

Click on Delete on Reboot. Next, click on the button with the red circle and an X in the middle. When you get the message saying File will be deleted on next reboot, Process and Reboot now?, click Yes to reboot (reboot normally).

Close any open browser windows, scan with HJT, and post a new log please.

Newgenlook appears to be related to HotOffers and shares some of the same files.

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Make sure your system is set to show 'Hidden files and folders' and do a Search for param32.dll

Run Pocket Killbox and enter the full file path of the file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.
(Note: the full path will be something like C:\WINDOWS\System32\param32.dll, but may be in a different folder since you're using Win98)

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Do a serach for on your system for the following files and delete them (you may need to boot into Safe Mode to do so):

guninst.exe
popup_bl.dll

Reboot normally, delete any unwanted icons from your desktop, and empty your recycle bin.

Download Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Run it, and when it opens, click on the Restore Original Hosts button and then exit Hoster.

Glad I could help, but the ones who really deserve thanking are the creators of programs such as HijackThis, SilentRunners, and Pocket KillBox; they did all the real work :)

As for why nothing finds this problem yet, it's a fairly new trojan (3-05?); it is known as Trojan.Desktophijack or Joke.Smitfraudoid and is related to HotOffers as well as NEWGENLOOK and Error Message 317. There have been a lot of requests here for help with HotOffers recently. I believe most anti-virus programs will detect it now it -- if they have the latest updates!

Don't forget to turn System Restore back on :)

Just adding to this since you mentioned not being able to delete param32.dll...

Turn off System Restore

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.

C:\WINDOWS\System32\param32.dll

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path into the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Have hijackthis fix this line as well:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0271/

Turn System Restore back on.

Turn off System Restore

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.

C:\WINDOWS\System32\param32.dll

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Glad to hear you got rid of HotOffers, but there are a few other things you should get cleaned up; can you post a fresh hijackthis log?

Right-click in an open area of your desktop, and select Properties; click on the Setting tab, and then look for the slider in the 'Screen area' box, and move it all the way to the left. If that doesn't fill your screen, keep trying differnt settings to the right until you get it where you want it.

Turn off System Restore.

Scan with HJT and have it fix the following entries:

O2 - BHO: (no name) - {E99150C1-F93F-461F-9BA1-E455842AB7A8} - blank (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Be sure all windows, other then HijackThis, are closed before hitting 'Fix checked.'

Go to the following locations and delete the highlighted file or folder (be sure your system is set to show 'Hidden files and folders'):

C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\web\related.htm

Do a serach for on your system for the following files and delete them (you may need to boot into Safe Mode to do so):

param32.dll
guninst.exe
popup_bl.dll

Empty your Recycle Bin.

If you still have the problem, get SilentRunners from here:
http://www.silentrunners.org/

Run it, and post the log that it generates.

If the problem is resolved, you can reenable System Restore.

Reboot normally, close any open browser windows, scan with HJT, and post a new log please.

Hopefully someone will move this to the Virus forum.

In the meantime, try this to get rid of HotOffers:

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then reboot normally

Delete all the HotOffer icons from your desktop.

Empty your Recycle Bin.

Scan with HijackThis and have it fix this entry (if it's still there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0058/

In post #4 you said "when i open internet explorer", that's the reason crunchie suggested the fix in post #5.

I don't know what to tell you about the Mozilla plugin.

There shouldn't be much more for you to fix, but we won't know till you post another log :)

Do you have any buttons on your monitor that allow you to change the screen size?

Thanks Janine, I haven't used that brand before and now I never will :)

Can you post the before and after logs so we can see what you had hijackthis fix?

Someone else may have some more ideas, but at this point I think you should just wait for Firefox to arrive and see that works -- whether it does or not will help with what direction to go in.

Other then that, I'd say to reinstall the OS, either the Win2000 you have, or purchase WinXP.

By the way, were you able to get IEFix because you changed that setting in Outlook or because it was zipped?

Did you try the other ones again to see if they still don't work? If they don't, I'd like to know what brand they are so I can avoid buying them :)

The firewalls aren't related to Outlook blocking attachments; try this:

Open Outlook Express, click on Tools, and then Options; in the Options section, click on Security, uncheck the option that says 'Do not allow attachments that could be dangerous' (you may want to reenable this after you get the file).

Any beep codes?

Some things on my Pc look strange like when I rebooted and went to my C drive I saw loads of strange files and they look faint as though theyre there but have been deleted

There is a
"Config.msi"
"MSOCache"
"RECYCLER"
"Systsem Value Information"
BOOT"Configuration Settings"
"BOOTSECT"
"CONFIG"
"DELL.SDR"
"hiberfil"
"IO"
"MSDOS"
"NTDETECT"
"NTLDR"
"pagefile"

Then when I go into program files
Uninstall Information, Windows Update and InstallShield Install Infortmation are also faint.

Is that how its supposed to be?

I believe these are all files and folders that are normally 'hidden'; since you've changed your settings to show 'Hidden files and folders' you can now see them but they are faint. Now that your system is clean you can set them to be hidden again if you like.

This would be a good time to set a system restore point too.

Oops, thanks DMR; sorry Hoggy; I edited my post so they won't get fixed accidently

Good find on the vsconfig.xml, it is a baddie. Here's some info on it:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.n.html

d3d8caps.dat, Ibcvid.dll, Itmui.dll, and imon1.dat I suspect are bad, but not sure yet.

pav.sig I believe is from Panda

Update your antivirus program and run a full system scan; if it finds anything it can't fix, let us know.

See if the .xml file is still there, if it is, try to delete it, but you'll probably need to be in Safe Mode to do it.

See if the other suspect files are still present, and if they are, let us know which ones.

There are a few entries you can fix with hijackthis:

O9 - Extra button: (no name) - {173F3521-8FBE-4d0c-B14D-C4D8513A06C0} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {173F3521-8FBE-4d0c-B14D-C4D8513A06C0} - (no file) (HKCU)

Try this; go to C:\windows\system32

Have the files arranged by Modified; then, look near the bottom for any files that were added around the time you noticed the infections return, and post the names here.

Also, post a new log (when you're feeling up to it).

Reboot into Safe Mode, scan with hijackthis, and have it fix:
O2 - BHO: IE SP2 AddOn - {9461CA2A-6514-4F58-8A00-5D3A0185DB3A} - C:\WINDOWS\System32\sppro.dll

Go to C:\WINDOWS\System32 and delete sppro.dll

Reboot to normal mode, close any open browser windows, scan with HJT, and post a new log.

Go to Add/Remove Programs in your Control Panel and remove (if found):

CxtPls
Media Access

Scan with hijackthis and have it fix the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c2.cab

Be sure all windows, other then hijackthis, are closed before hitting the Fix button

Go to the following locations and delete the highlighted folder:

C:\Program Files\Media Access
C:\Program Files\CxtPls

Get CWShredder from:
http://www.downloads.subratam.org/CWShredder.exe

Open CWShredder, click on Check for updates, and after it's finished updating, click on Fix.

Reboot, close any open browser windows, scan with hijackthis, and post a new log please.

Can you tell us where Spyware Doctor says the trojan is located?

Good point! If you look at the package your CD's came in it should tell you what the maximum speed is.

Someone else here is having a similar problem, they are able to burn to CD-RW, but not to CD-R (they get the same message you get).

This isn't a solution, but it may be a work-around -- if you're using CD-R's, try a CD-RW and see if it works.

Well, let's try this; get CCleaner from here:
http://www.ccleaner.com/ (click on the Download tab)

Start CCleaner
Click Run Cleaner, CCleaner will search for unnecessary files and delete them
Click the Issues tab
Click Scan for Issues
When CCleaner is done, you'll should see a list of found issues; right-click in this list and Select All
Click Fix Selected Issues
Click Yes when you're asked if you want to Backup changes
Give the backup a name (or use the default name) and click Save
Click Fix All Selected Issues
When that's done, close CCleaner

Reboot in Normal Mode and post a new hijackthis log

I just received the last reply . I have turned my microsoft firewall completely off. Should I stil have a problem with fire wall settings? I am running Spyblaser, Spybot search and destroy, and PC security . Do you think any of them would have a setting that wouldn't let me download and if so howe can I change it? But the message says that IE can't download the file because IE can't locate the file of the file doesn't exist. Wouldn't that be an IE problem. Man I wish someone knew something about this problem that several different people have.

Did you also turn off the TrendMicro firewall you said you installed? You should only have one software firewall installed on your system, by the way.

SpywareBlaster and Spybot shouldn't cause this problem; PC Security may -- I'm not familiar with the program though.

IEFix, that I suggested in post #45, may fix the problem. I'll try to email it to you later when I get home.

This thread had already been marked as 'Solved', before the merge, and there was another thread already started; I'm not going to bother merging that one, but if anyone wants to have a look at it, it's here: http://www.daniweb.com/techtalkforums/showthread.php?t=22288
I've taken the 'Solved' mark off of this one for now.

Scan with hijackthis and have it fix the following:

O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe
O4 - HKCU\..\Run: [Windows_Protect] wincontrol32.exe
O4 - HKCU\..\Run: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe

Be sure all windows, other then hijackthis, are closed before hitting the Fix button

Go to the following location and delete the highlighted file:

C:\WINDOWS\System32\lpt.exe

Do a search on your system for the following files and delete any instances found:

wincontrol32.exe
micront.exe

Empty your Recycle Bin and reboot

Close any open browser windows, scan with HJT, and post a new log please.

That is a good read Caperjack, but it doesn't include Nod32 (http://www.nod32.com/home/home.htm) which consistantly outperforms the others when compared.

Here are a few antivirus discussions here at DaniWeb:
http://www.daniweb.com/techtalkforums/thread19504.html
http://www.daniweb.com/techtalkforums/thread12883.html
http://www.daniweb.com/techtalkforums/thread3330.html

Can I butt in? I just have a couple of comments/suggestions.

In your first post you mentioned trying to install Kaspersky; it's not good to have more then one antivirus program installed, and since you already have Nod32 (probably the best), you should stick with that -- unless there is some reason you're not happy with it?

Also, your first log indicated you had HotOffers, so I think it would be a good idea to make sure you have gotten rid of that completely:

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete those files (if found), and then reboot normally; delete any HotOffer icons from your desktop.

Empty your Recycle Bin.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then scan with hijackthis, and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0346/

Reboot normally and delete all the HotOffer icons from your desktop.

Empty your Recycle Bin.

Close any open browser windows, scan with HJT, and post a new log.

There are several things that can cause this, overheating is one of them. If you haven't done so recently, you should open the case and clean it either with canned air or -- carefully -- with a vacuum. Be sure to ground yourself to prevent damage via static electricity. The main areas to check would be around the heatsink and all fans.

Let us know if it works or not; if not we can try something else. Next time you boot it up, listen for the beeps and try to write down their length and number (ie. 8-short, or 1-long 3-short, etc.)

Your log looks good to me. If you don't already have it, you should get SpywareBlaster; there is a link to it in this thread:
http://www.daniweb.com/techtalkforums/showthread.php?t=5690

Yes, I even went back and checked again.

What i did find in my C:\\windows\system32 folder was, i did a sort by date and all the icon files were loaded at exactly the same time as were two others,

param32.dll an application extension
guninst an application file

could these be my problem?

Hey, good job! :) Yes, those are related to your problem; you may want to look around for this one too -- popup_bl.dll

You'll probably need to boot into Safe Mode to delete them.

Afterwards, reboot normally, scan with HJT, and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/

Be sure to close any open windows before hitting the Fix button.

Scan again with HJT and post a new log.

HijackThis is in a good place now :)

First of all you need to remove Newdotnet, either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

Close all browser windows, scan with hijackthis and post a new log please.

I dont have those two files on my system (that I could find).

Do you have your system set to show hidden files and folders?

I am not sure about the fix of downloading an .exe file from the hotoffers site. How safe is this? What other damage will they do to my computer?

Quite a few people have used it with success and I haven't heard of any problems yet.

Please read through the instructions before you start (you may want to print this).

The following contains instructions for editing the registry, before you edit the registry, you should make a backup. Go to Start, Run, type in regedit, and the Registry Editor will open. At the top of the Registry Editor window, click on File, and then Export. In the Export range panel, click All, give the file a name, then Save your registry as a backup. Exit the Registry Editor

Make sure your system is set to show all hidden files.

Reboot into Safe Mode

Copy the contents below to Notepad (or Wordpad); then click File, and then Save As. Change the Save as type to All Files. Name the file repairsts.reg and then click Save; save it to your desktop.

Then double-click on the repairsts.reg file on your desktop and when it prompts to Add in to the registry, click Yes.

REGEDIT

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmindvg]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vdmindvg]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmindvg]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Styles]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Styles]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Styles]
[-HKEY_USERS\S-1-5-21-57989841-926492609-725345543-1003\Software\Microsoft\Internet Explorer\Styles]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Styles]

Still in Safe Mode, close all programs, scan with hijackthis, and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com

Be sure all windows are closed, other then HijackThis, before hitting the Fix button.

Go to C:\WINDOWS and delete stsheets.dat (if found)

Reboot normally, close any open browser windows, …

I have recently purchased Firefox and Im waiting for delivery. If I install it and use it for a browser do you think that will eliminate this downloading problem?

That would depend on the reason you can't download; if it's a setting in your firewall, another browser probably won't make any difference.

If it does work, however, that will narrow down the problem to an IE issue.

Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread19959.html

Go to the following locations and delete these files (if found):

C:\WINDOWS\System32\systr.dll
C:\WINDOWS\system32\svrhost.exe

If you can't delete them, try booting into Safe Mode and then delete them.

Download CWShredder 2 from here:
http://www.intermute.com/spysubtract/cwshredder_download.html

Run it and press Fix (not scan) and allow it to clean the infection. Close all windows before hitting the Fix button.

Download Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Run it, and when it opens, click on the Restore Original Hosts button and then exit Hoster.

Reboot, close any open browser windows, scan with hijackthis, and post a new log please.

I'm pretty sure it's safe to download -- I haven't heard of anyone having any problems (yet).

Run the online scans while in normal mode.

Have you tried the suggestions in this thread yet?
http://www.daniweb.com/techtalkforums/showthread.php?t=19959

Also run the free online scans from TrendMicro:
http://housecall.trendmicro.com/

And Panda:
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

Sorry for the delay, I've been trying to find what's causing the problem to return. Try this:

Download Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Run it, and when it opens, click on the Restore Original Hosts button and then exit Hoster.

Scan with HJT and have it fix the following entries (if found):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com

Remember to close any open windows before hitting the Fix button.

Reboot, close any open browser windows, scan with HJT, and post another new log please. You may need to reset your start page to telia.

Crunchie, I think these threads are for different computers...

Follow the suggestions in this thread to get rid of HotOffers:
http://www.daniweb.com/techtalkforums/showthread.php?t=19959-hotoffers

Go to Add/Remove Programs in your Control Panel and remove (if found):
MyWebSearch

Scan with hijackthis and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0058/
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Arquivos de programas\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/M....cab?10,0,910,0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab

Be sure all windows are closed, other then hijackthis, before hitting the Fix button.

Go to C:\Arquivos de programas and delete the MyWebSearch folder.

Reboot, close any open browser windows, scan with HJT, and post a new log please.

Well, first of all, I did a Google search for Traylon Explorer and nothing came up; if this were a legit browser, I would think there would be some info on it (assuming you spelled it correctly :) ). Secondly, since it just 'showed up' on your computer, that would be another hint to me that it doesn't belong.

Try booting into Safe Mode, go to Add/Remove Programs in your Control Panel, and look for Traylon Explorer -- remove it if it is. Then, go to C:\Program Files and look for a folder named Traylon Explorer and remove it if found.

My guess would be that the most likely cause for you being unable to download is a setting in your firewall. Have you tried to disable it then download anything?

Can you post a recent HJT log so we can see if there are any more clues?

Just to clarify, you can access the web, right? It's just the inability to download anything isn't it?

Here is a thread with some comments on Microsoft's Anti-spyware:
http://www.daniweb.com/techtalkforums/showthread.php?t=20187-counterspy

Nod32 (http://www.nod32.com/home/home.htm) always gets excellent reviews among antivirus programs.

As DMR said, Viewpoint gets installed without the users knowledge -- one sign that it's up to no good.

Go ahead and follow all of Crunchie's instructions in post #2.

Do you use Viewpoint Mananger? It is spyware related and I would recommend removing it. Here is one opinion:
http://www.2-spyware.com/file-viewmgr-exe.html
You can use Google to search for more inofrmation before you decide whether to keep it or not.

Remember to reboot and post a new log after following Crunchie's instructions.