Posts by dlh6213

You also need to remove Newdotnet, either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

Hi Deannalea, welcome to DaniWeb :)

I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it into a new thread in the Virus forum (not in this thread).

Hi, im new at this forum

alittle about me, im 24yrs old, live in WA state,
im mostly a webdeveloper doing xhtml,css, javascript, but specializing in php,mysql,asp.net and apache server administration.

Hey, a fellow Washingtonian, it's about time! Welcome aboard Robbyd :)

Download Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Run it, and when it opens, click on the Restore Original Hosts button and then exit Hoster.

Mind if I cut in?

Dan, you need to go to Windows Update and get SP1a for XP and IE asap.

Turn off System Restore

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.

C:\WINDOWS\System32\param32.dll

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Boot into Safe Mode and do a search for these files:

guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then reboot normally.

Delete all the HotOffer icons from your desktop and empty your Recycle Bin.

Turn System Restore back on.

Glad I could help, but the ones who really deserve thanking are the creators of programs such as HijackThis, SilentRunners, and Pocket KillBox; they did all the real work :)

As for why nothing finds this problem yet, it's a fairly new trojan (3-05?); it is known as Trojan.Desktophijack or Joke.Smitfraudoid and is related to HotOffers as well as NEWGENLOOK and Error Message 317. There have been a lot of requests here for help with HotOffers recently. I believe most anti-virus programs will detect it now it -- if they have the latest updates!

Don't forget to turn System Restore back on :)

Go to this web site and download hijack this.

http://www.tomcoyote.org/hjt/

You might want to run disk cleanup and defrag after you get rid of that spyware.

If you decide to post an HijackThis log, please do so in the Virus forum (not in this thread).

Here's a thread that may help you:
http://www.daniweb.com/techtalkforums/thread6632.html

Welcome to DaniWeb, STRAWB2 :)

It's not real clear what you're saying about System Restore there; are you able to use it to set your system back to a date before you started having problems?

Also, can you give us some more information, like your operating system, browser, etc.?

Just adding to this since you mentioned not being able to delete param32.dll...

Turn off System Restore

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.

C:\WINDOWS\System32\param32.dll

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path into the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Have hijackthis fix this line as well:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0271/

Turn System Restore back on.

Turn off System Restore

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed.

Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.

C:\WINDOWS\System32\param32.dll

Reboot afterwards if the file was successfully deleted.

If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.

Hi Tommy1988, welcome to DaniWeb :)

I'm afraid it's against forum rules to assist with file-sharing programs:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

How is it connected to your computer (USB?)?

I'm assuming there is some type of power indicator light on it, is that illuminated?

Welcome to DaniWeb Mushromboi :)

We prefer to answer questions in the forum, rather then by email, so if someone else has the same problem they can also try any suggestions. Also, others can see what has already been suggested.

See if anything here helps you with your problem:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q122926

Sorry, but it's against forum rules to assist with file-sharing programs such as Kazaa:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

Glad to hear you got rid of HotOffers, but there are a few other things you should get cleaned up; can you post a fresh hijackthis log?

Hi and welcome to DaniWeb :)

Your post has been split into it's own thread so you can get individual attention and so Megapaul's fixes don't get confused with yours.

Can you please post your HJT log? That will give us a starting point.

I did not write this but found on internet but explains everthing:

*.emz and *.wmz files are GZIP-compressed fully scallable *.emf and *.wmf images and corresponding bitmap images have size suitable for the screen settings used during the HTML-export and size resulting from the size of displayed image in Word. The quality of graphics is usually excellent.

*.emz and *.wmz file formats are recognized as graphics files by MS Office applications (e.g. Word, PowerPoint) and may be inserted (Insert/Picture or Image/From file ...) into such documents (and scaled at will).
However, there may be some problems with e.g. displaying fonts in PowerPoint. On my system - Win98/MS Office2k - all Arial fonts in such

*.emz, *.wmz, *.emf, *.wmf files are displayed as Times New Roman - font face is ignored; the same images copied from Word/Excel etc. as objects are displayed OK.
After you uncompress *.emz or *.wmz files into the corresponding uncompressed *.emf and *.wmf formats, such files will be treated as graphics by practically all vector-graphics recognizing applications.
How to uncompress *.emz or *.wmz files:
With GZIP.EXE (free command-line program, gzip.org GNU project):
GZIP.EXE -d <name>.emz ren <name>.em <name>.emf

That info was found here, I believe:
http://adsorption.org/awm/prog/ex/HTML-ex.htm

Please do not discuss the use of illegal file-sharing here, it is against the forum rules:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

Right-click in an open area of your desktop, and select Properties; click on the Setting tab, and then look for the slider in the 'Screen area' box, and move it all the way to the left. If that doesn't fill your screen, keep trying differnt settings to the right until you get it where you want it.

I'm afraid it's against forum rules to assist with file-sharing programs:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq

Turn off System Restore.

Scan with HJT and have it fix the following entries:

O2 - BHO: (no name) - {E99150C1-F93F-461F-9BA1-E455842AB7A8} - blank (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Be sure all windows, other then HijackThis, are closed before hitting 'Fix checked.'

Go to the following locations and delete the highlighted file or folder (be sure your system is set to show 'Hidden files and folders'):

C:\WINDOWS\SYSTEM\SHDOCVW.DLL
C:\WINDOWS\web\related.htm

Do a serach for on your system for the following files and delete them (you may need to boot into Safe Mode to do so):

param32.dll
guninst.exe
popup_bl.dll

Empty your Recycle Bin.

If you still have the problem, get SilentRunners from here:
http://www.silentrunners.org/

Run it, and post the log that it generates.

If the problem is resolved, you can reenable System Restore.

Reboot normally, close any open browser windows, scan with HJT, and post a new log please.

Hopefully someone will move this to the Virus forum.

In the meantime, try this to get rid of HotOffers:

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then reboot normally

Delete all the HotOffer icons from your desktop.

Empty your Recycle Bin.

Scan with HijackThis and have it fix this entry (if it's still there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0058/

My first suggestion would be to try firewalls, one hardware (like SMC's Barricade), and one software (here's a free one: http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp).

How long it takes depends on how fragmented the drive is and it's size. But it shouldn't take as long as you've indicated (though with a drive that size, with that much data, it is possible if it hasn't been done in awhile); there is probably something running that is causing it to restart. You can try to figure out what it is, but it's best to just boot into Safe Mode and run it from there. At least try that initially and see how long it takes, this will give you an idea of how long it should take when you try it in normal mode.

Is this 110GB all one partition?

DMR, your DaniWeb link doesn't work :(

Chilkat, try this to get rid of HotOffers:

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then reboot normally

Delete all the HotOffer icons from your desktop.

Empty your Recycle Bin.

Get HijackThis as DMR suggested, and post the log as there will probably be some more cleanup to do.

Here's the latest on Longhorn:
http://www.heraldnet.com/stories/05/04/26/100bus_longhorn001.cfm

Here's the latest on Longhorn:

http://www.heraldnet.com/stories/05/04/26/100bus_longhorn001.cfm

I had this in the Hardware forum for several days with no response, so maybe someone that can help will see it here :)

Go to Add/Remove Programs in your Control Panel and remove Viewpoint Manager

Scan with HJT and have it fix this entry (if found):

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Go to C:\Program Files and delete the Viewpoint folder

First you should put hijackthis into it's own folder. To do this, right-click on an open area of your desktop and select New, Folder; give the folder a name (like HJT), and then drag the hijackthis.exe icon that is on your desktop into that new folder.

Go to Add/Remove Programs in your Control Panel and remove (if found):

Wintools
Funwebproducts

Scan with hijackthis and have it fix the following entries:

O4 - HKLM\..\Run: [IMMSG32] immsg32.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [IMMSG32] immsg32.exe

Be sure all windows are closed, other then hijackthis, before hitting the Fix button.

Do a search for the following files and delete any instances found:

btiein.dll
f3ezsetp.dll
sep.dll
toolbar.dll
wtoolsb.dll
iexploreskins.exe
emusicclient.exe
fash.exe
wintools.exe
wtoolsa.exe
wsup.exe
wtoolss.exe

Reboot, close any open browser windows, scan with hijackthis (before you close the offending .exe), and post a new log please.

You need to go to Windows Update and get SP1a for XP and IE.

Try this to get rid of HotOffers (if you haven't already):

Boot into Safe Mode and do a search for these files:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete them, and then scan with hijackthis, and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/this-part-may-vary

Reboot normally and delete all the HotOffer icons from your desktop.

Empty your Recycle Bin.

You also need to remove Newdotnet, either from Add/Remove Programs, or by going to http://www.newdotnet.com/#remove and scrolling down to the Uninstall tool.

There will still be more to do, so close all browser windows, scan with hijackthis and post a new log please.

What about the Viewpoint Manager? If it's not something you use, you should remove it.

This will help you with the format and installation:
http://www.daniweb.com/techtalkforums/thread6632.html

As for the activation, as jwenting said, you will need to contact Microsoft when you are ready to activate. I doubt if you will need to send proof of purchase, just explain the situation. Be prepared to type the activation code while you're on the phone -- they won't give you time to write it down.

Do you use Viewpoint Manager? It's typically installed without the users knowledge.

Download Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Run it, and when it opens, click on the Restore Original Hosts button and then exit Hoster.

Scan with HJT and have it fix the following entries (if found):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hulra.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {20AD1F74-A76B-C5B9-54F5-8C3B0872A419} - C:\WINNT\system32\mspw.dll
O4 - HKLM\..\Run: [addzn.exe] C:\WINNT\system32\addzn.exe
O4 - HKLM\..\RunOnce: [javaik.exe] C:\WINNT\system32\javaik.exe
O4 - HKLM\..\RunOnce: [ipic.exe] C:\WINNT\system32\ipic.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
(More info -- http://startup.iamnotageek.com/srch-freescan.exe.html)
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://mirror.worldwinner.com/games/v40/mines/mines.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games...ut/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v43/pool/pool.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://mirror.worldwinner.com/games...gsaw/jigsaw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...ol_v1-0-3-9.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://mirror.worldwinner.com/games...ck/bjattack.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://mirror.worldwinner.com/games...ll/freecell.cab
…

You should move hijackthis into it's own permanent folder before it gets deleted accidently (something like c:\HJT\hijackthis.exe)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE --
http://startup.iamnotageek.com/srch-Alcxmntr.exe.html

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe --
http://startup.iamnotageek.com/srch-digstream.exe.html

You should put hijackthis into it's own folder, like C:\Documents and Settings\apryl\My Documents\HJT\HijackThis.exe

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxvzq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.com...bio5_3_16_0.cab

Be sure all windows are closed, other then hijackthis, before hitting the Fix button.

Reboot, close any open browser windows, scan with HJT, and post a new log please.

You've almost got it; hijackthis isn't in a Temp folder anymore, but it still should be in it's own folder -- make a new folder in your Program Files folder and put hijackthis in it (like C:\Program Files\HJT\HijackThis.exe). And remember to close any open browser windows when you scan with hijackthis (you had IE open in your last scan).

Did you set this as your homepage yourself? http://www.rr.com/

After you move it, scan again and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fagyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fagyl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {116B01C5-8BC7-251E-BB40-07D50B880E0C} - C:\WINDOWS\mfcbh32.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/adc4955d/enter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1096243796546
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab

Be sure all windows, other then hijackthis, are closed before hitting the Fix button.

Reboot, close any open browser windows, scan with HJT, post a new …

If you have a video card, you need to get the manufactures name and model number of it, and then go to their website for the latest drivers.

If you have 'on-board' video, you need to get the manufactures name and model number of your motherboard, and then go to that website for the latest drivers.

I can't say whether the above instructions will work or not, but if you intend to try it, you should make a backup before you edit the registry. Go to Start, Run, type in regedit, and the Registry Editor will open. At the top of the Registry Editor window, click on File, and then Export. In the Export range panel, click All, give the file a name, then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Right now you're running hijackthis from a Temp folder; before you use it to fix anything, you should put it into it's own permanent folder (like c:\HJT\hijackthis.exe).

After you've moved it, close any open browser windows, scan again, and post the new log please.

In post #4 you said "when i open internet explorer", that's the reason crunchie suggested the fix in post #5.

I don't know what to tell you about the Mozilla plugin.

There shouldn't be much more for you to fix, but we won't know till you post another log :)

Do you have any buttons on your monitor that allow you to change the screen size?

Thanks Janine, I haven't used that brand before and now I never will :)

See if this helps:
http://www.daniweb.com/techtalkforums/thread11350.html

The instructions are for a dual-boot, but if you just follow the first part of either attachment you should get Win98 installed.

In addition to the uninstall program you used (per this thread: http://www.daniweb.com/techtalkforums/post114885.html#post114885), I think it would be a good idea to make sure you have gotten rid of it completely:

Boot into Safe Mode and do a search for these files (be sure your system is set to show 'Hidden files and folders'):

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Delete those files (if found), reboot normally, and delete any HotOffer icons from your desktop.

Empty your Recycle Bin.

You can still post a hijackthis log too if you would like to make sure you don't have anything else lurking that shouldn't be :)

Can you post the before and after logs so we can see what you had hijackthis fix?

Once you are able to get online with it, you should go to Windows Update and get the Critical Updates for your system (SP4).

I'm not sure if this is better off in the hardware forum or software since it involves both, but I decided to try here first and see how it goes.

I have a Dazzle 150 (this would be the hardware) and Pinnacle Studio 9 & MovieMaker 5 for software.

I can use the Pinnacle software, so I know there's no problem with drivers or anything like that. But when I try to use MovieMaker, there are no devices listed under Video Device, so I can't use it.

I would prefer to use MovieMaker because it uses less then 2,000K of memory, whereas Pinnacle uses over 240,000K! Since I only have 384,000K installed, I have to close everything, including my antivirus, in order to use Pinnacle.

I tried contacting Dazzle, but since Pinnacle took it over, they say they no longer support MovieMaker and won't even try to help me.

If anyone has any ideas on how I can get MovieMaker to recognize the Dazzle I would really appreciate it! Or, some other programs that will work without using so much memory.

WindowsXP is the OS

Hi Sidekickbilly, welcome to DaniWeb :)

I've moved your thread to the virus forum so you would get more help.

Having more then one antivirus program installed on your computer can cause problems; you should decide which one you prefer and remove the other one. You can run free online scans (like Panda and TrendMicro) if you think your program may be missing something.

As a starting point, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, click 'Scan and Save Log' with hijackthis; when it's finished scanning, Notepad should pop up with a log, copy the log and paste it into this thread.