stop: 0x0000008e on start-up [CAN'T START]

[bklyn]

Greetings, board members.

 

i have a nagging problem...
when i try to start up my pc, i get a BSOD with the error message:

stop: 0x0000008E (0x00000005, 0xBF80FD94, 0xF77007DC, 0x00000000)

win32k.sys - Adress BF80FD94 base at BF800000, DateStamp 4341dcff


i have 4 memory sticks. i read that it may be a RAM problem so i tried a few things.
i tried removing 2, replacing 2, etc. NOTHING.

i was able to access my C drive using the Recovery Console, but I didn't change anything..just looked. i even went in with the diagnostic disk and ran ALL the tests. they all passed.

i can't start my pc to download any diagnostic tools, and the laptop i'm on doesn't have a floppy nor a burner. can anyone help?

 

Dell Dimension 8250
512 ram, 120G HD

[Saviour]

Can you boot into Safe Mode?

[drmsucks]

Try booting with one RAM module at a time.

[bklyn]

Saviour: can't get into safe mode. basically i can't get past the BSOD, with the exception of the diagnostic tools.

drmsucks: my Dell has to have 2 RAM sticks in @ a time. and yes, i tried all the combinations.

 

[drmsucks]

1) Try to boot with one module at a time in slot #1 (closest to CPU).

2) Download memtest 86 (memtest86.org). For memtest86, you'll need to burn the .iso to CD then boot from the CD. (If you need a suggestion for .iso burn program, post back.)

*Run memtest86 on one RAM module at a time for 1 hour at least; longer is better up to 7 passes. Repeat for each RAM module.

*If all modules pass individually, install all RAM and run memtest86 for 4 hours.

(ANY error means a bad module.)

3) Download and run the diagnostic software from the manufacturer of your hard drive.

[Broni]

While in Recovery Console, run this:
COPY C:\Windows\ServicePackFiles\I386\win32k.sys C:\Windows\System32\drivers

[bklyn]

drmsucks:  as i mentioned earlier, i can't boot with 1 module, but i tried it anyway.-- no good.

Broni: this is replacing win32k.sys, right? shouldn't i rename the old old first?

[patio]

What new hardware have you added ? ?

[bklyn]

no new hardware.

maybe i should've noted a quick history of what happened b4 i got the BSOD:

"this problem seemed to have happened after i burned a dvd from one of those dvd rental machines located in supermarkets. i noticed it after the pc had been on for about 2 days straight. it always acts sluggish when i leave it on for a while.

after burning the dvd i tried to go online and noticed my home page would load, then be redirected. when i closed all windows i noticed my background had changed. i ran spybot, ad-aware, and i scanned with AVG. after scanning AVG directed me to restart my computer. intuition told me not to restart, but i did anyway. WELL, upon rebooting, i got the BSOD. i opened  task manager and saw i had a process running called "plveadii.exe" [i think that's it]. i tried searching for it and couldn't find it. can't find it on google either."

i mentioned this to an IT guy at my job and he assured me that the potential virus/spyware had nothing to do with my BSOD. he said that he was certain it was a RAM problem. i didn't necessarily believe him, but i figured i should just get myself booted up first, then i can attack the virus/spyware. that's why i failed to mention it in my post. do you think the virus/spyware has anything to do with the BSOD?

[Saviour]

This topic should be moved to the malware forum.

[Carbon Dudeoxide]

This topic should be moved to the malware forum.

A agree.

However, before I (or any of us) do that I just want to ask if you can make this clear.

Can you get into Windows?

If yes, post the three logs from this guide and one of our Malware Specialists will help from there.
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[bklyn]

no, i can't get into windows AT ALL.
is there a way to get into windows from the recovery console CD?

[Broni]

this is replacing win32k.sys, right? shouldn't i rename the old old first?

It'll ask you, if you want to replace original file, but to be on safer side, you may rename it, first.

I'm, curious. What does make you feel, guys, this is malware issue?

[Saviour]

By this post...

[Broni]

An infection from rented DVD?
I'm not sure, how it's possible, but who knows in today's world....

[patio]

The only reason i asked about hardware is that error message points to a hardware incompatibility issue and or a driver problem...
Have you installed any new drivers recently ? ?
If so revert back to the older ones.

[bklyn]

thanks for the replies guys.

Broni: ok, i'll try it. after i do this, what next? try to reboot?

patio: no, no new hardware nor drivers.

to the others: do you really believe the problem is from malware? i think it's just coincidental. but if so, i ask the mods to move it to the malware forum.

[Saviour]

Well...

It was you who made the comment...so if worse comes to worse, you can definitely try there.

[Broni]

ok, i'll try it. after i do this, what next? try to reboot?

Talking about the command, I posted earlier?

[bklyn]

yes. once i type the command, should i exit and reboot?

[Broni]

Yes.

[bklyn]

tried it, but got a message "the system cannot find the file specified"

[Broni]

I uploaded the file for you: http://www.uploadbigfiles.net/download.php?file=559win32k.sys

[bklyn]

hey, been a little busy....

anyway, i copied the file over...nothing
i ran memtest86 for ~30 passes...nothing

what should i try next?

[Broni]

I'd say, next logical move is to check your hard drive: http://www.tacktech.com/display.cfm?ttid=287

[bklyn]

i'll try it.

one thing; i tried the hard drive tests from Dell and they passed. are those diagnostic tests sufficient? also, i was able to access my windows directory in dos. could the hard drive still be faulty?

[Broni]

I'd say, HD manufacturer tests are the best.
HD doesn't have to be totally un-usable to be bad. It may have some errors, which may cause problems in one department, but work fine somewhere else.
I'm not saying, your HD is bad, but it's worth to check.

[bklyn]

sorry, again for the late reply.

gonna try to download the hd file.

question: can i run Nero or easy cd creator (or some other program) from a flash drive? i can burn a cd @ work, but cannot burn an ISO because i don't have a program to do it from the job pc. i figure i can download the program to my flash drive, run it from there, and burn a cd on the cdr drive @ work.

[drmsucks]

bklyn - You can try this but I don't know if it will run from a flash drive.

http://isorecorder.alexfeinman.com/isorecorder.htm

[bklyn]

ok, i got the file from Western Digital and was about to run it until i read the part about data "may be lost" while running the diagnostic programs.
that worried me. so i got an external drive to copy my hard drive to. now here's where i am right now:
 -my friend gave me an external HD case. so i put my old hard drive in it and brought it to my laptop. i found i can access pretty much all of my documents and songs(that's a good thing)
 -bought an external drive to copy the entire old hard drive to the new one(as a precaution...just in case)

i am ready to copy, but was wondering what program to use. i have a disc with an old copy of Norton's Ghost on it. should i install that program, or is there an easier way?

once i copy the HD, i can put the old one back into the computer and run the diagnostics. if that doesn't get me up and running and i decide to do a "repair installation", i wouldn't worry about any data loss, because i have the hd backed up.

[drmsucks]

Personally, I just back up data. If you agree, just copy the data to the new drive - you don't need a program.

Programs can always be re-installed and your operating system condition is suspect anyway at this time.

[bklyn]

yes, i thought about that. only thing is i have data all over the place on the hd. i have the usual pdf's, pictures, and music. i also have some files from old programs that should be converted.

so if i just do a basic "copy" in windows explorer, would i be able to copy most, if not all, files? i can always weed out any unwanted programs and files at a later date.

[drmsucks]

I understand - go ahead and Ghost it, if you think that you can't find all of your data.

[bklyn]

thanks. but can i do the basic copy in windows explorer? or do i HAVE to install Ghost?

[drmsucks]

thanks. but can i do the basic copy in windows explorer? or do i HAVE to install Ghost?

Sure - that's what I suggested earlier but I thought that you were concerned about missing some data.

If I were you, I would methodically look at every file (open every folder) in Windows Explorer to make sure that I got all the data.

[bklyn]

ok, i copied my HD using Western Digital's data lifeguard program. it got all everything.

i then put my old hd back into the pc, ran the diagnostic tests from Western Digital. it found NO errors. by the way, when i had the hd connected to my laptop i ran AVG and ewido(anti malware). they found nothing. i'm wondering if another antivirus may find something?

does anyone have any other suggestions?

[drmsucks]

Bklyn - This topic started 9/6. Could you please do a summary (if applicable) and state your current situation.

[bklyn]

sure:

this problem seemed to have happened after i burned a dvd from one of those dvd rental machines located in supermarkets. i noticed it after the pc had been on for about 2 days straight. it always acts sluggish when i leave it on for a while.

after burning the dvd i tried to go online and noticed my home page would load, then be redirected. when i closed all windows i noticed my background had changed. i opened  task manager and saw i had a process running called "plveadii.exe" [i think that's it]. i tried searching for it and couldn't find it. can't find it on google either. i ran spybot, ad-aware, and i scanned with AVG. after scanning AVG directed me to restart my computer. intuition told me not to restart, but i did anyway. WELL, upon rebooting, i got the BSOD.

now:
i tried the dell diagnostics(supplied with the pc); i tried memtest; i tried western digital diagnostics; i ran AVG and ewido

i still have the BSOD.   

[drmsucks]

So, all tests have come back as okay?

You have all of your data backed up?

Why not try a full system recovery to restore your operating system to factory condition? Have you tried this?

[Saviour]

The simplest thing to do in this case would be to slave the drive on a working computer and scan it for malware using better software you currently have installed...since that which you are currently using didn't protect you in the first place...if, in fact, it's an infection.

If it's a hardware issue...then you'll need to find out what's causing it, by telling us the exact BSOD stop code you're getting.

Other than that...we're just chasing our tails here.

[drmsucks]

The simplest thing to do in this case would be to slave the drive on a working computer and scan it for malware using better software you currently have installed...since that which you are currently using didn't protect you in the first place...if, in fact, it's an infection.

If it's a hardware issue...then you'll need to find out what's causing it, by telling us the exact BSOD stop code you're getting.

Other than that...we're just chasing our tails here.

Saviour - He was getting the code in the topic title; I assume that it's the same now.

A re-install will solve any suspected malware problem - if it's hardware related, as the code indicates, it won't help unless it's a faulty driver issue. He says that RAM passed memtest 86 and the hard drive passed WD tests.

[Saviour]

Try reading this...it may shed some light on the subject.

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1215554&SiteID=17

[bklyn]

Saviour: i read the article and and have a few things in common. i've already tried a lot of the things that were tried by the posters in that forum. i haven't replaced my motherboard or video card, tho. one thing that i may look at is the haxdoor virus.

drmsucks: yes all tests came out ok and i do have my data backed up. i wanna wait until i tried a few more things before i try the repair install. that would be my next-to-last option (formatting would be my last, of course)

this is VERY frustrating, but i'm the type of person that likes to solve a problem. that's why i want to find out what's wrong. and that's why i love these forums. good direction and great learning. but, if it gets TOO frustrating i can always reformat or take the pc to the shop. with that said.. i have a little more patience left. ....but just a little 

[drmsucks]

Have you swapped out the power supply?

Try a known good one of at least the wattage of your PSU.

[bklyn]

sorry it  took so long... been away on business.

i will try to either buy a power supply tomorrow, or get my friend to let me try his psu in mine.(he has a dell 8250 as well)
so can the power supply really be bad even though i can run the diagnostics through the cd drive, and accessed the hard drive via DOS? also, what about the talk about a bad motherboard. any truth to that?

a couple more things:
-i downloaded avira antivirus on my laptop and ran it on my desktop hard drive (in the external case). it found a couple of "trojans" that are keygens(i had them as 'rar' files forever)

-do you think a hijackthis scan will help?

[patio]

Beware ! Most 9not all) Dell's can only use PSU's from Dell...using another brand may damage expensive components...

[bklyn]

yes, i read about that.

my friend has a dell like mine(bought 2 months after mine, by the way). i thought because of that, it wouldn't harm my pc.
and i didn't get a chance to get the psu today, but i had intentions on matching the power supply to my dell 8250. 

any opinions on the rest of my post?

[bklyn]

anybody???

[bklyn]

sorry it  took so long... been away on business.

i will try to either buy a power supply tomorrow, or get my friend to let me try his psu in mine.(he has a dell 8250 as well)
so can the power supply really be bad even though i can run the diagnostics through the cd drive, and accessed the hard drive via DOS? also, what about the talk about a bad motherboard. any truth to that?

a couple more things:
-i downloaded avira antivirus on my laptop and ran it on my desktop hard drive (in the external case). it found a couple of "trojans" that are keygens(i had them as 'rar' files forever)

-do you think a hijackthis scan will help?

anybody???

and what about an online virus scan?

[Carbon Dudeoxide]

You can post a HijackThis if you wish. I think you should.

What happened with those Trojans?

[bklyn]

i have hijackthis version 1.99. how do i perform a scan on an external drive?

the "trojans" are keygens for programs that i wanted to use. i'm thinking the virus scan looked at these keygens as trojans. i had them for months and never had a BSOD, or any problems in all that time.

[patio]

Hoooo boy...

[Carbon Dudeoxide]

HijackThis isn't a malware removal tool. It doesn't scan any drive.

Not sure if it's been suggested at all, but for virus infections, see here:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Oh, and by the way, the latest version of HJT is 2.0.2. I suggest you update.

[killerb255]

If you suspect a hard drive problem and:

1) you can't start up
2) you can't get to the XP Recovery Console
3) using a hard drive manufacturer program scares you (for some reason)

...then I HIGHLY suggest using Windows PE 2.1:

http://www.msfn.org/board/lofiversion/index.php/t83722.html

Scroll down to paxamime's post. 

In a nutshell:

1) Download the WAIK from Microsoft's site.
2) Create batch files from that post above.
3) Run them.
4) Burn the resulting ISO to CD.
5) Boot your PC using the disc (make sure you have at least 384 MB of RAM or it'll crap out).
6) On the command prompt, after "wpeinit", run the following command:
chkdsk c: /r
then press Enter.
7) If it sees EVEN ONE bad sector, it's probably a dying hard drive...

If you want to back up your data via PE, do the following:

1) Plug an external hard drive into your PC (preferably big enough to back up the data from your allegedly dying hard drive). 

2) Start up your computer and boot from the PE disc.

3) do one of these three things:

a) run ROBOCOPY from PE.  Use the robocopy /? command if you need help running it.  Most likely the command robocopy c:\ e:\ /e /y should be sufficient (assuming drive E is your external hard drive).

b) If you have Ghost, copy ghost32.exe to the root of your external hard drive.  Run that using the following commands, pressing Enter after each one:
e:\
ghost32
Now select Local -> Disk -> to Image -> select the source drive -> select drive E -> confirm -> go.

c) I don't have much experience with this yet, but you could add imagex.exe to your PE, and create a .wim image that contains the contents of your C drive.  Good if you want something like Ghost/Acronis, but don't have the cash to shell out for either of them.

I'm wondering if I should write a tutorial for using Windows PE here?

[bklyn]

Carbon Dudeoxide: i've used hijackthis before and i'm very aware it isn't a malware removal tool. how would you term what i want to do?
at any rate, i'm trying to run hijackthis and any other check on my HD, before i cave in and reformat it.

killerb255: i've already ran the manufacturer's HD check and everything looked good. and i copied the HD to a separate external HD...just in case . thanks. any other suggestions?

i've tried numerous checks on my PC and hard drive and still have the same stop error. i guess i waited long enough. i didn't wanna do it, but if i can't get this error resolved, i may have to reformat my drive. 

[Carbon Dudeoxide]

So you just want to scan your external drive for any viruses?
If so, you will need an Antivirus program to do so. (such as Malwarebytes and Superantispyware

[patio]

The only reason i asked about hardware is that error message points to a hardware incompatibility issue and or a driver problem...
Have you installed any new drivers recently ? ?
If so revert back to the older ones.

From 4 weeks ago.....

[bklyn]

i haven't installed anything(at least i don't remember doing so). like i said earlier, it seemed too much of a coincidence that after i burned a DVD i got the BSOD on the next boot up. i don't know if that DVD installed anything...

ok, so if i wanted to revert to any older one...is there a way to do it if i can't boot up the PC?

[bklyn]

hooray!! i got it started.   

i got discouraged at the waning responses for my post (maybe because it had been going on for over a month) so i decided to take drastic action.
i was at the point of reformatting if this last effort didn't work.

i downloaded antivir and ran checks on the drive. And i ran an online virus scan from f-secure. both found trojans. i disinfected some and deleted others. there were a couple of "0ll" files that f-secure found. i googled them and found that they were possible malware, or at the very least, unwanted.  f-secure also found a couple of files identified as the vundo(sp?) virus.

ok, now when the pc booted i got a couple of rundll error messages.

- error loading c:\windows\system32\lelsjwov.dll  the specified module could not be found
- error loading c:\windows\system32\qwkkldqx.dll  the specified module could not be found

i closed the windows and tried to go online. it worked. everythiing seems to be in order. i ran a hijackthis scan and here it is:
mods: if this is not the right section, let me know, i can start a new post in that section.


Logfile of HijackThis v1.99.1
Scan saved at 10:05:17 AM, on 10/13/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: {5577c487-22fc-340b-8c84-3935ced03962} - {26930dec-5393-48c8-b043-cf22784c7755} - C:\WINDOWS\System32\qdqrdj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - C:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: (no name) - {97AB5B86-CF1D-4D4F-BEAA-2FBFB56C5269} - C:\WINDOWS\System32\ssqNDtTl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB6C9487-AAD6-47EE-A3FA-5432126062F2} - C:\WINDOWS\System32\opnnonKC.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphc515j0e34p] C:\WINDOWS\System32\lphc515j0e34p.exe
O4 - HKLM\..\Run: [BM7302fb30] Rundll32.exe "C:\WINDOWS\System32\lelsjwov.dll",s
O4 - HKLM\..\Run: [7031c8ac] rundll32.exe "C:\WINDOWS\System32\qwkkldqx.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD6459\AnyDVDtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://cehomenet.coned.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs: qvwgal.dll
O20 - Winlogon Notify: opnnonKC - opnnonKC.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe






on another note, my laptop(which i'm writing this post on) is verrrrry slow to boot up.  *censored*!?!? i'll start another post for this.

THANKS TO ALL WHO LENDED THEIR EXPERTISE.

[Saviour]

Far be it from me to say, "I told you so", but I told you so...

My earlier recommendation:  http://www.computerhope.com/forum/index.php/topic,65553.msg422476.html#msg422476

[bklyn]

yep, you were absolutely right. in fact, i think you suggested on a couple of occasions that it was a malware issue.
you have every right to say it.