Problems on booting up

[Graham]

Hello all. Does anyone fancy a challenge? My problem at the moment
manifests itself when the icons begin to appear on the screen towards
the end of the boot up process. The blue screen of death kicks in with
BAD_POOL_HEADER amoungst many other things being the error message on
the blue screen. Argh!

The problem stemmed from when my anti-virus software at the time asked
me whether I wanted to place a file in their "virus vault". I have
been in touch with them and they have asked me to run a programme
which gives loads of info on my computers boot up process.

I know there's a lot of info on this e-mail, and most of it may not
apply, but I've cut and pasted it all into this post.

Top to bottom of this post regards most recent e-mails to the anti-
virus bods to the first e-mails to them, at the very bottom is a cut
and paste of the result of teh boot up programme that the anti virus
administrators asked me to run.

Thanks for your time

Graham





Hello there, thanks for your reply.

I have downloaded AVG Anti-Virus Professional Edition 7.5 and
attempted to
install it. However the 5th window in (after the system status is
checked by
the installer) asks for a License/Sales number, for which at the
moment I do
not have.

I have followed your requested actions as below, all of the files with
AVG
in their title were deleted. There was nothing in the regedit file
you
suggested under the titles of Grisoft or AVG.

I have run hijackthis and have enclosed the file to this e-mail
hoping
dearly that you can further help.

Thank you very very much

Sincerely,

Graham Morris.
----- Original Message -----
From: "AVG Technical Support" <[email protected]>
To: <[email protected]>
Sent: Tuesday, February 27, 2007 3:59 PM
Subject: Re: G#0701751212 - AVG 7.5 Technical Support

Dear Sir/Madam,

Thank you for your email.

Please accept our apology, if you have experienced longer than
usual response time from AVG. Due to the release of our new
suite of products AVG 7.5 and the growing demand for our
new licenses we are experiencing a higher than usual volume
of e-mail messages from our customers. Though we do our
best to answer in a timely manner, you may experience an
extended response time. We apologize for any inconvenience
this may cause you and thank you for your continuous
support of AVG.

According to log files attached to your last email, it seems that you have
two Antivirus programs installed. It is not recommended to have two
antivirus systems due to conflicts that may occur. So we recommend to
uninstall another solution.

To reinstall/repair AVG please proceed as follows:

1) Download the most recent installation package from

http://www.grisoft.com/doc/Programs

Click on the "AVG Anti-Virus Professional Edition 7.5" link or click the
"Download" button

2) Right-click the
"AVG 7.5 for Windows" link and choose "Save target as..." to save it to
disk (e.g. Desktop, file avg75f_XXXaXXX.exe).

3) Run downloaded file (e.g. Desktop, file avg75f_XXXaXXX.exe) to get
Uninstall Product option (On the 3rd screen of AVG installer) and
uninstall AVG

If the uninstall option would not be available, please proceed with manual
uninstall from the Safe mode:

How to start PC in safe mode:

Win XP:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

- Remove following folders (make sure that "Show hidden files" function
under Windows Folder option is enabled):
C:\Program Files\Grisoft
C:\Documents and settings\Grisoft or AVG7
C:\Documents and settings\All users\Application data\Grisoft
C:\Documents and settings\All users\Application data\AVG7
C:\Documents and settings\<user>\Application data\AVG7

<user> is the name for your profile folder (e.g. Administrator, Laura
etc.)

- I recommend you also to search for other folders beginning with AVG
on your harddrive and delete them, except the downloaded installation file
(Start -> Search -> For files or folders)

- in registry try to find and delete all AVG subkeys of following key:

(Start -> Run, type "regedit" without quotes and click OK)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Some folders could be hidden by default Windows settings. It can be
changed in Start ->
Settings -> Control Panel -> Folder Options -> View tab -> Show hidden
files and folders.
(The location and names could be a little bit different, depending on the
operating system version).

4) Restart the computer.

5) Run downloaded file (e.g. from Desktop, file avg75f_XXXaXXX.exe) to
install AVG on your computer again.

If the problem persists, please follow instructions below:

Download HijackThis utility, available at:
http://www.merijn.org/files/hijackthis.zip

Unpack this file to a folder (or Desktop) and run
HijackThis.exe application (double-click on it).
In the main program window press button
"Open the Misc Tools section".
Mark the "List also minor sections (full)" checkbox.
Press "Generate StartupList Log" button and confirm
with "Yes" button. When the test finishes, a test result
will appear on the screen. Please save this test result
to the hard drive as a file and send us the file,
attached to your next email, for further analysis.

Thank you for your cooperation.

Best regards,

Milan Mestka
AVG Technical Support

website: http://www.grisoft.com
mailto: (e-mail address removed)

-------------------------------------------------------------------------------
---------------
THIS IS AUTOMATICALLY GENERATED PART OF YOUR E-MAIL
THE LICENSE NUMBER IS NECESSARY FOR ACCESSING THE TECHNICAL SUPPORT
SERVICES OF
GRISOFT COMPANY
75TRIAL-TTS0E-P06-C01-S25N0K-TZV
PLEASE, DO NOT CHANGE THIS GENERATED TEXT
kw1e8480
-------------------------------------------------------------------------------
---------------

Hello There,

I received a message from my AVG virus check yesterday saying that it had
discovered an Adware Generic.tsc, that it was connected to the rlvknly.exe
file
from the windows/system32 folder. I then asked me whether I would like to
move
it to virus vault which I did, however it warned me that my system could
become
unstable if I did this action, I did it anyway.

Upon my next reboot, at the moment when the icons first appear on the
windoes
interface during the booting up process, the computer all of a sudden cut
power
and the windows blue screen of death appeared. Towards the top of the page
it
said the following :

BAD_POOL_HEADER

and towards the foot of the page it gave the following code :

*** STOP: 0x00000019 (0x00000020, 0x827DECF8, OX827DEE00, 0X0A210002)

I have tried to restore the file from the virus vault but it still gives
me the
same result.

In addition, today the virus update ran for the first time on boot up
since
this happened yesterday and it stated that it could not initialize the
update
interface.

It went on to state that the installation of AVG is probably damaged and
to
reinstall AVG.

Can you help please.

Many thanks

Graham Morris

[Attached File: GRAHAM(COMPUTER).cab]
[Attached File: Graham Morris.GRAHAM(CURRENT USER).cab]
[Attached File: logs.cab]
[Attached File: reports.cab]

STARTUP BOOT PROCESS PROGRAMME RAN ON MY COMP AS FOLLOWS :

StartupList report, 01/03/2007, 21:41:25
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Graham Morris\Local Settings
\Temp\wzbeb3\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\rlvknlg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Graham Morris\Local Settings\Temp
\wzbeb3\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
Audible Download Manager.lnk = C:\Program Files\audible\Bin
\ADHelper.exe
Digital Line Detect.lnk = ?
Watch.lnk = C:\WINDOWS\TWAIN_32\C6U14K\WATCH.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared
\ccRegVfy.exe"
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD
\DirectCD.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB
\realsched.exe" -osboot
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_04\bin
\jusched.exe
ezShieldProtector for Px = C:\WINDOWS\system32\ezSP_Px.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
AtiPanel = C:\WINDOWS\atip.exe
OM_Monitor = C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

(Default) =
PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
RealPlayer = "C:\Program Files\Real\RealPlayer\realplay.exe" /
RunUPGToolCommandReBoot
OM_Monitor = C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -
NoStart

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /
CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /
CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

..lnk: HIDDEN! (arrow overlay: yes)
..pif: HIDDEN! (arrow overlay: yes)
..exe: not hidden
..com: not hidden
..bat: not hidden
..hta: not hidden
..scr: not hidden
..shs: HIDDEN!
..shb: HIDDEN!
..vbs: not hidden
..vbe: not hidden
..wsh: not hidden
..scf: HIDDEN! (arrow overlay: NO!)
..url: HIDDEN! (arrow overlay: yes)
..js: not hidden
..jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-
B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe

[SurferNETWORK Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX
CODEBASE = http://rd1.surfernetwork.com/surferplugin.ocx

[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files
\AxisCamControl.ocx
CODEBASE = http://217.125.138.27/activex/AxisCamControl.cab

[ScorchPlugin Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll
CODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

[{D05F33E0-3F75-11D3-A176-006008944486}]
CODEBASE = http://download.audible.com/AM36/awrdscdc.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}]
CODEBASE = http://www.smgradio.com/core/player/abasetup144.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\rlls.dll
Protocol #2: C:\WINDOWS\system32\rlls.dll
Protocol #3: C:\WINDOWS\system32\rlls.dll
Protocol #4: C:\WINDOWS\system32\rlls.dll
Protocol #5: C:\WINDOWS\system32\rlls.dll
Protocol #21: C:\WINDOWS\system32\rlls.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Background Intelligent Transfer Service: %SystemRoot%
\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared
\ccEvtMgr.exe" (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k
DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService
(autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k
LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton
AntiVirus\navapsvc.exe" (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:
\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%
\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k
imgsvc (autostart)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared
\Security Center\SymWSC.exe" (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe
(autostart)
Viewpoint Manager Service: "C:\Program Files\Viewpoint\Common
\ViewpointService.exe" (autostart)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService
(autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -
k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs
(autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k
netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\nsosscfg.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 13,759 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only

 

[Hertz_Donut]

Hello all. Does anyone fancy a challenge? My problem at the moment
manifests itself when the icons begin to appear on the screen towards
the end of the boot up process. The blue screen of death kicks in with
BAD_POOL_HEADER amoungst many other things being the error message on
the blue screen. Argh!

The problem stemmed from when my anti-virus software at the time asked
me whether I wanted to place a file in their "virus vault". I have
been in touch with them and they have asked me to run a programme
which gives loads of info on my computers boot up process.

I know there's a lot of info on this e-mail, and most of it may not
apply, but I've cut and pasted it all into this post.

Top to bottom of this post regards most recent e-mails to the anti-
virus bods to the first e-mails to them, at the very bottom is a cut
and paste of the result of teh boot up programme that the anti virus
administrators asked me to run.

Thanks for your time

Graham





Hello there, thanks for your reply.

I have downloaded AVG Anti-Virus Professional Edition 7.5 and
attempted to
install it. However the 5th window in (after the system status is
checked by
the installer) asks for a License/Sales number, for which at the
moment I do
not have.

I have followed your requested actions as below, all of the files with
AVG
in their title were deleted. There was nothing in the regedit file
you
suggested under the titles of Grisoft or AVG.

I have run hijackthis and have enclosed the file to this e-mail
hoping
dearly that you can further help.

Thank you very very much

Sincerely,

Graham Morris.
----- Original Message -----
From: "AVG Technical Support" <[email protected]>
To: <[email protected]>
Sent: Tuesday, February 27, 2007 3:59 PM
Subject: Re: G#0701751212 - AVG 7.5 Technical Support

Dear Sir/Madam,

Thank you for your email.

Please accept our apology, if you have experienced longer than
usual response time from AVG. Due to the release of our new
suite of products AVG 7.5 and the growing demand for our
new licenses we are experiencing a higher than usual volume
of e-mail messages from our customers. Though we do our
best to answer in a timely manner, you may experience an
extended response time. We apologize for any inconvenience
this may cause you and thank you for your continuous
support of AVG.

According to log files attached to your last email, it seems that you
have
two Antivirus programs installed. It is not recommended to have two
antivirus systems due to conflicts that may occur. So we recommend to
uninstall another solution.

To reinstall/repair AVG please proceed as follows:

1) Download the most recent installation package from

http://www.grisoft.com/doc/Programs

Click on the "AVG Anti-Virus Professional Edition 7.5" link or click the
"Download" button

2) Right-click the
"AVG 7.5 for Windows" link and choose "Save target as..." to save it to
disk (e.g. Desktop, file avg75f_XXXaXXX.exe).

3) Run downloaded file (e.g. Desktop, file avg75f_XXXaXXX.exe) to get
Uninstall Product option (On the 3rd screen of AVG installer) and
uninstall AVG

If the uninstall option would not be available, please proceed with
manual
uninstall from the Safe mode:

How to start PC in safe mode:

Win XP:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

- Remove following folders (make sure that "Show hidden files" function
under Windows Folder option is enabled):
C:\Program Files\Grisoft
C:\Documents and settings\Grisoft or AVG7
C:\Documents and settings\All users\Application data\Grisoft
C:\Documents and settings\All users\Application data\AVG7
C:\Documents and settings\<user>\Application data\AVG7

<user> is the name for your profile folder (e.g. Administrator, Laura
etc.)

- I recommend you also to search for other folders beginning with AVG
on your harddrive and delete them, except the downloaded installation
file
(Start -> Search -> For files or folders)

- in registry try to find and delete all AVG subkeys of following key:

(Start -> Run, type "regedit" without quotes and click OK)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Some folders could be hidden by default Windows settings. It can be
changed in Start ->
Settings -> Control Panel -> Folder Options -> View tab -> Show hidden
files and folders.
(The location and names could be a little bit different, depending on the
operating system version).

4) Restart the computer.

5) Run downloaded file (e.g. from Desktop, file avg75f_XXXaXXX.exe) to
install AVG on your computer again.

If the problem persists, please follow instructions below:

Download HijackThis utility, available at:
http://www.merijn.org/files/hijackthis.zip

Unpack this file to a folder (or Desktop) and run
HijackThis.exe application (double-click on it).
In the main program window press button
"Open the Misc Tools section".
Mark the "List also minor sections (full)" checkbox.
Press "Generate StartupList Log" button and confirm
with "Yes" button. When the test finishes, a test result
will appear on the screen. Please save this test result
to the hard drive as a file and send us the file,
attached to your next email, for further analysis.

Thank you for your cooperation.

Best regards,

Milan Mestka
AVG Technical Support

website: http://www.grisoft.com
mailto: (e-mail address removed)

-------------------------------------------------------------------------------
---------------
THIS IS AUTOMATICALLY GENERATED PART OF YOUR E-MAIL
THE LICENSE NUMBER IS NECESSARY FOR ACCESSING THE TECHNICAL SUPPORT
SERVICES OF
GRISOFT COMPANY
75TRIAL-TTS0E-P06-C01-S25N0K-TZV
PLEASE, DO NOT CHANGE THIS GENERATED TEXT
kw1e8480
-------------------------------------------------------------------------------
---------------

Hello There,

I received a message from my AVG virus check yesterday saying that it had
discovered an Adware Generic.tsc, that it was connected to the
rlvknly.exe
file
from the windows/system32 folder. I then asked me whether I would like to
move
it to virus vault which I did, however it warned me that my system could
become
unstable if I did this action, I did it anyway.

Upon my next reboot, at the moment when the icons first appear on the
windoes
interface during the booting up process, the computer all of a sudden cut
power
and the windows blue screen of death appeared. Towards the top of the
page
it
said the following :

BAD_POOL_HEADER

and towards the foot of the page it gave the following code :

*** STOP: 0x00000019 (0x00000020, 0x827DECF8, OX827DEE00, 0X0A210002)

I have tried to restore the file from the virus vault but it still gives
me the
same result.

In addition, today the virus update ran for the first time on boot up
since
this happened yesterday and it stated that it could not initialize the
update
interface.

It went on to state that the installation of AVG is probably damaged and
to
reinstall AVG.

Can you help please.

Many thanks

Graham Morris

[Attached File: GRAHAM(COMPUTER).cab]
[Attached File: Graham Morris.GRAHAM(CURRENT USER).cab]
[Attached File: logs.cab]
[Attached File: reports.cab]

STARTUP BOOT PROCESS PROGRAMME RAN ON MY COMP AS FOLLOWS :

StartupList report, 01/03/2007, 21:41:25
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Graham Morris\Local Settings
\Temp\wzbeb3\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\rlvknlg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Graham Morris\Local Settings\Temp
\wzbeb3\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
Audible Download Manager.lnk = C:\Program Files\audible\Bin
\ADHelper.exe
Digital Line Detect.lnk = ?
Watch.lnk = C:\WINDOWS\TWAIN_32\C6U14K\WATCH.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared
\ccRegVfy.exe"
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD
\DirectCD.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB
\realsched.exe" -osboot
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_04\bin
\jusched.exe
ezShieldProtector for Px = C:\WINDOWS\system32\ezSP_Px.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
AtiPanel = C:\WINDOWS\atip.exe
OM_Monitor = C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

(Default) =
PopUpStopperFreeEdition = "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
RealPlayer = "C:\Program Files\Real\RealPlayer\realplay.exe" /
RunUPGToolCommandReBoot
OM_Monitor = C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -
NoStart

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /
CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /
CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-
B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE =
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =
http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe

[SurferNETWORK Plugin]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SURFER~1.OCX
CODEBASE = http://rd1.surfernetwork.com/surferplugin.ocx

[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab

[CamImage Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files
\AxisCamControl.ocx
CODEBASE = http://217.125.138.27/activex/AxisCamControl.cab

[ScorchPlugin Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll
CODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE =
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

[Live365Player Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Play365.dll
CODEBASE = http://www.live365.com/players/play365.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE =
https://www-secure.symantec.com/techsupp/activedata/SymAData.cab

[{D05F33E0-3F75-11D3-A176-006008944486}]
CODEBASE = http://download.audible.com/AM36/awrdscdc.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE =
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE =
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}]
CODEBASE = http://www.smgradio.com/core/player/abasetup144.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\rlls.dll
Protocol #2: C:\WINDOWS\system32\rlls.dll
Protocol #3: C:\WINDOWS\system32\rlls.dll
Protocol #4: C:\WINDOWS\system32\rlls.dll
Protocol #5: C:\WINDOWS\system32\rlls.dll
Protocol #21: C:\WINDOWS\system32\rlls.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Background Intelligent Transfer Service: %SystemRoot%
\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared
\ccEvtMgr.exe" (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k
DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService
(autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k
LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton
AntiVirus\navapsvc.exe" (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:
\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%
\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k
imgsvc (autostart)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared
\Security Center\SymWSC.exe" (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k
netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe
(autostart)
Viewpoint Manager Service: "C:\Program Files\Viewpoint\Common
\ViewpointService.exe" (autostart)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService
(autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -
k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs
(autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k
netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\system32\nsosscfg.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 13,759 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only

Not sure about the coincidence with the AV software, but a bad pool header
is most always attributable to bad hardware, most often RAM.

Honu