# Uninstalling Lavasoft Ad Aware



## Zappaboss (Nov 21, 2007)

Hi all,
When I try to uninstall Lavasoft 2008 Ad Aware I get this error in screenshot. I get this error wheather I am using Revo Uninstaller or the one from Lavasofts program. I used Ad Aware and Ad Watch for a few years on my old WinMe setup and was a great program. Now, it has become a chore to continually have to download updates manually (free version) and smart (basic) scan takes forever and hangs etc..etc..etc... I don't think it likes Vista (or vice versa) so its time to go. I run Revo as Admin and have UAC and all the built in stuff running. Attached is screenshot.


----------



## jcgriff2 (Sep 30, 2007)

Hi. . .

Go back to the Lavasoft un-install exe file and RIGHT-click on it, select "Run as Administrator".

Regards. . .

jcgriff2

.


----------



## Zappaboss (Nov 21, 2007)

Hi jcgriff2, I was hoping you would be the one to respond. I tried the "run as admin" and get the same error notice-same "UNKNOWN\ Installer\Products\xxxxxxx\xxx". Guess I could look for that key? This problem came to my attention the other night. I was bored and was reading the Tech Support Forum and came across a post where YOU were telling someone that Ad Aware caused more problems than it was worth and they should consider uninstalling it. Being bored and having the same thoughts about it (haven't used it in awhile) I went to Revo to uninstall and found that I couldn't. Just so you understand, it is not causing any problem or anything. Vista's been running great for me, I torture it daily but keep up with the occasional back ups and Ccleaner, scandisc and auslogix defrag. I figure its some typical permission error built into Vista to protect me from myself..lol
--tried Lava's uninstaller-Revos uninstaller-Windows uninstall programs--


----------



## jcgriff2 (Sep 30, 2007)

Hi. . .

Good news that your system is running well. Your un-install of AdAware is being blocked by it or ??. I would like to continue looking around your system. Would be nice change of pace to do so while calm waters prevail in your system rather than starting voyage on day #2 of a hurricane that blew in after BSOD.

You read the entire thread? I didn't think many got past 1st paragraph of those novel-like posts.

Please run msinfo32 and save as NFO file.
START | type msinfo32 - you'll see the NFO file ext when you got to save it.

Zip it up and attach to post - no rush.

Regards. . .

JC

.


----------



## Zappaboss (Nov 21, 2007)

Hi J.C., Attached is the sys.info you requested. I noticed under task manager that aawservice.exe runs as a process, with a name of system (not owner) ? I did a process dump but it made a 114MB file, kinda Big.
I have AutoRuns and see it there but leaving that program scan for 15 minutes at 100% cpu usage and it never seems to finish where I can save it.
I included a .txt file from Process Explore (sysinternals), a bit scrambled as a text file.....??
Yes, I read all of your post cause I can tell you know your stuff. I keep a menial toolbox of utilities but from working with PLC's and Allen Bradley Micrologix I've more or less learned Not to be a Button pusher unless I thoroughly knew what was to be the outcome..:4-thatsba


----------



## jcgriff2 (Sep 30, 2007)

Zappaboss said:


> I have AutoRuns and see it there but leaving that program scan for 15 minutes at 100% cpu usage and it never seems to finish where I can save it.


Hi. . .

That is interesting in itself. Are you running AutoRuns at an elevated admin level (right-click/ run as admin)? AutoRuns should take less than a minute to bring up, if not less. 

If no luck w/elevated level - boot into safemode & run it there.

Try the Windows Installer Cleanup utility on Adaware -

http://support.microsoft.com/kb/290301/

Look in system services for adaware - disable it for now if you can - 
START | services.msc | 2x-click on adaware service STOP, change to disable

Not a button pusher? What do you do for fun then? Nothing more relaxing than a game of "..what happens if I click on this exe file.."! My favorite. Lost last time. Re-installed Vista x64.

Regards. . .

JC

.


----------



## Zappaboss (Nov 21, 2007)

Hey J.C. 
No problem disabling ad aware service. I checked out Lavas forum and see this is a problem for many? They blame "third party programs like Ccleaner" for inadvertently deleting items that therfore corrupt the uninstaller for Ad Aware.
http://www.lavasoftsupport.com/index.php?showtopic=19003

Unless there's something wrong with my reading comprehension the instructions in the above link say to just go to c/progs/lava and delete, same with prog data folder? Why have an uninstaller anyway then? Anyway I did not delete those folders, just never uninstalled anything before that way. 
I did d/l and run Windows Installer Cleanup utility on Ad Aware and I can now see in registry that key: UNKNOWN\Installer\Products\B0B35DEDC76B4424EAA66DDFC3821DFE\SourceList\Media has disappeared. All is good, not a chance. Ad Aware still exists in Program files (as it should) and in Start menu. Also appears in add/remove programs. If I try to uninstall the program I get the attached nag screen error. Guess it makes sense. If I go to Start/programs and click to run ad aware I get..attached screenshot /lavastart error. Which I guess is correct.
So where am I now...it still exists...I can't uninstall it...I can't run it..it is disabled. If I try and run a new install from a new download exe I get a Access permission error. Maybe I should just go to prog and prog data files and delete it there per the lava instructions? Beats me?


----------



## Zappaboss (Nov 21, 2007)

Well, guess Ad Aware will just sit in limbo. 
I tried Autoruns as admin (of course) and in safe mode etc with no success. I downloaded the latest version 9.37 an voila :laugh: finally I can see a full scan. I was having my doubts about this program after a look at their forum, but it looks pretty impressive.
I also updated to the latest Ccleaner V 2.15.815 and did a scan. I noticed (screenshot) that it comes default with Memory Dumps,Chkdsk Frags,Windows Log Files -boxes check marked under Windows/System. I ran a scan and see 116mb memory dump file to be removed. Is that O.K.? It's just that I always notice that "system error memory dump files" is not checked in Windows Disc Clean Up (screenshot). 
I do clear event log files (performance) from time to time as they stack up with numerous minor information details (there's no blaming it on the dog when Vista passes gas) that make it cluttered to see whats happened -say in the last day or two. One thing, Disc Clean Up Option (screenshot). I assume I should get a couple of dvd disks and copy my "backup" before hitting the "Clear" button here???
Just a couple of other things I thought I'd bother ya with...I do appreciate your guidance. Hope ya had a great Christmas up in N.J.
Zap


----------



## jcgriff2 (Sep 30, 2007)

Hi - 

Happy New Year - and I do hope you had a good Christmas as well.

The \windows\memory.dmp file is a full kernel dump is troublesome to me - along with the entry below it - c:\windows\minidump\Mini121008-01.dmp - this is a mini kernel dump. If you have not already done so - DO NOT delete these dump files as they tell me that you have system crash settings set to produce Full Kernel Dump (which also produces the mini kernel dump) - and that you had a BSOD on December 10, 2008.

Something else is going on in your system and I would like to further investigate. Please follow THESE instructions carefully - be sure to run the batch script file at an elevated admin level - RIGHT-click, run as admin. It will gather the necessary system information that I will need to get started on the BSOD - and hopefully figure out why AdAware is being such a nuisance.

Regards. . .

JC

p.s. The SysInternals apps were primarily written by Mark Russinovich, now of Microsoft and he is one of the best in the business. SysInternals programs are available from Microsoft TechNet - last count ~ 70 of them. The link for SysInternals Suite is in my sig area - many great apps among them. 



.


----------



## Zappaboss (Nov 21, 2007)

Hi again- Attached is info. Negative on deleting the dump files, they still exist. I thought it weird that Ccleaner was default configured with those items checked. From performance monitor (screenshot) things started going south around Dec 21, seems everytime theres an update for Defender theres a explorer crash? My keyboard (old) died on Jan 1st and had to use "onscreen keyboard" to sign in to account. New keyboard is about all thats changed.I pitched a bunch of event logs a few days ago as I really haven't had any problems, this may have not been the best thing to have done. Got this emachine in July and within 2 weeks Windows Media Player lost its visualizations and equalizer controls etc. I work with alot of sound files doing multitrack recordings (cool edit) and mixes. As WMP is part of the operating system in Vista theres no repairing it, guess I could of restored right then but I use other players (winamp,sonique etc) which are better. I've installed some 80 programs and uninstalled a few along the way without any problem until Ad Aware. Other than an occasional IE7 crash, things are cool. It amazes me some of the problems people have with Vista and always read the forum as a hobby. I am curious when I see some errors regarding registry leak etc.. No emergency J.C. as I see others seem on verge of doom in some cases.

p.s. couldn't resist adding a shot of my cordless mouse


----------



## jcgriff2 (Sep 30, 2007)

jcgriff2 said:


> -
> 
> Please follow THESE instructions carefully - be sure to run the batch script file at an elevated admin level - RIGHT-click, run as admin. It will gather the necessary system information that I will need to get started on the BSOD - and hopefully figure out why AdAware is being such a nuisance.
> 
> ...



The AutoRuns file nor the PERFMON file were found in the zip file. Please re-run the above - but PLEASE make sure to run at elevated admin level (right-click, Run as Admin). Be sure to download the Live SysInternals AutoRuns 1st - very important.

Zip up the new attachemnt to your next post.



__________________________________________​
Hi - 

That is some cordless mouse you've got (RAT ?) !!!!

THUMBNAIL 



.

Perform a system restore back to < 12/21/08, assiming a restore point is available.
START | *rstrui* - 2nd or 3rd screen - check the box to show restore points older than 5 days. Maybe look for 12/19 or 12/20.

Than we can go on from there.

The dump file - bugcheck:

*0xd1 (0x1e, 0x2, 0x0, 0x8616e971)*, probable cause = ecache.sys

0xd1= DRIVER_IRQL_NOT_LESS_OR_EQUAL kernel-mode driver attempted to access pageable memory when it should not have (IRQL too high).

Don't know if this is related to ecache.sys (Ready Boost) or not - but these event repeat constantly throughout your system log:


```
Event[1944]:
  Log Name: System
  Source: RemoteAccess
  Date: 2008-12-30  T  04:32:03.000
 CoID={B047A526-77D9-49B6-8EFD-2AE2A95CDCF5}:
The connection to NetZero made by user 2sjUBeYv5:A0874DN.:[email protected] 
using device COM3 was disconnected.


Event[1943]:
  Log Name: System
  Source: Microsoft-Windows-ResourcePublication
  Date: 2008-12-30T04:32:08.257
  The service temporarily stopped publishing because of a power event.


Event[1942]:
   Date: 2008-12-30  T  04:34:30.000
  The process Explorer.EXE has initiated the power off of computer
 OWNER-PC on behalf of user Owner-PC\Owner for the following 
 reason: Other (Unplanned)
 Reason Code: 0x0
 Shutdown Type: power off

Event[1941]:
   Date: 2008-12-30T04:34:38.000
 The process C:\Windows\system32\winlogon.exe (OWNER-PC) has 
 initiated the power off of computer OWNER-PC on behalf of user
 Owner-PC\Owner for the following reason: 
No title for this reason could be found
 Reason Code: 0x500ff
 Shutdown Type: power off
```


```
Event[28]:
  Log Name: Application
  Source: Microsoft-Windows-Search
  Date: 2009-01-02T16:03:22.000
 The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS
\HISTORY\HISTORY.IE5\MSHIST012009010220090103> 
in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:	[COLOR=red]A device attached to the system is not functioning.[/COLOR]   (0x8007001f)


[B]Event[27]:
   Date: 2009-01-02T16:03:32.000
  CoId={CFDA769D-2944-4F8C-A836-475632B5295E}: 
The user Owner-PC\Owner dialed a connection named 
NetZero which has terminated. 
The reason code returned on termination is 631.
[/B]
```

Do you have any memsticks plugged into any of your USB ports? How is Net Zero plugged into your system - via phone wire?

Thanks. . .

JC
.

.

*dbug log*

```
[B]
Microsoft (R) Windows Debugger Version 6.10.0003.233 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\!!_Kernel_Dumps\Zappaboss_Vista_01-07-09\Mini121008-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008/Windows Vista SP1 Kernel Version 6001 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c0c000 PsLoadedModuleList = 0x81d23c70
Debug session time: Wed Dec 10 03:07:54.770 2008 (GMT-5)
System Uptime: 0 days 0:00:16.317
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {1e, 2, 0, 8616e971}

Probably caused by : ecache.sys ( ecache!EcCacheManagerCompleteDeviceIo+1b3 )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck;
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000001e, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8616e971, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from 81d43868
Unable to read MiSystemVaType memory at 81d23420
 0000001e 

CURRENT_IRQL:  2

FAULTING_IP: 
ecache!EcCacheManagerCompleteDeviceIo+1b3
8616e971 8a471e          mov     al,byte ptr [edi+1Eh]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  8059dcec -- (.trap 0xffffffff8059dcec)
ErrCode = 00000000
eax=84b873c0 ebx=00000004 ecx=0ad9fe00 edx=00406538 esi=85800680 edi=00000000
eip=8616e971 esp=8059dd60 ebp=8059ddc4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
ecache!EcCacheManagerCompleteDeviceIo+0x1b3:
8616e971 8a471e          mov     al,byte ptr [edi+1Eh]      ds:0023:0000001e=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8616e971 to 81c66d24

STACK_TEXT:  
8059dcec 8616e971 badb0d00 00406538 81cf99a9 nt!KiTrap0E+0x2ac
8059ddc4 8616f154 8617d500 85772ca8 b3fc0000 ecache!EcCacheManagerCompleteDeviceIo+0x1b3
8059de34 81c4610c 8510a690 84b873c0 0041d0f8 ecache!EcDispatchReadWriteCompletion+0x48e
8059de68 861a3773 8059de9c 861a3d4d 84a84200 nt!IopfCompleteRequest+0x11d
8059de70 861a3d4d 84a84200 84b873c0 00000001 CLASSPNP!ClassCompleteRequest+0x11
8059de9c 81c4610c 00000000 85695390 00695570 CLASSPNP!TransferPktComplete+0x2b6
8059ded4 823c42d7 8569561c 85693008 8059df04 nt!IopfCompleteRequest+0x11d
8059dee4 823c4cc6 83b5dc58 85695390 8569561c ataport!IdeCompleteScsiIrp+0x31
8059df04 823c1fb2 83b5dc58 00000000 8059df34 ataport!IdeCommonCrbCompletion+0x44
8059df14 823c6e6f 83b560e0 85693008 85693008 ataport!IdeTranslateCompletedRequest+0x26
8059df34 823c70a9 83b560e0 85693008 81d04920 ataport!IdeProcessCompletedRequests+0x121
8059df88 81cc2450 83b5609c 83b56028 00000000 ataport!IdePortCompletionDpc+0xab
8059dff4 81cc0935 a11662e0 00000000 00000000 nt!KiRetireDpcList+0x147
8059dff8 a11662e0 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45
WARNING: Frame IP not in any known module. Following frames may be wrong.
81cc0935 00000000 0000001b 00c7850f bb830000 0xa11662e0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
ecache!EcCacheManagerCompleteDeviceIo+1b3
8616e971 8a471e          mov     al,byte ptr [edi+1Eh]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  ecache!EcCacheManagerCompleteDeviceIo+1b3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ecache

IMAGE_NAME:  ecache.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  47918fb7

FAILURE_BUCKET_ID:  0xD1_ecache!EcCacheManagerCompleteDeviceIo+1b3

BUCKET_ID:  0xD1_ecache!EcCacheManagerCompleteDeviceIo+1b3

Followup: MachineOwner
---------

eax=81d04920 ebx=00000002 ecx=81d0c1f8 edx=00000001 esi=81d0493c edi=8059d960
eip=81c66d24 esp=8059dcd4 ebp=8059dcec iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
nt!KiTrap0E+0x2ac:
81c66d24 833d64acd38100  cmp     dword ptr [nt!KiFreezeFlag (81d3ac64)],0 ds:0023:81d3ac64=????????
ChildEBP RetAddr  Args to Child              
8059dcec 8616e971 badb0d00 00406538 81cf99a9 nt!KiTrap0E+0x2ac (FPO: [0,0] TrapFrame @ 8059dcec)
8059ddc4 8616f154 8617d500 85772ca8 b3fc0000 ecache!EcCacheManagerCompleteDeviceIo+0x1b3 (FPO: [6,22,4])
8059de34 81c4610c 8510a690 84b873c0 0041d0f8 ecache!EcDispatchReadWriteCompletion+0x48e (FPO: [3,17,4])
8059de68 861a3773 8059de9c 861a3d4d 84a84200 nt!IopfCompleteRequest+0x11d
8059de70 861a3d4d 84a84200 84b873c0 00000001 CLASSPNP!ClassCompleteRequest+0x11 (FPO: [3,0,0])
8059de9c 81c4610c 00000000 85695390 00695570 CLASSPNP!TransferPktComplete+0x2b6 (FPO: [3,3,4])
8059ded4 823c42d7 8569561c 85693008 8059df04 nt!IopfCompleteRequest+0x11d
8059dee4 823c4cc6 83b5dc58 85695390 8569561c ataport!IdeCompleteScsiIrp+0x31 (FPO: [3,0,0])
8059df04 823c1fb2 83b5dc58 00000000 8059df34 ataport!IdeCommonCrbCompletion+0x44 (FPO: [1,0,4])
8059df14 823c6e6f 83b560e0 85693008 85693008 ataport!IdeTranslateCompletedRequest+0x26 (FPO: [2,0,4])
8059df34 823c70a9 83b560e0 85693008 81d04920 ataport!IdeProcessCompletedRequests+0x121 (FPO: [2,2,0])
8059df88 81cc2450 83b5609c 83b56028 00000000 ataport!IdePortCompletionDpc+0xab (FPO: [4,15,0])
8059dff4 81cc0935 a11662e0 00000000 00000000 nt!KiRetireDpcList+0x147
8059dff8 a11662e0 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45 (FPO: [Uses EBP] [0,0,1])
WARNING: Frame IP not in any known module. Following frames may be wrong.
81cc0935 00000000 0000001b 00c7850f bb830000 0xa11662e0
start    end        module name
8060f000 80617000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
80617000 80677000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
80677000 80688000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
80688000 80690000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
80690000 806d1000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
806d1000 807b1000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
807b1000 807e3000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
81c0c000 81fc5000   nt       ntkrpamp.exe Wed Sep 17 22:07:54 2008 (48D1B7FA)
81fc5000 81ff8000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
8220f000 8228b000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
8228b000 82298000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
82298000 822de000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
822de000 822e7000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)
822e7000 822ef000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
822ef000 82316000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
82316000 82325000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
82325000 82327900   compbatt compbatt.sys Sat Jan 19 00:32:47 2008 (47918B7F)
82328000 82332000   BATTC    BATTC.SYS    Sat Jan 19 00:32:45 2008 (47918B7D)
82332000 82341000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
82341000 8238b000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
8238b000 82392000   intelide intelide.sys Thu Nov 02 04:51:35 2006 (4549B197)
82392000 823a0000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
823a0000 823a7000   pciide   pciide.sys   Sat Jan 19 00:49:42 2008 (47918F76)
823a7000 823b7000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
823b7000 823bf000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
823bf000 823dd000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
823dd000 823ed000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
823ed000 823f8080   PxHelp20 PxHelp20.sys Thu Nov 03 13:56:40 2005 (436A4F58)
8280a000 8287b000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
8287b000 82986000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
82986000 829b1000   msrpc    msrpc.sys    Sat Jan 19 00:48:15 2008 (47918F1F)
829b1000 829eb000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
82a01000 82ae8000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
82ae8000 82b03000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
82b03000 82b12000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
82b12000 82b5e000   HSXHWBS2 HSXHWBS2.sys Wed Jun 20 14:28:36 2007 (467971D4)
82b5e000 82b76000   parport  parport.sys  Sat Jan 19 00:49:32 2008 (47918F6C)
82b76000 82b89000   i8042prt i8042prt.sys Sat Jan 19 00:49:17 2008 (47918F5D)
82b89000 82b94000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
82b94000 82b9f000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
82b9f000 82bb7000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
82bb7000 82be5000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
86004000 86113000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
86113000 8614c000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
8614c000 86154000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
86154000 86155480   speedfan speedfan.sys Sun Sep 24 09:28:47 2006 (4516880F)
86156000 86165000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
86165000 86165680   giveio   giveio.sys   Wed Apr 03 22:33:25 1996 (316334F5)
86166000 8618d000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
8618d000 8619e000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
8619e000 861bf000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
861bf000 861c8000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
861e8000 861f3000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
861f3000 861fc000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
89603000 89cbe000   igdkmd32 igdkmd32.sys Mon Feb 11 14:36:07 2008 (47B0A3A7)
89cbe000 89d5d000   dxgkrnl  dxgkrnl.sys  Fri Aug 01 21:01:19 2008 (4893B1DF)
89d5d000 89d6a000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
89d6a000 89d7c000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
89d7c000 89d87000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
89d87000 89dc5000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
89dc5000 89dd4000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
89dd4000 89dfe000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8a004000 8a107000   HSX_DPV  HSX_DPV.sys  Wed Jun 20 14:29:51 2007 (4679721F)
8a107000 8a1bc000   HSX_CNXT HSX_CNXT.sys Wed Jun 20 14:28:20 2007 (467971C4)
8a1bc000 8a1c9000   modem    modem.sys    Sat Jan 19 00:57:16 2008 (4791913C)
8a1c9000 8a1da000   Rtnicxp  Rtnicxp.sys  Mon Mar 31 01:41:05 2008 (47F07971)
8a1da000 8a1f4000   serial   serial.sys   Sat Jan 19 00:49:34 2008 (47918F6E)
8a1f4000 8a1fe000   serenum  serenum.sys  Sat Jan 19 00:49:29 2008 (47918F69)
8a406000 8a447000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8a447000 8a452000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8a452000 8a469000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8a469000 8a474000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8a474000 8a497000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8a497000 8a4a6000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8a4a6000 8a4ba000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8a4ba000 8a4cf000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8a4cf000 8a4df000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
8a4df000 8a4e0380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
8a4e1000 8a4eb000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
8a4eb000 8a4f8000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
8a4f8000 8a52c000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
8a52c000 8a53d000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8a53d000 8a562000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8a562000 8a56e000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8a56e000 8a58f000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
8a58f000 8a597000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8a597000 8a5a2000   Msfs     Msfs.SYS     Sat Jan 19 00:28:08 2008 (47918A68)
8a5a2000 8a5b0000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8a5b0000 8a5b9000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8a5b9000 8a5cf000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8a5cf000 8a5e3000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
8a800000 8a808000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8a808000 8a9b6bc0   RTKVHDA  RTKVHDA.sys  Mon Apr 23 06:13:11 2007 (462C86B7)
8a9b7000 8a9e4000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
8a9e4000 8a9ed000   Fs_Rec   Fs_Rec.SYS   Sat Jan 19 00:27:57 2008 (47918A5D)
8a9ed000 8a9f4000   Null     Null.SYS     Sat Jan 19 00:49:12 2008 (47918F58)
8a9f4000 8a9fb000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
8aa02000 8aa4a000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
8aa4a000 8aa7c000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
8aa7c000 8aa92000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
8aa92000 8aaa0000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8aaa0000 8aab3000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8aab3000 8aaef000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8aaef000 8aaf9000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
8aaf9000 8ab10000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8ab10000 8ab14ec0   avgmfx86 avgmfx86.sys Thu Jun 26 11:19:13 2008 (4863B371)
8ab15000 8ab2b480   avgldx86 avgldx86.sys Mon Jul 14 14:46:33 2008 (487B9F09)
8ab2c000 8ab39000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
8ab39000 8ab44000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
8ab44000 8ab4c000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
8ab4c000 8ab56000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
8ab56000 8ab65000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
90630000 90832000   win32k   win32k.sys   Wed Sep 17 22:16:15 2008 (48D1B9EF)
90850000 90859000   TSDDD    TSDDD.dll    unavailable (00000000)
90870000 9087e000   cdd      cdd.dll      Fri Aug 01 23:26:17 2008 (4893D3D9)

Unloaded modules:
861c8000 861d5000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
861d5000 861e0000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
861e0000 861e8000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
start    end        module name
82298000 822de000   acpi     acpi.sys     Sat Jan 19 00:32:48 2008 (47918B80)
8aa02000 8aa4a000   afd      afd.sys      Sat Jan 19 00:57:00 2008 (4791912C)
823b7000 823bf000   atapi    atapi.sys    Sat Jan 19 00:49:40 2008 (47918F74)
823bf000 823dd000   ataport  ataport.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8ab15000 8ab2b480   avgldx86 avgldx86.sys Mon Jul 14 14:46:33 2008 (487B9F09)
8ab10000 8ab14ec0   avgmfx86 avgmfx86.sys Thu Jun 26 11:19:13 2008 (4863B371)
82328000 82332000   BATTC    BATTC.SYS    Sat Jan 19 00:32:45 2008 (47918B7D)
8a9f4000 8a9fb000   Beep     Beep.SYS     Sat Jan 19 00:49:10 2008 (47918F56)
80688000 80690000   BOOTVID  BOOTVID.dll  Sat Jan 19 02:27:15 2008 (4791A653)
90870000 9087e000   cdd      cdd.dll      Fri Aug 01 23:26:17 2008 (4893D3D9)
82b9f000 82bb7000   cdrom    cdrom.sys    Sat Jan 19 00:49:50 2008 (47918F7E)
806d1000 807b1000   CI       CI.dll       Fri Feb 22 00:00:56 2008 (47BE5708)
8619e000 861bf000   CLASSPNP CLASSPNP.SYS Sat Jan 19 00:49:36 2008 (47918F70)
80690000 806d1000   CLFS     CLFS.SYS     Sat Jan 19 00:28:01 2008 (47918A61)
82325000 82327900   compbatt compbatt.sys Sat Jan 19 00:32:47 2008 (47918B7F)
8ab2c000 8ab39000   crashdmp crashdmp.sys Sat Jan 19 00:49:43 2008 (47918F77)
861bf000 861c8000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8aaf9000 8ab10000   dfsc     dfsc.sys     Sat Jan 19 00:28:20 2008 (47918A74)
8618d000 8619e000   disk     disk.sys     Sat Jan 19 00:49:47 2008 (47918F7B)
8a53d000 8a562000   drmk     drmk.sys     Sat Jan 19 01:53:02 2008 (47919E4E)
8ab44000 8ab4c000   dump_atapi dump_atapi.sys Sat Jan 19 00:49:40 2008 (47918F74)
8ab39000 8ab44000   dump_dumpata dump_dumpata.sys Sat Jan 19 00:49:40 2008 (47918F74)
8ab4c000 8ab56000   Dxapi    Dxapi.sys    Sat Jan 19 00:36:12 2008 (47918C4C)
89cbe000 89d5d000   dxgkrnl  dxgkrnl.sys  Fri Aug 01 21:01:19 2008 (4893B1DF)
86166000 8618d000   ecache   ecache.sys   Sat Jan 19 00:50:47 2008 (47918FB7)
823dd000 823ed000   fileinfo fileinfo.sys Sat Jan 19 00:34:27 2008 (47918BE3)
807b1000 807e3000   fltmgr   fltmgr.sys   Sat Jan 19 00:28:10 2008 (47918A6A)
8a9e4000 8a9ed000   Fs_Rec   Fs_Rec.SYS   Sat Jan 19 00:27:57 2008 (47918A5D)
82ae8000 82b03000   fwpkclnt fwpkclnt.sys Sat Jan 19 00:55:44 2008 (479190E0)
86165000 86165680   giveio   giveio.sys   Wed Apr 03 22:33:25 1996 (316334F5)
81fc5000 81ff8000   hal      halmacpi.dll Sat Jan 19 00:27:20 2008 (47918A38)
89d6a000 89d7c000   HDAudBus HDAudBus.sys Tue Nov 27 18:18:41 2007 (474CA5D1)
8a107000 8a1bc000   HSX_CNXT HSX_CNXT.sys Wed Jun 20 14:28:20 2007 (467971C4)
8a004000 8a107000   HSX_DPV  HSX_DPV.sys  Wed Jun 20 14:29:51 2007 (4679721F)
82b12000 82b5e000   HSXHWBS2 HSXHWBS2.sys Wed Jun 20 14:28:36 2007 (467971D4)
82b76000 82b89000   i8042prt i8042prt.sys Sat Jan 19 00:49:17 2008 (47918F5D)
89603000 89cbe000   igdkmd32 igdkmd32.sys Mon Feb 11 14:36:07 2008 (47B0A3A7)
8238b000 82392000   intelide intelide.sys Thu Nov 02 04:51:35 2006 (4549B197)
82b03000 82b12000   intelppm intelppm.sys Sat Jan 19 00:27:20 2008 (47918A38)
82b94000 82b9f000   kbdclass kbdclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
8060f000 80617000   kdcom    kdcom.dll    Sat Jan 19 02:31:53 2008 (4791A769)
89dd4000 89dfe000   ks       ks.sys       Sat Jan 19 00:49:21 2008 (47918F61)
8280a000 8287b000   ksecdd   ksecdd.sys   Sat Jan 19 00:41:20 2008 (47918D80)
80617000 80677000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Jan 19 02:29:43 2008 (4791A6E7)
8a1bc000 8a1c9000   modem    modem.sys    Sat Jan 19 00:57:16 2008 (4791913C)
8ab56000 8ab65000   monitor  monitor.sys  Sat Jan 19 00:52:19 2008 (47919013)
82b89000 82b94000   mouclass mouclass.sys Sat Jan 19 00:49:14 2008 (47918F5A)
823a7000 823b7000   mountmgr mountmgr.sys Sat Jan 19 00:49:13 2008 (47918F59)
8a597000 8a5a2000   Msfs     Msfs.SYS     Sat Jan 19 00:28:08 2008 (47918A68)
822e7000 822ef000   msisadrv msisadrv.sys Sat Jan 19 00:32:51 2008 (47918B83)
82bb7000 82be5000   msiscsi  msiscsi.sys  Sat Jan 19 00:50:44 2008 (47918FB4)
82986000 829b1000   msrpc    msrpc.sys    Sat Jan 19 00:48:15 2008 (47918F1F)
8a4e1000 8a4eb000   mssmbios mssmbios.sys Sat Jan 19 00:32:55 2008 (47918B87)
86156000 86165000   mup      mup.sys      Sat Jan 19 00:28:20 2008 (47918A74)
8287b000 82986000   ndis     ndis.sys     Sat Jan 19 00:55:51 2008 (479190E7)
8a469000 8a474000   ndistapi ndistapi.sys Sat Jan 19 00:56:24 2008 (47919108)
8a474000 8a497000   ndiswan  ndiswan.sys  Sat Jan 19 00:56:32 2008 (47919110)
8a52c000 8a53d000   NDProxy  NDProxy.SYS  Sat Jan 19 00:56:28 2008 (4791910C)
8aa92000 8aaa0000   netbios  netbios.sys  Sat Jan 19 00:55:45 2008 (479190E1)
8aa4a000 8aa7c000   netbt    netbt.sys    Sat Jan 19 00:55:33 2008 (479190D5)
829b1000 829eb000   NETIO    NETIO.SYS    Sat Jan 19 00:56:19 2008 (47919103)
8a5a2000 8a5b0000   Npfs     Npfs.SYS     Sat Jan 19 00:28:09 2008 (47918A69)
8aaef000 8aaf9000   nsiproxy nsiproxy.sys Sat Jan 19 00:55:50 2008 (479190E6)
81c0c000 81fc5000   nt       ntkrpamp.exe Wed Sep 17 22:07:54 2008 (48D1B7FA)
86004000 86113000   Ntfs     Ntfs.sys     Sat Jan 19 00:28:54 2008 (47918A96)
8a9ed000 8a9f4000   Null     Null.SYS     Sat Jan 19 00:49:12 2008 (47918F58)
8aa7c000 8aa92000   pacer    pacer.sys    Fri Apr 04 21:21:42 2008 (47F6D426)
82b5e000 82b76000   parport  parport.sys  Sat Jan 19 00:49:32 2008 (47918F6C)
82316000 82325000   partmgr  partmgr.sys  Sat Jan 19 00:49:54 2008 (47918F82)
822ef000 82316000   pci      pci.sys      Sat Jan 19 00:32:57 2008 (47918B89)
823a0000 823a7000   pciide   pciide.sys   Sat Jan 19 00:49:42 2008 (47918F76)
82392000 823a0000   PCIIDEX  PCIIDEX.SYS  Sat Jan 19 00:49:40 2008 (47918F74)
8a9b7000 8a9e4000   portcls  portcls.sys  Sat Jan 19 00:53:17 2008 (4791904D)
80677000 80688000   PSHED    PSHED.dll    Sat Jan 19 02:31:21 2008 (4791A749)
823ed000 823f8080   PxHelp20 PxHelp20.sys Thu Nov 03 13:56:40 2005 (436A4F58)
8a5b0000 8a5b9000   rasacd   rasacd.sys   Sat Jan 19 00:56:31 2008 (4791910F)
8a452000 8a469000   rasl2tp  rasl2tp.sys  Sat Jan 19 00:56:33 2008 (47919111)
8a497000 8a4a6000   raspppoe raspppoe.sys Sat Jan 19 00:56:33 2008 (47919111)
8a4a6000 8a4ba000   raspptp  raspptp.sys  Sat Jan 19 00:56:34 2008 (47919112)
8a4ba000 8a4cf000   rassstp  rassstp.sys  Sat Jan 19 00:56:43 2008 (4791911B)
8aab3000 8aaef000   rdbss    rdbss.sys    Sat Jan 19 00:28:34 2008 (47918A82)
8a800000 8a808000   RDPCDD   RDPCDD.sys   Sat Jan 19 01:01:08 2008 (47919224)
8a58f000 8a597000   rdpencdd rdpencdd.sys Sat Jan 19 01:01:09 2008 (47919225)
8a808000 8a9b6bc0   RTKVHDA  RTKVHDA.sys  Mon Apr 23 06:13:11 2007 (462C86B7)
8a1c9000 8a1da000   Rtnicxp  Rtnicxp.sys  Mon Mar 31 01:41:05 2008 (47F07971)
8a1f4000 8a1fe000   serenum  serenum.sys  Sat Jan 19 00:49:29 2008 (47918F69)
8a1da000 8a1f4000   serial   serial.sys   Sat Jan 19 00:49:34 2008 (47918F6E)
8a5cf000 8a5e3000   smb      smb.sys      Sat Jan 19 00:55:27 2008 (479190CF)
86154000 86155480   speedfan speedfan.sys Sun Sep 24 09:28:47 2006 (4516880F)
8614c000 86154000   spldr    spldr.sys    Thu Jun 21 20:29:17 2007 (467B17DD)
8a406000 8a447000   storport storport.sys Sat Jan 19 00:49:49 2008 (47918F7D)
8a4df000 8a4e0380   swenum   swenum.sys   Sat Jan 19 00:49:20 2008 (47918F60)
82a01000 82ae8000   tcpip    tcpip.sys    Sat Apr 26 02:00:17 2008 (4812C4F1)
8a447000 8a452000   TDI      TDI.SYS      Sat Jan 19 00:57:10 2008 (47919136)
8a5b9000 8a5cf000   tdx      tdx.sys      Sat Jan 19 00:55:58 2008 (479190EE)
8a4cf000 8a4df000   termdd   termdd.sys   Sat Jan 19 01:01:06 2008 (47919222)
90850000 90859000   TSDDD    TSDDD.dll    unavailable (00000000)
861f3000 861fc000   tunmp    tunmp.sys    Sat Jan 19 00:55:40 2008 (479190DC)
861e8000 861f3000   tunnel   tunnel.sys   Sat Jan 19 00:55:50 2008 (479190E6)
8a4eb000 8a4f8000   umbus    umbus.sys    Sat Jan 19 00:53:40 2008 (47919064)
89dc5000 89dd4000   usbehci  usbehci.sys  Sat Jan 19 00:53:21 2008 (47919051)
8a4f8000 8a52c000   usbhub   usbhub.sys   Sat Jan 19 00:53:40 2008 (47919064)
89d87000 89dc5000   USBPORT  USBPORT.SYS  Sat Jan 19 00:53:23 2008 (47919053)
89d7c000 89d87000   usbuhci  usbuhci.sys  Sat Jan 19 00:53:20 2008 (47919050)
8a562000 8a56e000   vga      vga.sys      Sat Jan 19 00:52:06 2008 (47919006)
8a56e000 8a58f000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 00:52:10 2008 (4791900A)
82332000 82341000   volmgr   volmgr.sys   Sat Jan 19 00:49:51 2008 (47918F7F)
82341000 8238b000   volmgrx  volmgrx.sys  Sat Jan 19 00:50:00 2008 (47918F88)
86113000 8614c000   volsnap  volsnap.sys  Sat Jan 19 00:50:10 2008 (47918F92)
8aaa0000 8aab3000   wanarp   wanarp.sys   Sat Jan 19 00:56:31 2008 (4791910F)
89d5d000 89d6a000   watchdog watchdog.sys Sat Jan 19 00:35:29 2008 (47918C21)
8220f000 8228b000   Wdf01000 Wdf01000.sys Sat Jan 19 00:52:21 2008 (47919015)
8228b000 82298000   WDFLDR   WDFLDR.SYS   Sat Jan 19 00:52:19 2008 (47919013)
90630000 90832000   win32k   win32k.sys   Wed Sep 17 22:16:15 2008 (48D1B9EF)
822de000 822e7000   WMILIB   WMILIB.SYS   Sat Jan 19 00:53:08 2008 (47919044)

Unloaded modules:
861c8000 861d5000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
861d5000 861e0000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
861e0000 861e8000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
Bugcheck code 000000D1
Arguments 0000001e 00000002 00000000 8616e971
kd> lmvm ecache
start    end        module name
86166000 8618d000   ecache     (pdb symbols)          c:\symbols\ecache.pdb\9435C63CF684452B8E175ECD6EBEEB501\ecache.pdb
    Loaded symbol image file: ecache.sys
    Mapped memory image file: c:\symbols\ecache.sys\47918FB727000\ecache.sys
    Image path: \SystemRoot\System32\drivers\ecache.sys
    Image name: ecache.sys
    Timestamp:        Sat Jan 19 00:50:47 2008 (47918FB7)
    CheckSum:         0002BF07
    ImageSize:        00027000
    File version:     6.0.6001.18000
    Product version:  6.0.6001.18000
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0000.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ecache.sys
    OriginalFilename: ecache.sys
    ProductVersion:   6.0.6001.18000
    FileVersion:      6.0.6001.18000 (longhorn_rtm.080118-1840)
    FileDescription:  Special Memory Device Cache
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
[/B]
```
.


----------



## Zappaboss (Nov 21, 2007)

Hi again, Ran the batch file again as admin (same as before?), file it returned is 1mb bigger now.? I assume the batch file runs autoruns automatically? I enclosed in zip an autoruns.txt and autoruns.arn file anyway. Also Perfmon file in html.
Did NOT do a restore point as requested as I have to look at data I would lose from 12/19 till now.
The dump file bugcheckon't know if this is related to ecache.sys (Ready Boost) or not - but these event repeat constantly throughout your system log:


Code:
Event[1944]:
Log Name: System
Source: RemoteAccess
Date: 2008-12-30 T 04:32:03.000
CoID={B047A526-77D9-49B6-8EFD-2AE2A95CDCF5}:
The connection to NetZero made by user 2sjUBeYv5:A0874DN.:[email protected] 
using device COM3 was disconnected.


Event[1943]:
Log Name: System
Source: Microsoft-Windows-ResourcePublication
Date: 2008-12-30T04:32:08.257
The service temporarily stopped publishing because of a power event.


Event[1942]:
Date: 2008-12-30 T 04:34:30.000
The process Explorer.EXE has initiated the power off of computer
OWNER-PC on behalf of user Owner-PC\Owner for the following 
reason: Other (Unplanned)
Reason Code: 0x0
Shutdown Type: power off

Event[1941]:
Date: 2008-12-30T04:34:38.000
The process C:\Windows\system32\winlogon.exe (OWNER-PC) has 
initiated the power off of computer OWNER-PC on behalf of user
Owner-PC\Owner for the following reason: 
No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: power off
Was playing a game and was inadvertantly online, as I remember there was a freeze and had to reboot-Never happened before. Normally I would never be connected to the internet while playing a game. I have a dial-up connection.

-----------------------------------------------------------------------
Code:
Event[28]:
Log Name: Application
Source: Microsoft-Windows-Search
Date: 2009-01-02T16:03:22.000
The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS
\HISTORY\HISTORY.IE5\MSHIST012009010220090103> 
in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:	A device attached to the system is not functioning. (0x8007001f)


Event[27]:
Date: 2009-01-02T16:03:32.000
CoId={CFDA769D-2944-4F8C-A836-475632B5295E}: 
The user Owner-PC\Owner dialed a connection named 
NetZero which has terminated. 
The reason code returned on termination is 631.

Do you have any memsticks plugged into any of your USB ports? How is Net Zero plugged into your system - via phone wire?
This is when I went to log on but could not,as keyboard had died. The following event 27 was a NetZero fault of its own.
----------------------------------------------------------------------
The rest of it I see shows Dec 10 (when I tried initally to uninstall Ad Aware?) I of course do not understand exactly what you see here. I might reinterate I got this computer July 21st 2008, from a computer shop, I am sure drive was wiped and at ground zero. Vista Basic reloaded? Beats me. Did they just uninstall previous owners files or reload Windows? Ad Aware was never uninstalled,as short of going to program files and deleting it would be the only way. In performance monitor ie. epong.exe failure or sonique.exe failure are simple junk program faults. I do wonder why iexplorer seems to fail everytime windows defender updates (or is that just it showing refreshed? stopped and restarted?).

I am not trying to "explain away" my problem but on Dec 10 when I went to uninstall Ad Aware which would have been "running as a service" and using Revo uninstaller-wouldn't I have "of course" thrown an error as Ad Aware would have been "in use" at the time?

The only thing plugged into usb port is cable for digital camera (no camera attached to it)
NetZero is just phone line connected to dial-up modem (poor guy!)

That's no RAT its my pet Opossum, one of 3


----------



## Zappaboss (Nov 21, 2007)

They uploaded but never appeared?
2nd try.


----------



## Dan76963 (Apr 5, 2009)

I have tried to uninstall Lavasoft ad-ware through add remove programs but it will not allow me to do it there. It doesn't even show publisher or file info. Then I attempted to manually uninstall following other instruction. Like finding the unwise file says it can't find it no luck. Tried just deleting the lavasoft folder won't allow that either. What am I doing wrong?


----------

