Scott Thompson
asked on
Stop 0x0000008e after infection removal
I had a computer with an infection recently, so I have ran several scans on the computer. I have used
Malwarebytes Anti-Malware
SUPERAntiSpyware
Combofix (I found out after reading this site, I shouldn't have ran it already)
Now, I get a BSOD 0x0000008e in normal mode after about a minute or so. Safe mode is fine.
I have the DDS log, however Gmer BSOD's when attempting to scan. Both logs are in 100.zip.
I hope there is something we can do, as I do not want to reload it. Thank you in advance.
If you need anything else, let me know.
Just to update, the computer has been running in safe mode for 2 days now, so whatever is causing the issue only happens in normal mode. My thought would be an infection attached to a driver, but I don't know how to track it down...
100.zip
Malwarebytes Anti-Malware
SUPERAntiSpyware
Combofix (I found out after reading this site, I shouldn't have ran it already)
Now, I get a BSOD 0x0000008e in normal mode after about a minute or so. Safe mode is fine.
I have the DDS log, however Gmer BSOD's when attempting to scan. Both logs are in 100.zip.
I hope there is something we can do, as I do not want to reload it. Thank you in advance.
If you need anything else, let me know.
Just to update, the computer has been running in safe mode for 2 days now, so whatever is causing the issue only happens in normal mode. My thought would be an infection attached to a driver, but I don't know how to track it down...
100.zip
Stop 08E is nearly always caused by a driver. One of your drivers may have been affected by the cleaning process.
Since you have a BSOD, minidumps should have been created (provided settings are default). Look in the C:\windows\minidump folder and attach the 2 most recent minidump (*.dmp) files to a comment -- date is included in file name. Analysis of the dump file should allow us to pinpoint the faulting driver.
Since you have a BSOD, minidumps should have been created (provided settings are default). Look in the C:\windows\minidump folder and attach the 2 most recent minidump (*.dmp) files to a comment -- date is included in file name. Analysis of the dump file should allow us to pinpoint the faulting driver.
ASKER
I will attach the memory dumps, however it does not create one from the issue I'm having. I have installed Bluescreenview on the computer, and the last BSOD minidump is from 3/20/2011.
I haven't seen anything running in the background, but I will download Process Explorer and see if I can find anything sticking out.
Mini032011-09.dmp
Mini032011-08.dmp
I haven't seen anything running in the background, but I will download Process Explorer and see if I can find anything sticking out.
Mini032011-09.dmp
Mini032011-08.dmp
You're correct -- those old dumps are not relevant.
Ensure that minidump file creation is enabled:
Click Start, point to Settings, and then click Control Panel.
Double-click System.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
Ensure that minidump file creation is enabled:
Click Start, point to Settings, and then click Control Panel.
Double-click System.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
ASKER
I made sure Small Memory dump was selected and booted the computer into normal mode. It did BSOD and restart several times. However, it still did not create another dump file. I checked the setting again in Safe Mode, and it has changed back to Kernel Memory Dump.
Are there any recent full kernel dumps? Are there any restore points?
I had a Vista PC in the shop several months ago with similar symptoms. It bluescreened immediately in normal mode but ran in safe mode. Could not get minidump settings to hold and although it supposedly created kernel dumps, there were none. Also no restore points. I tried booting into VGA mode without success, so it probably wasn't the video driver. Wound up backing up files and restoring factory image if I remember correctly. It was that way when I received it and don't know if any malware was removed.
You can try booting into VGA Only mode as well to see if that helps.
I had a Vista PC in the shop several months ago with similar symptoms. It bluescreened immediately in normal mode but ran in safe mode. Could not get minidump settings to hold and although it supposedly created kernel dumps, there were none. Also no restore points. I tried booting into VGA mode without success, so it probably wasn't the video driver. Wound up backing up files and restoring factory image if I remember correctly. It was that way when I received it and don't know if any malware was removed.
You can try booting into VGA Only mode as well to see if that helps.
ASKER
There is no restore points (I have checked already), and I don't see any full kernel dumps. I will try to boot into VGA mode (though I think that didn't work either). I'll keep on the look out for repsonses! :)
Looks like the same situation I encountered. I'm fairly knowledgeable and don't give up easily, but that one got the better of me. Not much one can do with drivers in safe mode, especially when the culprit is unknown.
I have a copy of MS DaRT 6.0 (ERD Commander for Vista) and it didn't provide any help either.
I have a copy of MS DaRT 6.0 (ERD Commander for Vista) and it didn't provide any help either.
ASKER
Another thing to mention is EVERY TIME I load windows, System Properties opens. Also, I think the MSCONFIG keeps resetting itself. VGA Mode did not solve the problem. It still BSODed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Dump logs in code box.
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MGN7I3YC\Mini032011-09[1].dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.17021.x86fre.vista_gdr.100218-0019
Machine Name:
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sun Mar 20 22:30:57.055 2011 (GMT-4)
System Uptime: 0 days 6:01:10.867
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {c0000005, 81c6016e, 879ab794, 879ab490}
Probably caused by : ntkrpamp.exe ( nt!RtlImageNtHeaderEx+45 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81c6016e, The address that the exception occurred at
Arg3: 879ab794, Exception Record Address
Arg4: 879ab490, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!RtlImageNtHeaderEx+45
81c6016e 66813a4d5a cmp word ptr [edx],5A4Dh
EXCEPTION_RECORD: 879ab794 -- (.exr 0xffffffff879ab794)
ExceptionAddress: 81c6016e (nt!RtlImageNtHeaderEx+0x00000045)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 7ffa0000
Attempt to read from address 7ffa0000
CONTEXT: 879ab490 -- (.cxr 0xffffffff879ab490)
eax=00000000 ebx=8543b188 ecx=00000000 edx=7ffa0000 esi=00000000 edi=879ab870
eip=81c6016e esp=879ab85c ebp=879ab85c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!RtlImageNtHeaderEx+0x45:
81c6016e 66813a4d5a cmp word ptr [edx],5A4Dh ds:0023:7ffa0000=????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WLIDSVC.EXE
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 7ffa0000
READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
7ffa0000
FOLLOWUP_IP:
nt!RtlImageNtHeaderEx+45
81c6016e 66813a4d5a cmp word ptr [edx],5A4Dh
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 81c601f9 to 81c6016e
STACK_TEXT:
879ab85c 81c601f9 00000000 00000000 8543e0d0 nt!RtlImageNtHeaderEx+0x45
879ab8f4 81e4ff6c 800015e4 879ab9e8 00000000 nt!RtlImageNtHeader+0x1a
879abb24 81ceb263 97239000 83871034 00000000 nt!SePrivilegeCheck+0x33
879abd44 81c78fc0 800015e4 00000000 838c2ad0 nt!MiFreePoolPages+0x82a
879abd7c 81e25704 9c6bfad8 879a0680 00000000 nt!ExpWorkerThread+0xfd
879abdc0 81c9162e 81c78ec3 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!RtlImageNtHeaderEx+45
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4b7d25c9
STACK_COMMAND: .cxr 0xffffffff879ab490 ; kb
FAILURE_BUCKET_ID: 0x7E_nt!RtlImageNtHeaderEx+45
BUCKET_ID: 0x7E_nt!RtlImageNtHeaderEx+45
Followup: MachineOwner
---------
1: kd> k
ChildEBP RetAddr
879ab85c 81c601f9 nt!RtlImageNtHeaderEx+0x45
879ab8f4 81e4ff6c nt!RtlImageNtHeader+0x1a
879abb24 81ceb263 nt!SePrivilegeCheck+0x33
879abd44 81c78fc0 nt!MiFreePoolPages+0x82a
879abd7c 81e25704 nt!ExpWorkerThread+0xfd
879abdc0 81c9162e nt!PspSystemThreadStartup+0x9d
00000000 00000000 nt!KiThreadStartup+0x16
1: kd> lmnt
start end module name
80201000 80203900 compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
80204000 8027f000 Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
8027f000 802ba000 CLFS CLFS.SYS Wed Dec 05 20:55:42 2007 (4757569E)
802ba000 802c2000 BOOTVID BOOTVID.dll Thu Nov 02 05:39:29 2006 (4549BCD1)
802c2000 802cb000 PSHED PSHED.dll Thu Nov 02 05:42:51 2006 (4549BD9B)
80401000 8040ab00 o2media o2media.sys Mon Apr 02 22:04:27 2007 (4611B62B)
8040b000 80429000 ataport ataport.SYS Fri Jan 18 22:01:56 2008 (47916824)
80429000 80431000 atapi atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
80431000 8043f000 PCIIDEX PCIIDEX.SYS Fri Jan 18 22:01:56 2008 (47916824)
8043f000 80446000 pciide pciide.sys Fri Jan 18 22:01:57 2008 (47916825)
80446000 80470000 pcmcia pcmcia.sys Thu Nov 02 04:35:13 2006 (4549ADC1)
80470000 80480000 mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
80480000 8048a000 BATTC BATTC.SYS Thu Aug 30 20:57:44 2007 (46D76788)
8048a000 80499000 volmgr volmgr.sys Tue Dec 12 22:29:12 2006 (457F7388)
80499000 804be000 pci pci.sys Tue Dec 12 21:42:27 2006 (457F6893)
804be000 804c6000 msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
804c6000 804cf000 WMILIB WMILIB.SYS Thu Nov 02 04:54:53 2006 (4549B25D)
804cf000 80512000 acpi acpi.sys Thu Aug 30 20:57:46 2007 (46D7678A)
80512000 8051f000 WDFLDR WDFLDR.SYS Wed Dec 05 21:21:19 2007 (47575C9F)
8051f000 80600000 CI CI.dll Mon Feb 18 23:59:14 2008 (47BA6222)
80606000 8060e000 spldr spldr.sys Wed Oct 25 18:40:44 2006 (453FE7EC)
8060e000 80639000 msrpc msrpc.sys Thu Nov 02 04:50:16 2006 (4549B148)
80639000 8073d000 ndis ndis.sys Thu Nov 02 04:57:33 2006 (4549B2FD)
8073d000 80746000 psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
80746000 80756000 fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000 fltmgr fltmgr.sys Thu Nov 02 04:30:58 2006 (4549ACC2)
80787000 8078fb80 o2sd o2sd.sys Mon Apr 02 04:11:06 2007 (4610BA9A)
80790000 807b6000 SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
807b6000 80800000 volmgrx volmgrx.sys Thu Nov 02 04:51:54 2006 (4549B1AA)
81c00000 81fa1000 nt ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
81fa1000 81fd5000 hal halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
82004000 8200d000 PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000 psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
8201f000 82055000 volsnap volsnap.sys Thu Oct 25 22:04:17 2007 (47214B21)
82055000 820bf000 ksecdd ksecdd.sys Mon Jun 15 09:10:14 2009 (4A364836)
820bf000 821c7000 Ntfs Ntfs.sys Sun Dec 16 04:31:37 2007 (4764F079)
821c7000 82200000 NETIO NETIO.SYS Fri Aug 14 10:24:15 2009 (4A85738F)
82382000 8238b000 crcdisk crcdisk.sys Thu Nov 02 04:52:27 2006 (4549B1CB)
8238b000 823ac000 CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
823ac000 823bd000 disk disk.sys Thu Nov 02 04:51:40 2006 (4549B19C)
823bd000 823e2000 ecache ecache.sys Thu Nov 02 04:52:42 2006 (4549B1DA)
823e2000 823f1000 mup mup.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
823f1000 82400000 partmgr partmgr.sys Thu Nov 02 04:51:47 2006 (4549B1A3)
8555b000 85563000 kdcom kdcom.dll Thu Nov 02 05:42:20 2006 (4549BD7C)
87855000 8785a080 SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
878e8000 878ef800 nscirda nscirda.sys Thu Nov 02 04:57:06 2006 (4549B2E2)
87910000 87918000 rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
87928000 87930000 dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
87930000 87938000 RootMdm RootMdm.sys Thu Nov 02 04:58:51 2006 (4549B34B)
87968000 87970000 RDPCDD RDPCDD.sys Thu Nov 02 05:02:01 2006 (4549B409)
879d4000 879e3000 amdk8 amdk8.sys Thu Nov 02 04:30:18 2006 (4549AC9A)
87c4f000 87c5c000 crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
87ca0000 87ca1800 NTIDrvr NTIDrvr.sys Tue Dec 21 15:33:14 2004 (41C8888A)
87cac000 87cad380 swenum swenum.sys Tue Dec 12 22:28:16 2006 (457F7350)
87cb4000 87cb5780 SYMDNS SYMDNS.SYS Mon Oct 23 20:26:34 2006 (453D5DBA)
87cbc000 87cbd700 USBD USBD.SYS Thu Aug 30 21:23:36 2007 (46D76D98)
87d00000 87d0f200 ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
87d30000 87d40000 NDProxy NDProxy.SYS Tue Jul 03 21:28:13 2007 (468AF7AD)
87d70000 87d80000 lltdio lltdio.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
8a606000 8a611000 kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8a611000 8a629000 cdrom cdrom.sys Thu Nov 02 04:51:44 2006 (4549B1A0)
8a629000 8a637000 usbehci usbehci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a637000 8a644000 watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
8a644000 8a64f000 tunnel tunnel.sys Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8a64f000 8a65b000 vga vga.sys Thu Nov 02 04:53:56 2006 (4549B224)
8a670000 8a679000 rasacd rasacd.sys Thu Nov 02 04:58:13 2006 (4549B325)
8a68b000 8a693180 SYMIDS SYMIDS.SYS Mon Oct 23 20:29:36 2006 (453D5E70)
8a694000 8a69d000 tunmp tunmp.sys Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a69d000 8a6a6000 wmiacpi wmiacpi.sys Thu Aug 30 20:57:47 2007 (46D7678B)
8a6c1000 8a6ca000 irenum irenum.sys Thu Nov 02 04:57:04 2006 (4549B2E0)
8a6f7000 8a700000 Fs_Rec Fs_Rec.SYS Mon Apr 16 21:26:39 2007 (4624224F)
8a72c000 8a72f780 CmBatt CmBatt.sys Thu Aug 30 20:57:48 2007 (46D7678C)
8a797000 8a79dd00 sncduvc sncduvc.SYS Wed Dec 27 22:21:50 2006 (4593384E)
8a79e000 8a7a5000 hny hny.sys Mon Dec 20 08:18:05 2010 (4D0F578D)
8a7c8000 8a7cf000 Null Null.SYS Thu Nov 02 04:51:05 2006 (4549B179)
8a7cf000 8a7d6000 Beep Beep.SYS Thu Nov 02 04:51:03 2006 (4549B177)
8a7d6000 8a7dc380 HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
8a7f2000 8a7f8a00 RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
8a80a000 8a817080 1394BUS 1394BUS.SYS Wed Feb 07 21:04:45 2007 (45CA853D)
8a818000 8a823000 mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
8a823000 8a836000 i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8a836000 8a848000 HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8a848000 8a885000 USBPORT USBPORT.SYS Thu Aug 30 21:23:43 2007 (46D76D9F)
8a885000 8a8c3000 yk60x86 yk60x86.sys Fri Mar 23 06:11:54 2007 (4603A7EA)
8a8c3000 8a960000 dxgkrnl dxgkrnl.sys Mon Jul 02 21:01:10 2007 (46899FD6)
8a96a000 8a974000 usbohci usbohci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a974000 8a97e000 DKbFltr DKbFltr.sys Thu Oct 19 04:24:28 2006 (4537363C)
8a97e000 8a988000 mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
8a988000 8a992000 ndisuio ndisuio.sys Thu Nov 02 04:57:22 2006 (4549B2F2)
8a9b0000 8a9ba000 nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
8a9c4000 8a9ce000 Dxapi Dxapi.sys Thu Nov 02 04:38:17 2006 (4549AE79)
8a9d8000 8a9e2000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
8b209000 8b246000 HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
8b246000 8b26b000 drmk drmk.sys Thu Nov 02 05:20:49 2006 (4549B871)
8b26b000 8b298000 portcls portcls.sys Thu Nov 02 04:55:02 2006 (4549B266)
8b298000 8b2a4e80 STREAM STREAM.SYS Thu Nov 02 04:55:00 2006 (4549B264)
8b2b5000 8b2e9000 usbhub usbhub.sys Thu Aug 30 21:24:00 2007 (46D76DB0)
8b2e9000 8b313000 ks ks.sys Fri Mar 07 21:14:06 2008 (47D1F66E)
8b313000 8b322000 termdd termdd.sys Tue Dec 12 22:53:43 2006 (457F7947)
8b322000 8b32f000 umbus umbus.sys Thu Nov 02 04:55:24 2006 (4549B27C)
8b32f000 8b33a000 Msfs Msfs.SYS Thu Nov 02 04:30:56 2006 (4549ACC0)
8b33a000 8b34d000 raspptp raspptp.sys Mon Jan 08 21:17:01 2007 (45A2FB1D)
8b34d000 8b35c000 raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8b35c000 8b37f000 ndiswan ndiswan.sys Thu Nov 02 04:58:13 2006 (4549B325)
8b37f000 8b38a000 ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8b38a000 8b3a1000 rasl2tp rasl2tp.sys Mon Jan 08 21:17:02 2007 (45A2FB1E)
8b3a1000 8b3ae000 modem modem.sys Thu Nov 02 04:58:52 2006 (4549B34C)
8b3ae000 8b3b9000 TDI TDI.SYS Thu Nov 02 04:58:46 2006 (4549B346)
8b3b9000 8b3f9000 storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b3f9000 8b424000 msiscsi msiscsi.sys Thu Nov 02 04:52:40 2006 (4549B1D8)
8b424000 8b451700 SynTP SynTP.sys Fri Sep 07 14:16:58 2007 (46E1959A)
8b452000 8b4d8000 bcmwl6 bcmwl6.sys Tue Dec 19 14:55:55 2006 (458843CB)
8b4d8000 8bc00000 atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
8bc04000 8bc25000 VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8bc25000 8bdffe40 RTKVHDA RTKVHDA.sys Wed Aug 22 06:44:12 2007 (46CC137C)
8be49000 8befd000 HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8befd000 8c000000 HSX_DPV HSX_DPV.sys Wed Nov 08 18:55:07 2006 (45526E5B)
8c00b000 8c01f000 smb smb.sys Thu Nov 02 04:57:10 2006 (4549B2E6)
8c01f000 8c034000 tdx tdx.sys Thu Nov 02 04:57:34 2006 (4549B2FE)
8c034000 8c04d000 fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
8c04d000 8c122000 tcpip tcpip.sys Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c122000 8c130000 Npfs Npfs.SYS Thu Nov 02 04:30:57 2006 (4549ACC1)
8c13b000 8c146000 SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
8c146000 8c151000 dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8c172000 8c17d000 tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8c21f000 8c25a000 rdbss rdbss.sys Thu Nov 02 04:31:24 2006 (4549ACDC)
8c25a000 8c2c0000 SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
8c2c0000 8c2d1000 SRTSPX SRTSPX.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
8c2d1000 8c2f2f00 SYMFW SYMFW.SYS Mon Oct 23 20:28:55 2006 (453D5E47)
8c2f3000 8c315000 SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c315000 8c340f00 SYMTDI SYMTDI.SYS Mon Oct 23 20:26:29 2006 (453D5DB5)
8c341000 8c354000 wanarp wanarp.sys Tue Jul 03 21:28:16 2007 (468AF7B0)
8c354000 8c362000 netbios netbios.sys Thu Oct 19 19:38:12 2006 (45380C64)
8c362000 8c378000 pacer pacer.sys Tue Jul 03 21:27:33 2007 (468AF785)
8c378000 8c3aa000 netbt netbt.sys Thu Nov 02 04:57:18 2006 (4549B2EE)
8c3aa000 8c3b9000 klifoko klifoko.sys Mon Apr 26 23:04:54 2004 (408DCDD6)
8c3b9000 8c400000 afd afd.sys Thu Nov 02 04:58:41 2006 (4549B341)
8c8be000 8c8e6000 fastfat fastfat.SYS Thu Nov 02 04:30:49 2006 (4549ACB9)
8c8f6000 8c90d000 dfsc dfsc.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
8c90d000 8c92a000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c92a000 8c98c000 eeCtrl eeCtrl.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c98c000 8c9c0000 IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
8ce59000 8cfff280 snp2uvc snp2uvc.sys Mon Jun 11 22:38:23 2007 (466E071F)
90b88000 90b97000 monitor monitor.sys Sun Dec 16 04:56:44 2007 (4764F65C)
95800000 95a00000 win32k win32k.sys Fri Aug 14 10:01:22 2009 (4A856E32)
96270000 9628b000 luafv luafv.sys Thu Nov 02 04:33:07 2006 (4549AD43)
96400000 96409000 TSDDD TSDDD.dll Thu Nov 02 05:02:02 2006 (4549B40A)
96410000 9641e000 cdd cdd.dll unavailable (00000000)
98412000 984a0000 spsys spsys.sys Wed Oct 25 18:43:28 2006 (453FE890)
98562000 98580000 irda irda.sys Thu Nov 02 04:57:09 2006 (4549B2E5)
9ac01000 9ac1c000 srvnet srvnet.sys Fri Dec 11 07:15:29 2009 (4B2237E1)
9ad1c000 9ad2f000 rspndr rspndr.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
9ad2f000 9ad5a000 nwifi nwifi.sys Fri Jan 18 22:06:33 2008 (47916939)
9ba15000 9ba66000 srv srv.sys Fri Dec 11 07:15:47 2009 (4B2237F3)
9ba66000 9ba8a000 srv2 srv2.sys Mon Sep 14 05:50:53 2009 (4AAE11FD)
9ba8a000 9ba9c000 mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
9ba9c000 9bad5000 mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9bad5000 9baf3000 mrxsmb mrxsmb.sys Tue Feb 23 08:14:40 2010 (4B83D4C0)
9bb33000 9bb53000 mrxdav mrxdav.sys Fri Jan 11 20:45:54 2008 (47881BD2)
9bb53000 9bb67000 mpsdrv mpsdrv.sys Wed Jun 06 22:55:55 2007 (466773BB)
9bb67000 9bb80000 bowser bowser.sys Thu Nov 02 04:31:11 2006 (4549ACCF)
9c41b000 9c431000 cdfs cdfs.sys Thu Nov 02 04:30:50 2006 (4549ACBA)
9c596000 9c5ff000 HTTP HTTP.sys Sat Feb 20 16:30:14 2010 (4B805466)
9c6a8000 9c6ab180 mdmxsdk mdmxsdk.sys Mon Jun 19 17:26:59 2006 (449716A3)
9c7d6000 9c7dd000 int15 int15.sys Mon Jul 02 22:03:24 2007 (4689AE6C)
9d6a2000 9d780000 peauth peauth.sys Mon Oct 23 04:55:32 2006 (453C8384)
Unloaded modules:
8d2c8000 8d2d0000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
9c4b9000 9c4d1000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
87c4f000 87c5c000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
8a665000 8a670000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
87920000 87928000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
879e3000 879ec000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
1: kd> lmntsm
start end module name
8a80a000 8a817080 1394BUS 1394BUS.SYS Wed Feb 07 21:04:45 2007 (45CA853D)
804cf000 80512000 acpi acpi.sys Thu Aug 30 20:57:46 2007 (46D7678A)
8c3b9000 8c400000 afd afd.sys Thu Nov 02 04:58:41 2006 (4549B341)
879d4000 879e3000 amdk8 amdk8.sys Thu Nov 02 04:30:18 2006 (4549AC9A)
80429000 80431000 atapi atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8040b000 80429000 ataport ataport.SYS Fri Jan 18 22:01:56 2008 (47916824)
8b4d8000 8bc00000 atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
80480000 8048a000 BATTC BATTC.SYS Thu Aug 30 20:57:44 2007 (46D76788)
8b452000 8b4d8000 bcmwl6 bcmwl6.sys Tue Dec 19 14:55:55 2006 (458843CB)
8a7cf000 8a7d6000 Beep Beep.SYS Thu Nov 02 04:51:03 2006 (4549B177)
802ba000 802c2000 BOOTVID BOOTVID.dll Thu Nov 02 05:39:29 2006 (4549BCD1)
9bb67000 9bb80000 bowser bowser.sys Thu Nov 02 04:31:11 2006 (4549ACCF)
96410000 9641e000 cdd cdd.dll unavailable (00000000)
9c41b000 9c431000 cdfs cdfs.sys Thu Nov 02 04:30:50 2006 (4549ACBA)
8a611000 8a629000 cdrom cdrom.sys Thu Nov 02 04:51:44 2006 (4549B1A0)
8051f000 80600000 CI CI.dll Mon Feb 18 23:59:14 2008 (47BA6222)
8238b000 823ac000 CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
8027f000 802ba000 CLFS CLFS.SYS Wed Dec 05 20:55:42 2007 (4757569E)
8a72c000 8a72f780 CmBatt CmBatt.sys Thu Aug 30 20:57:48 2007 (46D7678C)
80201000 80203900 compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
87c4f000 87c5c000 crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
82382000 8238b000 crcdisk crcdisk.sys Thu Nov 02 04:52:27 2006 (4549B1CB)
8c8f6000 8c90d000 dfsc dfsc.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
823ac000 823bd000 disk disk.sys Thu Nov 02 04:51:40 2006 (4549B19C)
8a974000 8a97e000 DKbFltr DKbFltr.sys Thu Oct 19 04:24:28 2006 (4537363C)
8b246000 8b26b000 drmk drmk.sys Thu Nov 02 05:20:49 2006 (4549B871)
87928000 87930000 dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8c146000 8c151000 dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8a9c4000 8a9ce000 Dxapi Dxapi.sys Thu Nov 02 04:38:17 2006 (4549AE79)
8a8c3000 8a960000 dxgkrnl dxgkrnl.sys Mon Jul 02 21:01:10 2007 (46899FD6)
823bd000 823e2000 ecache ecache.sys Thu Nov 02 04:52:42 2006 (4549B1DA)
8c92a000 8c98c000 eeCtrl eeCtrl.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c90d000 8c92a000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c8be000 8c8e6000 fastfat fastfat.SYS Thu Nov 02 04:30:49 2006 (4549ACB9)
80746000 80756000 fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000 fltmgr fltmgr.sys Thu Nov 02 04:30:58 2006 (4549ACC2)
8a6f7000 8a700000 Fs_Rec Fs_Rec.SYS Mon Apr 16 21:26:39 2007 (4624224F)
8c034000 8c04d000 fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
81fa1000 81fd5000 hal halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
8a836000 8a848000 HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8a7d6000 8a7dc380 HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
8a79e000 8a7a5000 hny hny.sys Mon Dec 20 08:18:05 2010 (4D0F578D)
8be49000 8befd000 HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8befd000 8c000000 HSX_DPV HSX_DPV.sys Wed Nov 08 18:55:07 2006 (45526E5B)
8b209000 8b246000 HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
9c596000 9c5ff000 HTTP HTTP.sys Sat Feb 20 16:30:14 2010 (4B805466)
8a823000 8a836000 i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8c98c000 8c9c0000 IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
9c7d6000 9c7dd000 int15 int15.sys Mon Jul 02 22:03:24 2007 (4689AE6C)
98562000 98580000 irda irda.sys Thu Nov 02 04:57:09 2006 (4549B2E5)
8a6c1000 8a6ca000 irenum irenum.sys Thu Nov 02 04:57:04 2006 (4549B2E0)
8a606000 8a611000 kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8555b000 85563000 kdcom kdcom.dll Thu Nov 02 05:42:20 2006 (4549BD7C)
8c3aa000 8c3b9000 klifoko klifoko.sys Mon Apr 26 23:04:54 2004 (408DCDD6)
8b2e9000 8b313000 ks ks.sys Fri Mar 07 21:14:06 2008 (47D1F66E)
82055000 820bf000 ksecdd ksecdd.sys Mon Jun 15 09:10:14 2009 (4A364836)
87d70000 87d80000 lltdio lltdio.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
96270000 9628b000 luafv luafv.sys Thu Nov 02 04:33:07 2006 (4549AD43)
9c6a8000 9c6ab180 mdmxsdk mdmxsdk.sys Mon Jun 19 17:26:59 2006 (449716A3)
8b3a1000 8b3ae000 modem modem.sys Thu Nov 02 04:58:52 2006 (4549B34C)
90b88000 90b97000 monitor monitor.sys Sun Dec 16 04:56:44 2007 (4764F65C)
8a818000 8a823000 mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
80470000 80480000 mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
9bb53000 9bb67000 mpsdrv mpsdrv.sys Wed Jun 06 22:55:55 2007 (466773BB)
9bb33000 9bb53000 mrxdav mrxdav.sys Fri Jan 11 20:45:54 2008 (47881BD2)
9bad5000 9baf3000 mrxsmb mrxsmb.sys Tue Feb 23 08:14:40 2010 (4B83D4C0)
9ba9c000 9bad5000 mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9ba8a000 9ba9c000 mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
8b32f000 8b33a000 Msfs Msfs.SYS Thu Nov 02 04:30:56 2006 (4549ACC0)
804be000 804c6000 msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
8b3f9000 8b424000 msiscsi msiscsi.sys Thu Nov 02 04:52:40 2006 (4549B1D8)
8060e000 80639000 msrpc msrpc.sys Thu Nov 02 04:50:16 2006 (4549B148)
8a97e000 8a988000 mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
823e2000 823f1000 mup mup.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
80639000 8073d000 ndis ndis.sys Thu Nov 02 04:57:33 2006 (4549B2FD)
8b37f000 8b38a000 ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8a988000 8a992000 ndisuio ndisuio.sys Thu Nov 02 04:57:22 2006 (4549B2F2)
8b35c000 8b37f000 ndiswan ndiswan.sys Thu Nov 02 04:58:13 2006 (4549B325)
87d30000 87d40000 NDProxy NDProxy.SYS Tue Jul 03 21:28:13 2007 (468AF7AD)
8c354000 8c362000 netbios netbios.sys Thu Oct 19 19:38:12 2006 (45380C64)
8c378000 8c3aa000 netbt netbt.sys Thu Nov 02 04:57:18 2006 (4549B2EE)
821c7000 82200000 NETIO NETIO.SYS Fri Aug 14 10:24:15 2009 (4A85738F)
8c122000 8c130000 Npfs Npfs.SYS Thu Nov 02 04:30:57 2006 (4549ACC1)
878e8000 878ef800 nscirda nscirda.sys Thu Nov 02 04:57:06 2006 (4549B2E2)
8a9b0000 8a9ba000 nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
81c00000 81fa1000 nt ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
820bf000 821c7000 Ntfs Ntfs.sys Sun Dec 16 04:31:37 2007 (4764F079)
87ca0000 87ca1800 NTIDrvr NTIDrvr.sys Tue Dec 21 15:33:14 2004 (41C8888A)
8a7c8000 8a7cf000 Null Null.SYS Thu Nov 02 04:51:05 2006 (4549B179)
9ad2f000 9ad5a000 nwifi nwifi.sys Fri Jan 18 22:06:33 2008 (47916939)
80401000 8040ab00 o2media o2media.sys Mon Apr 02 22:04:27 2007 (4611B62B)
80787000 8078fb80 o2sd o2sd.sys Mon Apr 02 04:11:06 2007 (4610BA9A)
87d00000 87d0f200 ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
8c362000 8c378000 pacer pacer.sys Tue Jul 03 21:27:33 2007 (468AF785)
823f1000 82400000 partmgr partmgr.sys Thu Nov 02 04:51:47 2006 (4549B1A3)
80499000 804be000 pci pci.sys Tue Dec 12 21:42:27 2006 (457F6893)
8043f000 80446000 pciide pciide.sys Fri Jan 18 22:01:57 2008 (47916825)
80431000 8043f000 PCIIDEX PCIIDEX.SYS Fri Jan 18 22:01:56 2008 (47916824)
80446000 80470000 pcmcia pcmcia.sys Thu Nov 02 04:35:13 2006 (4549ADC1)
9d6a2000 9d780000 peauth peauth.sys Mon Oct 23 04:55:32 2006 (453C8384)
8b26b000 8b298000 portcls portcls.sys Thu Nov 02 04:55:02 2006 (4549B266)
8073d000 80746000 psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
82004000 8200d000 PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000 psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
802c2000 802cb000 PSHED PSHED.dll Thu Nov 02 05:42:51 2006 (4549BD9B)
8a670000 8a679000 rasacd rasacd.sys Thu Nov 02 04:58:13 2006 (4549B325)
8b38a000 8b3a1000 rasl2tp rasl2tp.sys Mon Jan 08 21:17:02 2007 (45A2FB1E)
8b34d000 8b35c000 raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8b33a000 8b34d000 raspptp raspptp.sys Mon Jan 08 21:17:01 2007 (45A2FB1D)
8c21f000 8c25a000 rdbss rdbss.sys Thu Nov 02 04:31:24 2006 (4549ACDC)
87968000 87970000 RDPCDD RDPCDD.sys Thu Nov 02 05:02:01 2006 (4549B409)
87910000 87918000 rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
8a7f2000 8a7f8a00 RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
87930000 87938000 RootMdm RootMdm.sys Thu Nov 02 04:58:51 2006 (4549B34B)
9ad1c000 9ad2f000 rspndr rspndr.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
8bc25000 8bdffe40 RTKVHDA RTKVHDA.sys Wed Aug 22 06:44:12 2007 (46CC137C)
80790000 807b6000 SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
8a9d8000 8a9e2000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
8c00b000 8c01f000 smb smb.sys Thu Nov 02 04:57:10 2006 (4549B2E6)
8a797000 8a79dd00 sncduvc sncduvc.SYS Wed Dec 27 22:21:50 2006 (4593384E)
8ce59000 8cfff280 snp2uvc snp2uvc.sys Mon Jun 11 22:38:23 2007 (466E071F)
8c25a000 8c2c0000 SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
80606000 8060e000 spldr spldr.sys Wed Oct 25 18:40:44 2006 (453FE7EC)
98412000 984a0000 spsys spsys.sys Wed Oct 25 18:43:28 2006 (453FE890)
8c2c0000 8c2d1000 SRTSPX SRTSPX.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
9ba15000 9ba66000 srv srv.sys Fri Dec 11 07:15:47 2009 (4B2237F3)
9ba66000 9ba8a000 srv2 srv2.sys Mon Sep 14 05:50:53 2009 (4AAE11FD)
9ac01000 9ac1c000 srvnet srvnet.sys Fri Dec 11 07:15:29 2009 (4B2237E1)
8b3b9000 8b3f9000 storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b298000 8b2a4e80 STREAM STREAM.SYS Thu Nov 02 04:55:00 2006 (4549B264)
87cac000 87cad380 swenum swenum.sys Tue Dec 12 22:28:16 2006 (457F7350)
87cb4000 87cb5780 SYMDNS SYMDNS.SYS Mon Oct 23 20:26:34 2006 (453D5DBA)
8c2f3000 8c315000 SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c2d1000 8c2f2f00 SYMFW SYMFW.SYS Mon Oct 23 20:28:55 2006 (453D5E47)
8a68b000 8a693180 SYMIDS SYMIDS.SYS Mon Oct 23 20:29:36 2006 (453D5E70)
8c13b000 8c146000 SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
87855000 8785a080 SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
8c315000 8c340f00 SYMTDI SYMTDI.SYS Mon Oct 23 20:26:29 2006 (453D5DB5)
8b424000 8b451700 SynTP SynTP.sys Fri Sep 07 14:16:58 2007 (46E1959A)
8c04d000 8c122000 tcpip tcpip.sys Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c172000 8c17d000 tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8b3ae000 8b3b9000 TDI TDI.SYS Thu Nov 02 04:58:46 2006 (4549B346)
8c01f000 8c034000 tdx tdx.sys Thu Nov 02 04:57:34 2006 (4549B2FE)
8b313000 8b322000 termdd termdd.sys Tue Dec 12 22:53:43 2006 (457F7947)
96400000 96409000 TSDDD TSDDD.dll Thu Nov 02 05:02:02 2006 (4549B40A)
8a694000 8a69d000 tunmp tunmp.sys Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a644000 8a64f000 tunnel tunnel.sys Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8b322000 8b32f000 umbus umbus.sys Thu Nov 02 04:55:24 2006 (4549B27C)
87cbc000 87cbd700 USBD USBD.SYS Thu Aug 30 21:23:36 2007 (46D76D98)
8a629000 8a637000 usbehci usbehci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8b2b5000 8b2e9000 usbhub usbhub.sys Thu Aug 30 21:24:00 2007 (46D76DB0)
8a96a000 8a974000 usbohci usbohci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a848000 8a885000 USBPORT USBPORT.SYS Thu Aug 30 21:23:43 2007 (46D76D9F)
8a64f000 8a65b000 vga vga.sys Thu Nov 02 04:53:56 2006 (4549B224)
8bc04000 8bc25000 VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8048a000 80499000 volmgr volmgr.sys Tue Dec 12 22:29:12 2006 (457F7388)
807b6000 80800000 volmgrx volmgrx.sys Thu Nov 02 04:51:54 2006 (4549B1AA)
8201f000 82055000 volsnap volsnap.sys Thu Oct 25 22:04:17 2007 (47214B21)
8c341000 8c354000 wanarp wanarp.sys Tue Jul 03 21:28:16 2007 (468AF7B0)
8a637000 8a644000 watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
80204000 8027f000 Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
80512000 8051f000 WDFLDR WDFLDR.SYS Wed Dec 05 21:21:19 2007 (47575C9F)
95800000 95a00000 win32k win32k.sys Fri Aug 14 10:01:22 2009 (4A856E32)
8a69d000 8a6a6000 wmiacpi wmiacpi.sys Thu Aug 30 20:57:47 2007 (46D7678B)
804c6000 804cf000 WMILIB WMILIB.SYS Thu Nov 02 04:54:53 2006 (4549B25D)
8a885000 8a8c3000 yk60x86 yk60x86.sys Fri Mar 23 06:11:54 2007 (4603A7EA)
Unloaded modules:
8d2c8000 8d2d0000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
9c4b9000 9c4d1000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
87c4f000 87c5c000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
8a665000 8a670000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
87920000 87928000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
879e3000 879ec000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
1: kd> .cxr 0xffffffff879ab490
eax=00000000 ebx=8543b188 ecx=00000000 edx=7ffa0000 esi=00000000 edi=879ab870
eip=81c6016e esp=879ab85c ebp=879ab85c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
nt!RtlImageNtHeaderEx+0x45:
81c6016e 66813a4d5a cmp word ptr [edx],5A4Dh ds:0023:7ffa0000=????
1: kd> .exr 0xffffffff879ab794
ExceptionAddress: 81c6016e (nt!RtlImageNtHeaderEx+0x00000045)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 7ffa0000
Attempt to read from address 7ffa0000
____________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48DSV9T5\Mini032011-08[1].dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.17021.x86fre.vista_gdr.100218-0019
Machine Name:
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sun Mar 20 16:29:19.179 2011 (GMT-4)
System Uptime: 0 days 0:03:11.007
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, 2ae0, a139bbb4, 0}
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+12175 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00002ae0, The address that the exception occurred at
Arg3: a139bbb4, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
+12a
00002ae0 ?? ???
TRAP_FRAME: a139bbb4 -- (.trap 0xffffffffa139bbb4)
ErrCode = 00000010
eax=86fe1424 ebx=86fda828 ecx=00002ae0 edx=00000000 esi=86fe1430 edi=97e5d5b0
eip=00002ae0 esp=a139bc28 ebp=a139bc8c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
00002ae0 ?? ???
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 81e1bf29 to 00002ae0
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
a139bc24 81e1bf29 86fe1424 a13907cc 86fdaa88 0x2ae0
a139bc8c 81e1afa8 86fe1430 00000000 86fda828 nt!PspExitThread+0x62f
a139bca8 81e1b77b 86fda828 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
a139bcd0 8c1f0175 00000000 00000000 9aadead0 nt!NtTerminateThread+0x74
a139bd54 81c8cb1a 00000000 00000000 02e5ff30 SYMEVENT+0x12175
a139bd54 00000000 00000000 00000000 02e5ff30 nt!KiFastCallEntry+0x12a
a139bdc4 00000000 77950f34 0000001b 00000246 0x0
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+12175
8c1f0175 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: SYMEVENT+12175
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4535a9f4
FAILURE_BUCKET_ID: 0x8E_SYMEVENT+12175
BUCKET_ID: 0x8E_SYMEVENT+12175
Followup: MachineOwner
---------
1: kd> lmvm SYMEVENT
start end module name
8c1de000 8c200000 SYMEVENT T (no symbols)
Loaded symbol image file: SYMEVENT.SYS
Image path: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Image name: SYMEVENT.SYS
Timestamp: Wed Oct 18 00:13:40 2006 (4535A9F4)
CheckSum: 0001E2A5
ImageSize: 00022000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmnt
start end module name
80201000 80203900 compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
80204000 8027f000 Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
8027f000 802ba000 CLFS CLFS.SYS Wed Dec 05 20:55:42 2007 (4757569E)
802ba000 802c2000 BOOTVID BOOTVID.dll Thu Nov 02 05:39:29 2006 (4549BCD1)
802c2000 802cb000 PSHED PSHED.dll Thu Nov 02 05:42:51 2006 (4549BD9B)
80401000 8040ab00 o2media o2media.sys Mon Apr 02 22:04:27 2007 (4611B62B)
8040b000 80429000 ataport ataport.SYS Fri Jan 18 22:01:56 2008 (47916824)
80429000 80431000 atapi atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
80431000 8043f000 PCIIDEX PCIIDEX.SYS Fri Jan 18 22:01:56 2008 (47916824)
8043f000 80446000 pciide pciide.sys Fri Jan 18 22:01:57 2008 (47916825)
80446000 80470000 pcmcia pcmcia.sys Thu Nov 02 04:35:13 2006 (4549ADC1)
80470000 80480000 mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
80480000 8048a000 BATTC BATTC.SYS Thu Aug 30 20:57:44 2007 (46D76788)
8048a000 80499000 volmgr volmgr.sys Tue Dec 12 22:29:12 2006 (457F7388)
80499000 804be000 pci pci.sys Tue Dec 12 21:42:27 2006 (457F6893)
804be000 804c6000 msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
804c6000 804cf000 WMILIB WMILIB.SYS Thu Nov 02 04:54:53 2006 (4549B25D)
804cf000 80512000 acpi acpi.sys Thu Aug 30 20:57:46 2007 (46D7678A)
80512000 8051f000 WDFLDR WDFLDR.SYS Wed Dec 05 21:21:19 2007 (47575C9F)
8051f000 80600000 CI CI.dll Mon Feb 18 23:59:14 2008 (47BA6222)
80606000 8060e000 spldr spldr.sys Wed Oct 25 18:40:44 2006 (453FE7EC)
8060e000 80639000 msrpc msrpc.sys Thu Nov 02 04:50:16 2006 (4549B148)
80639000 8073d000 ndis ndis.sys Thu Nov 02 04:57:33 2006 (4549B2FD)
8073d000 80746000 psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
80746000 80756000 fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000 fltmgr fltmgr.sys Thu Nov 02 04:30:58 2006 (4549ACC2)
80787000 8078fb80 o2sd o2sd.sys Mon Apr 02 04:11:06 2007 (4610BA9A)
80790000 807b6000 SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
807b6000 80800000 volmgrx volmgrx.sys Thu Nov 02 04:51:54 2006 (4549B1AA)
81c00000 81fa1000 nt ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
81fa1000 81fd5000 hal halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
82004000 8200d000 PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000 psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
8201f000 82055000 volsnap volsnap.sys Thu Oct 25 22:04:17 2007 (47214B21)
82055000 820bf000 ksecdd ksecdd.sys Mon Jun 15 09:10:14 2009 (4A364836)
820bf000 821c7000 Ntfs Ntfs.sys Sun Dec 16 04:31:37 2007 (4764F079)
821c7000 82200000 NETIO NETIO.SYS Fri Aug 14 10:24:15 2009 (4A85738F)
82382000 8238b000 crcdisk crcdisk.sys Thu Nov 02 04:52:27 2006 (4549B1CB)
8238b000 823ac000 CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
823ac000 823bd000 disk disk.sys Thu Nov 02 04:51:40 2006 (4549B19C)
823bd000 823e2000 ecache ecache.sys Thu Nov 02 04:52:42 2006 (4549B1DA)
823e2000 823f1000 mup mup.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
823f1000 82400000 partmgr partmgr.sys Thu Nov 02 04:51:47 2006 (4549B1A3)
855c3000 855cb000 kdcom kdcom.dll Thu Nov 02 05:42:20 2006 (4549BD7C)
87843000 87848080 SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
87892000 87899000 Null Null.SYS Thu Nov 02 04:51:05 2006 (4549B179)
878f0000 878f7800 nscirda nscirda.sys Thu Nov 02 04:57:06 2006 (4549B2E2)
878f8000 87900000 RootMdm RootMdm.sys Thu Nov 02 04:58:51 2006 (4549B34B)
87928000 87930000 dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
87930000 87938000 RDPCDD RDPCDD.sys Thu Nov 02 05:02:01 2006 (4549B409)
87960000 87968000 rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
879d4000 879e3000 amdk8 amdk8.sys Thu Nov 02 04:30:18 2006 (4549AC9A)
87c05000 87c12000 crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
87c16000 87c1d000 Beep Beep.SYS Thu Nov 02 04:51:03 2006 (4549B177)
87c1d000 87c23380 HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
87c32000 87c39000 int15 int15.sys Mon Jul 02 22:03:24 2007 (4689AE6C)
87c40000 87c46a00 RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
87c5c000 87c63000 hny hny.sys Mon Dec 20 08:18:05 2010 (4D0F578D)
87c71000 87c77d00 sncduvc sncduvc.SYS Wed Dec 27 22:21:50 2006 (4593384E)
87ca6000 87ca7780 SYMDNS SYMDNS.SYS Mon Oct 23 20:26:34 2006 (453D5DBA)
87ca8000 87ca9380 swenum swenum.sys Tue Dec 12 22:28:16 2006 (457F7350)
87cae000 87caf700 USBD USBD.SYS Thu Aug 30 21:23:36 2007 (46D76D98)
87cb0000 87cb1800 NTIDrvr NTIDrvr.sys Tue Dec 21 15:33:14 2004 (41C8888A)
87d00000 87d0f200 ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
87d30000 87d40000 NDProxy NDProxy.SYS Tue Jul 03 21:28:13 2007 (468AF7AD)
87d80000 87d90000 lltdio lltdio.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
8a405000 8a410000 tunnel tunnel.sys Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8a434000 8a43c180 SYMIDS SYMIDS.SYS Mon Oct 23 20:29:36 2006 (453D5E70)
8a43d000 8a446000 irenum irenum.sys Thu Nov 02 04:57:04 2006 (4549B2E0)
8a461000 8a46a000 tunmp tunmp.sys Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a46a000 8a473000 wmiacpi wmiacpi.sys Thu Aug 30 20:57:47 2007 (46D7678B)
8a473000 8a47c000 Fs_Rec Fs_Rec.SYS Mon Apr 16 21:26:39 2007 (4624224F)
8a485000 8a48e000 rasacd rasacd.sys Thu Nov 02 04:58:13 2006 (4549B325)
8a4bf000 8a4ca000 kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8a4ca000 8a4e2000 cdrom cdrom.sys Thu Nov 02 04:51:44 2006 (4549B1A0)
8a4e2000 8a4f0000 usbehci usbehci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a4f0000 8a52e000 yk60x86 yk60x86.sys Fri Mar 23 06:11:54 2007 (4603A7EA)
8a52e000 8a53b000 watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
8a5fc000 8a5ff780 CmBatt CmBatt.sys Thu Aug 30 20:57:48 2007 (46D7678C)
8a600000 8a63d000 USBPORT USBPORT.SYS Thu Aug 30 21:23:43 2007 (46D76D9F)
8a63d000 8a6c3000 bcmwl6 bcmwl6.sys Tue Dec 19 14:55:55 2006 (458843CB)
8a6c3000 8a760000 dxgkrnl dxgkrnl.sys Mon Jul 02 21:01:10 2007 (46899FD6)
8a774000 8a77e000 usbohci usbohci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a77e000 8a788000 DKbFltr DKbFltr.sys Thu Oct 19 04:24:28 2006 (4537363C)
8a788000 8a792000 mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
8a79c000 8a7a6000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
8a7a6000 8a7b0000 ndisuio ndisuio.sys Thu Nov 02 04:57:22 2006 (4549B2F2)
8a7ba000 8a7c4000 nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
8a7d8000 8a7e2000 Dxapi Dxapi.sys Thu Nov 02 04:38:17 2006 (4549AE79)
8ae04000 8ae12000 Npfs Npfs.SYS Thu Nov 02 04:30:57 2006 (4549ACC1)
8ae12000 8ae1d000 Msfs Msfs.SYS Thu Nov 02 04:30:56 2006 (4549ACC0)
8ae1d000 8ae29000 vga vga.sys Thu Nov 02 04:53:56 2006 (4549B224)
8ae69000 8aea6000 HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
8aea6000 8aecb000 drmk drmk.sys Thu Nov 02 05:20:49 2006 (4549B871)
8aecb000 8aef8000 portcls portcls.sys Thu Nov 02 04:55:02 2006 (4549B266)
8af08000 8af3c000 usbhub usbhub.sys Thu Aug 30 21:24:00 2007 (46D76DB0)
8af3c000 8af66000 ks ks.sys Fri Mar 07 21:14:06 2008 (47D1F66E)
8af66000 8af75000 termdd termdd.sys Tue Dec 12 22:53:43 2006 (457F7947)
8af75000 8af82000 umbus umbus.sys Thu Nov 02 04:55:24 2006 (4549B27C)
8af82000 8af95000 raspptp raspptp.sys Mon Jan 08 21:17:01 2007 (45A2FB1D)
8af95000 8afa4000 raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8afa4000 8afc7000 ndiswan ndiswan.sys Thu Nov 02 04:58:13 2006 (4549B325)
8afc7000 8afd2000 ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8afd2000 8afe9000 rasl2tp rasl2tp.sys Mon Jan 08 21:17:02 2007 (45A2FB1E)
8afe9000 8aff6000 modem modem.sys Thu Nov 02 04:58:52 2006 (4549B34C)
8aff6000 8b001000 TDI TDI.SYS Thu Nov 02 04:58:46 2006 (4549B346)
8b001000 8b041000 storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b041000 8b06c000 msiscsi msiscsi.sys Thu Nov 02 04:52:40 2006 (4549B1D8)
8b06c000 8b079080 1394BUS 1394BUS.SYS Wed Feb 07 21:04:45 2007 (45CA853D)
8b07a000 8b085000 mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
8b085000 8b0b2700 SynTP SynTP.sys Fri Sep 07 14:16:58 2007 (46E1959A)
8b0b3000 8b0c6000 i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8b0c6000 8b0d8000 HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8b0d8000 8b800000 atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
8ba04000 8ba25000 VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8ba25000 8bbffe40 RTKVHDA RTKVHDA.sys Wed Aug 22 06:44:12 2007 (46CC137C)
8bc01000 8bc10000 klifoko klifoko.sys Mon Apr 26 23:04:54 2004 (408DCDD6)
8bc10000 8bc29000 fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
8bc49000 8bcfd000 HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8bcfd000 8be00000 HSX_DPV HSX_DPV.sys Wed Nov 08 18:55:07 2006 (45526E5B)
8be0a000 8be1b000 SRTSPX SRTSPX.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
8be1b000 8be46f00 SYMTDI SYMTDI.SYS Mon Oct 23 20:26:29 2006 (453D5DB5)
8be47000 8be5a000 wanarp wanarp.sys Tue Jul 03 21:28:16 2007 (468AF7B0)
8be5a000 8be68000 netbios netbios.sys Thu Oct 19 19:38:12 2006 (45380C64)
8be68000 8be73000 SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
8be73000 8be89000 pacer pacer.sys Tue Jul 03 21:27:33 2007 (468AF785)
8be89000 8bebb000 netbt netbt.sys Thu Nov 02 04:57:18 2006 (4549B2EE)
8bebb000 8bf02000 afd afd.sys Thu Nov 02 04:58:41 2006 (4549B341)
8bf02000 8bf16000 smb smb.sys Thu Nov 02 04:57:10 2006 (4549B2E6)
8bf16000 8bf2b000 tdx tdx.sys Thu Nov 02 04:57:34 2006 (4549B2FE)
8bf2b000 8c000000 tcpip tcpip.sys Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c01b000 8c032000 dfsc dfsc.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
8c032000 8c04f000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c05d000 8c091000 IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
8c0d1000 8c10c000 rdbss rdbss.sys Thu Nov 02 04:31:24 2006 (4549ACDC)
8c10c000 8c12df00 SYMFW SYMFW.SYS Mon Oct 23 20:28:55 2006 (453D5E47)
8c12e000 8c139000 dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8c1a7000 8c1b2000 tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8c1de000 8c200000 SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c769000 8c791000 fastfat fastfat.SYS Thu Nov 02 04:30:49 2006 (4549ACB9)
8c791000 8c79de80 STREAM STREAM.SYS Thu Nov 02 04:55:00 2006 (4549B264)
8c79e000 8c800000 eeCtrl eeCtrl.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8ca59000 8cbff280 snp2uvc snp2uvc.sys Mon Jun 11 22:38:23 2007 (466E071F)
94a00000 94c00000 win32k win32k.sys Fri Aug 14 10:01:22 2009 (4A856E32)
95798000 957a0000 xaudio xaudio.sys Fri Aug 04 20:39:09 2006 (44D3E8AD)
95c00000 95c09000 TSDDD TSDDD.dll Thu Nov 02 05:02:02 2006 (4549B40A)
95c10000 95c1e000 cdd cdd.dll unavailable (00000000)
95f88000 95f97000 monitor monitor.sys Sun Dec 16 04:56:44 2007 (4764F65C)
964d4000 964ef000 luafv luafv.sys Thu Nov 02 04:33:07 2006 (4549AD43)
9a462000 9a475000 rspndr rspndr.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
9a475000 9a4a0000 nwifi nwifi.sys Fri Jan 18 22:06:33 2008 (47916939)
9a4a0000 9a4be000 irda irda.sys Thu Nov 02 04:57:09 2006 (4549B2E5)
9a517000 9a532000 srvnet srvnet.sys Fri Dec 11 07:15:29 2009 (4B2237E1)
9a572000 9a600000 spsys spsys.sys Wed Oct 25 18:43:28 2006 (453FE890)
9ac02000 9ac16000 mpsdrv mpsdrv.sys Wed Jun 06 22:55:55 2007 (466773BB)
9ac5c000 9acc5000 HTTP HTTP.sys Sat Feb 20 16:30:14 2010 (4B805466)
9b61b000 9b61ca00 000 000.fcl Wed May 03 22:21:48 2006 (4459653C)
9b629000 9b67a000 srv srv.sys Fri Dec 11 07:15:47 2009 (4B2237F3)
9b6ba000 9b6de000 srv2 srv2.sys Mon Sep 14 05:50:53 2009 (4AAE11FD)
9b6de000 9b6f0000 mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
9b6f0000 9b729000 mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9b729000 9b747000 mrxsmb mrxsmb.sys Tue Feb 23 08:14:40 2010 (4B83D4C0)
9b747000 9b767000 mrxdav mrxdav.sys Fri Jan 11 20:45:54 2008 (47881BD2)
9b767000 9b780000 bowser bowser.sys Thu Nov 02 04:31:11 2006 (4549ACCF)
9c03a000 9c050000 cdfs cdfs.sys Thu Nov 02 04:30:50 2006 (4549ACBA)
9dc22000 9dd00000 peauth peauth.sys Mon Oct 23 04:55:32 2006 (453C8384)
9ddfc000 9ddff180 mdmxsdk mdmxsdk.sys Mon Jun 19 17:26:59 2006 (449716A3)
a3216000 a3227ee0 NAVENG NAVENG.SYS Thu Sep 21 15:01:06 2006 (4512E172)
a8437000 a849d000 SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
a849d000 a8566ae0 NAVEX15 NAVEX15.SYS Thu Sep 21 14:34:08 2006 (4512DB20)
a8567000 a85b0000 SRTSP SRTSP.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
Unloaded modules:
957e8000 957f0000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
9b611000 9b629000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
87c05000 87c12000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
8a4a0000 8a4ab000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
87900000 87908000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
8a47c000 8a485000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
1: kd> lmntsm
start end module name
9b61b000 9b61ca00 000 000.fcl Wed May 03 22:21:48 2006 (4459653C)
8b06c000 8b079080 1394BUS 1394BUS.SYS Wed Feb 07 21:04:45 2007 (45CA853D)
804cf000 80512000 acpi acpi.sys Thu Aug 30 20:57:46 2007 (46D7678A)
8bebb000 8bf02000 afd afd.sys Thu Nov 02 04:58:41 2006 (4549B341)
879d4000 879e3000 amdk8 amdk8.sys Thu Nov 02 04:30:18 2006 (4549AC9A)
80429000 80431000 atapi atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8040b000 80429000 ataport ataport.SYS Fri Jan 18 22:01:56 2008 (47916824)
8b0d8000 8b800000 atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
80480000 8048a000 BATTC BATTC.SYS Thu Aug 30 20:57:44 2007 (46D76788)
8a63d000 8a6c3000 bcmwl6 bcmwl6.sys Tue Dec 19 14:55:55 2006 (458843CB)
87c16000 87c1d000 Beep Beep.SYS Thu Nov 02 04:51:03 2006 (4549B177)
802ba000 802c2000 BOOTVID BOOTVID.dll Thu Nov 02 05:39:29 2006 (4549BCD1)
9b767000 9b780000 bowser bowser.sys Thu Nov 02 04:31:11 2006 (4549ACCF)
95c10000 95c1e000 cdd cdd.dll unavailable (00000000)
9c03a000 9c050000 cdfs cdfs.sys Thu Nov 02 04:30:50 2006 (4549ACBA)
8a4ca000 8a4e2000 cdrom cdrom.sys Thu Nov 02 04:51:44 2006 (4549B1A0)
8051f000 80600000 CI CI.dll Mon Feb 18 23:59:14 2008 (47BA6222)
8238b000 823ac000 CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
8027f000 802ba000 CLFS CLFS.SYS Wed Dec 05 20:55:42 2007 (4757569E)
8a5fc000 8a5ff780 CmBatt CmBatt.sys Thu Aug 30 20:57:48 2007 (46D7678C)
80201000 80203900 compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
87c05000 87c12000 crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
82382000 8238b000 crcdisk crcdisk.sys Thu Nov 02 04:52:27 2006 (4549B1CB)
8c01b000 8c032000 dfsc dfsc.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
823ac000 823bd000 disk disk.sys Thu Nov 02 04:51:40 2006 (4549B19C)
8a77e000 8a788000 DKbFltr DKbFltr.sys Thu Oct 19 04:24:28 2006 (4537363C)
8aea6000 8aecb000 drmk drmk.sys Thu Nov 02 05:20:49 2006 (4549B871)
87928000 87930000 dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8c12e000 8c139000 dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8a7d8000 8a7e2000 Dxapi Dxapi.sys Thu Nov 02 04:38:17 2006 (4549AE79)
8a6c3000 8a760000 dxgkrnl dxgkrnl.sys Mon Jul 02 21:01:10 2007 (46899FD6)
823bd000 823e2000 ecache ecache.sys Thu Nov 02 04:52:42 2006 (4549B1DA)
8c79e000 8c800000 eeCtrl eeCtrl.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c032000 8c04f000 EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c769000 8c791000 fastfat fastfat.SYS Thu Nov 02 04:30:49 2006 (4549ACB9)
80746000 80756000 fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000 fltmgr fltmgr.sys Thu Nov 02 04:30:58 2006 (4549ACC2)
8a473000 8a47c000 Fs_Rec Fs_Rec.SYS Mon Apr 16 21:26:39 2007 (4624224F)
8bc10000 8bc29000 fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
81fa1000 81fd5000 hal halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
8b0c6000 8b0d8000 HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
87c1d000 87c23380 HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
87c5c000 87c63000 hny hny.sys Mon Dec 20 08:18:05 2010 (4D0F578D)
8bc49000 8bcfd000 HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8bcfd000 8be00000 HSX_DPV HSX_DPV.sys Wed Nov 08 18:55:07 2006 (45526E5B)
8ae69000 8aea6000 HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
9ac5c000 9acc5000 HTTP HTTP.sys Sat Feb 20 16:30:14 2010 (4B805466)
8b0b3000 8b0c6000 i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8c05d000 8c091000 IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
87c32000 87c39000 int15 int15.sys Mon Jul 02 22:03:24 2007 (4689AE6C)
9a4a0000 9a4be000 irda irda.sys Thu Nov 02 04:57:09 2006 (4549B2E5)
8a43d000 8a446000 irenum irenum.sys Thu Nov 02 04:57:04 2006 (4549B2E0)
8a4bf000 8a4ca000 kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
855c3000 855cb000 kdcom kdcom.dll Thu Nov 02 05:42:20 2006 (4549BD7C)
8bc01000 8bc10000 klifoko klifoko.sys Mon Apr 26 23:04:54 2004 (408DCDD6)
8af3c000 8af66000 ks ks.sys Fri Mar 07 21:14:06 2008 (47D1F66E)
82055000 820bf000 ksecdd ksecdd.sys Mon Jun 15 09:10:14 2009 (4A364836)
87d80000 87d90000 lltdio lltdio.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
964d4000 964ef000 luafv luafv.sys Thu Nov 02 04:33:07 2006 (4549AD43)
9ddfc000 9ddff180 mdmxsdk mdmxsdk.sys Mon Jun 19 17:26:59 2006 (449716A3)
8afe9000 8aff6000 modem modem.sys Thu Nov 02 04:58:52 2006 (4549B34C)
95f88000 95f97000 monitor monitor.sys Sun Dec 16 04:56:44 2007 (4764F65C)
8b07a000 8b085000 mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
80470000 80480000 mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
9ac02000 9ac16000 mpsdrv mpsdrv.sys Wed Jun 06 22:55:55 2007 (466773BB)
9b747000 9b767000 mrxdav mrxdav.sys Fri Jan 11 20:45:54 2008 (47881BD2)
9b729000 9b747000 mrxsmb mrxsmb.sys Tue Feb 23 08:14:40 2010 (4B83D4C0)
9b6f0000 9b729000 mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9b6de000 9b6f0000 mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
8ae12000 8ae1d000 Msfs Msfs.SYS Thu Nov 02 04:30:56 2006 (4549ACC0)
804be000 804c6000 msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
8b041000 8b06c000 msiscsi msiscsi.sys Thu Nov 02 04:52:40 2006 (4549B1D8)
8060e000 80639000 msrpc msrpc.sys Thu Nov 02 04:50:16 2006 (4549B148)
8a788000 8a792000 mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
823e2000 823f1000 mup mup.sys Thu Nov 02 04:31:04 2006 (4549ACC8)
a3216000 a3227ee0 NAVENG NAVENG.SYS Thu Sep 21 15:01:06 2006 (4512E172)
a849d000 a8566ae0 NAVEX15 NAVEX15.SYS Thu Sep 21 14:34:08 2006 (4512DB20)
80639000 8073d000 ndis ndis.sys Thu Nov 02 04:57:33 2006 (4549B2FD)
8afc7000 8afd2000 ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8a7a6000 8a7b0000 ndisuio ndisuio.sys Thu Nov 02 04:57:22 2006 (4549B2F2)
8afa4000 8afc7000 ndiswan ndiswan.sys Thu Nov 02 04:58:13 2006 (4549B325)
87d30000 87d40000 NDProxy NDProxy.SYS Tue Jul 03 21:28:13 2007 (468AF7AD)
8be5a000 8be68000 netbios netbios.sys Thu Oct 19 19:38:12 2006 (45380C64)
8be89000 8bebb000 netbt netbt.sys Thu Nov 02 04:57:18 2006 (4549B2EE)
821c7000 82200000 NETIO NETIO.SYS Fri Aug 14 10:24:15 2009 (4A85738F)
8ae04000 8ae12000 Npfs Npfs.SYS Thu Nov 02 04:30:57 2006 (4549ACC1)
878f0000 878f7800 nscirda nscirda.sys Thu Nov 02 04:57:06 2006 (4549B2E2)
8a7ba000 8a7c4000 nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
81c00000 81fa1000 nt ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
820bf000 821c7000 Ntfs Ntfs.sys Sun Dec 16 04:31:37 2007 (4764F079)
87cb0000 87cb1800 NTIDrvr NTIDrvr.sys Tue Dec 21 15:33:14 2004 (41C8888A)
87892000 87899000 Null Null.SYS Thu Nov 02 04:51:05 2006 (4549B179)
9a475000 9a4a0000 nwifi nwifi.sys Fri Jan 18 22:06:33 2008 (47916939)
80401000 8040ab00 o2media o2media.sys Mon Apr 02 22:04:27 2007 (4611B62B)
80787000 8078fb80 o2sd o2sd.sys Mon Apr 02 04:11:06 2007 (4610BA9A)
87d00000 87d0f200 ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
8be73000 8be89000 pacer pacer.sys Tue Jul 03 21:27:33 2007 (468AF785)
823f1000 82400000 partmgr partmgr.sys Thu Nov 02 04:51:47 2006 (4549B1A3)
80499000 804be000 pci pci.sys Tue Dec 12 21:42:27 2006 (457F6893)
8043f000 80446000 pciide pciide.sys Fri Jan 18 22:01:57 2008 (47916825)
80431000 8043f000 PCIIDEX PCIIDEX.SYS Fri Jan 18 22:01:56 2008 (47916824)
80446000 80470000 pcmcia pcmcia.sys Thu Nov 02 04:35:13 2006 (4549ADC1)
9dc22000 9dd00000 peauth peauth.sys Mon Oct 23 04:55:32 2006 (453C8384)
8aecb000 8aef8000 portcls portcls.sys Thu Nov 02 04:55:02 2006 (4549B266)
8073d000 80746000 psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
82004000 8200d000 PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000 psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
802c2000 802cb000 PSHED PSHED.dll Thu Nov 02 05:42:51 2006 (4549BD9B)
8a485000 8a48e000 rasacd rasacd.sys Thu Nov 02 04:58:13 2006 (4549B325)
8afd2000 8afe9000 rasl2tp rasl2tp.sys Mon Jan 08 21:17:02 2007 (45A2FB1E)
8af95000 8afa4000 raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8af82000 8af95000 raspptp raspptp.sys Mon Jan 08 21:17:01 2007 (45A2FB1D)
8c0d1000 8c10c000 rdbss rdbss.sys Thu Nov 02 04:31:24 2006 (4549ACDC)
87930000 87938000 RDPCDD RDPCDD.sys Thu Nov 02 05:02:01 2006 (4549B409)
87960000 87968000 rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
87c40000 87c46a00 RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
878f8000 87900000 RootMdm RootMdm.sys Thu Nov 02 04:58:51 2006 (4549B34B)
9a462000 9a475000 rspndr rspndr.sys Thu Nov 02 04:56:48 2006 (4549B2D0)
8ba25000 8bbffe40 RTKVHDA RTKVHDA.sys Wed Aug 22 06:44:12 2007 (46CC137C)
80790000 807b6000 SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
8a79c000 8a7a6000 secdrv secdrv.SYS Wed Sep 13 09:18:32 2006 (45080528)
8bf02000 8bf16000 smb smb.sys Thu Nov 02 04:57:10 2006 (4549B2E6)
87c71000 87c77d00 sncduvc sncduvc.SYS Wed Dec 27 22:21:50 2006 (4593384E)
8ca59000 8cbff280 snp2uvc snp2uvc.sys Mon Jun 11 22:38:23 2007 (466E071F)
a8437000 a849d000 SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
80606000 8060e000 spldr spldr.sys Wed Oct 25 18:40:44 2006 (453FE7EC)
9a572000 9a600000 spsys spsys.sys Wed Oct 25 18:43:28 2006 (453FE890)
a8567000 a85b0000 SRTSP SRTSP.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
8be0a000 8be1b000 SRTSPX SRTSPX.SYS Fri Nov 03 21:12:10 2006 (454BE8EA)
9b629000 9b67a000 srv srv.sys Fri Dec 11 07:15:47 2009 (4B2237F3)
9b6ba000 9b6de000 srv2 srv2.sys Mon Sep 14 05:50:53 2009 (4AAE11FD)
9a517000 9a532000 srvnet srvnet.sys Fri Dec 11 07:15:29 2009 (4B2237E1)
8b001000 8b041000 storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8c791000 8c79de80 STREAM STREAM.SYS Thu Nov 02 04:55:00 2006 (4549B264)
87ca8000 87ca9380 swenum swenum.sys Tue Dec 12 22:28:16 2006 (457F7350)
87ca6000 87ca7780 SYMDNS SYMDNS.SYS Mon Oct 23 20:26:34 2006 (453D5DBA)
8c1de000 8c200000 SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c10c000 8c12df00 SYMFW SYMFW.SYS Mon Oct 23 20:28:55 2006 (453D5E47)
8a434000 8a43c180 SYMIDS SYMIDS.SYS Mon Oct 23 20:29:36 2006 (453D5E70)
8be68000 8be73000 SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
87843000 87848080 SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
8be1b000 8be46f00 SYMTDI SYMTDI.SYS Mon Oct 23 20:26:29 2006 (453D5DB5)
8b085000 8b0b2700 SynTP SynTP.sys Fri Sep 07 14:16:58 2007 (46E1959A)
8bf2b000 8c000000 tcpip tcpip.sys Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c1a7000 8c1b2000 tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8aff6000 8b001000 TDI TDI.SYS Thu Nov 02 04:58:46 2006 (4549B346)
8bf16000 8bf2b000 tdx tdx.sys Thu Nov 02 04:57:34 2006 (4549B2FE)
8af66000 8af75000 termdd termdd.sys Tue Dec 12 22:53:43 2006 (457F7947)
95c00000 95c09000 TSDDD TSDDD.dll Thu Nov 02 05:02:02 2006 (4549B40A)
8a461000 8a46a000 tunmp tunmp.sys Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a405000 8a410000 tunnel tunnel.sys Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8af75000 8af82000 umbus umbus.sys Thu Nov 02 04:55:24 2006 (4549B27C)
87cae000 87caf700 USBD USBD.SYS Thu Aug 30 21:23:36 2007 (46D76D98)
8a4e2000 8a4f0000 usbehci usbehci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8af08000 8af3c000 usbhub usbhub.sys Thu Aug 30 21:24:00 2007 (46D76DB0)
8a774000 8a77e000 usbohci usbohci.sys Thu Aug 30 21:23:40 2007 (46D76D9C)
8a600000 8a63d000 USBPORT USBPORT.SYS Thu Aug 30 21:23:43 2007 (46D76D9F)
8ae1d000 8ae29000 vga vga.sys Thu Nov 02 04:53:56 2006 (4549B224)
8ba04000 8ba25000 VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8048a000 80499000 volmgr volmgr.sys Tue Dec 12 22:29:12 2006 (457F7388)
807b6000 80800000 volmgrx volmgrx.sys Thu Nov 02 04:51:54 2006 (4549B1AA)
8201f000 82055000 volsnap volsnap.sys Thu Oct 25 22:04:17 2007 (47214B21)
8be47000 8be5a000 wanarp wanarp.sys Tue Jul 03 21:28:16 2007 (468AF7B0)
8a52e000 8a53b000 watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
80204000 8027f000 Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
80512000 8051f000 WDFLDR WDFLDR.SYS Wed Dec 05 21:21:19 2007 (47575C9F)
94a00000 94c00000 win32k win32k.sys Fri Aug 14 10:01:22 2009 (4A856E32)
8a46a000 8a473000 wmiacpi wmiacpi.sys Thu Aug 30 20:57:47 2007 (46D7678B)
804c6000 804cf000 WMILIB WMILIB.SYS Thu Nov 02 04:54:53 2006 (4549B25D)
95798000 957a0000 xaudio xaudio.sys Fri Aug 04 20:39:09 2006 (44D3E8AD)
8a4f0000 8a52e000 yk60x86 yk60x86.sys Fri Mar 23 06:11:54 2007 (4603A7EA)
Unloaded modules:
957e8000 957f0000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
9b611000 9b629000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
87c05000 87c12000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
8a4a0000 8a4ab000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
87900000 87908000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
8a47c000 8a485000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
"Another thing to mention is EVERY TIME I load windows, System Properties opens. Also, I think the MSCONFIG keeps resetting itself." --- one again, same behavior as the one I had. Had forgotted those tidbits.
ASKER
That's SO WEIRD, isn't it willcomp??? :P Hopefully we find an answer. If it was mine, I would just wipe it, but this is a customer's computer. I uninstalled ALL Toolbars through Programs & Features, and ran the Norton Removal Tool. Same issue still occuring.
There is a repair install of sorts for Vista but it has to be run from normal mode. It was not an option in my case since I could not get into normal mode at all. The repair is an upgrade install of the same Vista version. If you can get into normal mode long enough, it may be an option. Here are instructions:
http://www.vistax64.com/tutorials/88236-repair-install-vista.html
http://www.vistax64.com/tutorials/88236-repair-install-vista.html
ASKER
Unfortunately, I do not believe that is a viable option. Normal mode crashes after about 30 seconds. Never did like the way to do a repair install for Vista. Why couldn't they make it more like Windows XP? Don't get me wrong, I LOVE Windows 7, and Vista was the stepping stone to it, but that feature in Windows XP was priceless for fixing issues like this.
Have been following this thread with interest, and wondering if you still have a Malware infection present.
From your minidump analysis:
>> Probably caused by : SYMEVENT.SYS <<
As already suggested the software SYMEVENT is by Symantec Corporation
symevent.sys file information:
http://www.file.net/process/symevent.sys.html
Did you run Malwarebytes in normal mode?
If no, try downloading & updating Malwarebytes anti-Malware, from here:
http://www.malwarebytes.org/mbam.php
Then run in normal mode.
Whatever the outcome, please try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
Also, the recently successful Dr.Web CureIt!:
http://www.freedrweb.com/cureit/?lng=en
Finally the ESET Online Scanner, a free, & powerful tool:
http://www.eset.com/online-scanner
If it is an infection, this could work, and save a possible re-load.
From your minidump analysis:
>> Probably caused by : SYMEVENT.SYS <<
As already suggested the software SYMEVENT is by Symantec Corporation
symevent.sys file information:
http://www.file.net/process/symevent.sys.html
Did you run Malwarebytes in normal mode?
If no, try downloading & updating Malwarebytes anti-Malware, from here:
http://www.malwarebytes.org/mbam.php
Then run in normal mode.
Whatever the outcome, please try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
Also, the recently successful Dr.Web CureIt!:
http://www.freedrweb.com/cureit/?lng=en
Finally the ESET Online Scanner, a free, & powerful tool:
http://www.eset.com/online-scanner
If it is an infection, this could work, and save a possible re-load.
ASKER
I cannot run Malwarebytes in normal mode, but I have ran it in safe mode. It has removed several infections already. I have tried Hitman Pro also, which found 1 infection, to no joy. I am downloading Dr. Web Cureit now.
SYMEVENT.sys no longer exists, most likely due to using the Norton Removal Tool
I will run ESET and Dr. Web once they have downloaded and post back the results.
SYMEVENT.sys no longer exists, most likely due to using the Norton Removal Tool
I will run ESET and Dr. Web once they have downloaded and post back the results.
>>I cannot run Malwarebytes in normal mode<<
Not sure if you tried renaming Malwarebytes before downloading it to your desktop.
Many Malware infections will prevent good scanners from running properly, & this one was designed for normal mode.
You could try using the IE “Save As” function to rename MBAM.
This recent article by Expert younghv may help:
https://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html
Rkill is good, and is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools:
http://www.technibble.com/rkill-repair-tool-of-the-week/
RKill - What it does and What it Doesn't - A brief introduction to the program:
http://www.bleepingcomputer.com/forums/topic308364.html
Unsuccessful removal of drivers(malware or not) can also caused BSOD.
Which scanner caused it.
You could try restoring it from the quarantine.... If it ws comboFix it creates erunt backup... Delete files can also be restored from quarantine.
Which scanner caused it.
You could try restoring it from the quarantine.... If it ws comboFix it creates erunt backup... Delete files can also be restored from quarantine.
ASKER
Dr. Web Cure It found 1 infection (C:\windows\system32\deskt op _.ini
ESET found 3 Infections JS/Kryptik.Q trojan
Still BSOD's.
I will try rkill and run combofix again.
ESET found 3 Infections JS/Kryptik.Q trojan
Still BSOD's.
I will try rkill and run combofix again.
ASKER
No luck, I will try to use the ERUNT, however I'm not sure if any program caused the BSOD in normal mode. When it was brought in for infection removal, we went into safe mode first to get around the infection.
ASKER
Addition, I don't know how to use ERUNT with Windows Vista...
ERUNT works ok with Vista if run under elevated privileges.
This link should help>
http://www.winhelponline.com/blog/backup-windows-vista-registry-daily-using-erunt/
also ...
Take a complete registry backup using ERUNT:
http://www.winxptutor.com/regback.htm
Incidently do you have the logfile from the last ComboFix scan please, it may show something of interest?
This link should help>
http://www.winhelponline.com/blog/backup-windows-vista-registry-daily-using-erunt/
also ...
Take a complete registry backup using ERUNT:
http://www.winxptutor.com/regback.htm
Incidently do you have the logfile from the last ComboFix scan please, it may show something of interest?
ASKER
I do not have the last Combofix logfile, because when it reboots, everything goes back to what it was. So, combofix acts like it never ran.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ran TDSSKiller again (already ran it), after updating from the website. No luck. Also, when I run Combofix, it's actually named ComboFixMe.exe (just because I have ran into ones that stop you before!). Not bad ideas though, just things I've already tried :(
ASKER
Also, as far as I know, there is no active scanner installed or running.
Yesterday you said >>Normal mode crashes after about 30 seconds<<
Which presumably is why ComboFix in normal mode, is not running for up to approximately(say) 20 minutes.
In this case you could try running CF in Safe mode to see if there is a meaningfull CF log file generated. i know ...bet you've already tried that! :)
Which presumably is why ComboFix in normal mode, is not running for up to approximately(say) 20 minutes.
In this case you could try running CF in Safe mode to see if there is a meaningfull CF log file generated. i know ...bet you've already tried that! :)
ASKER
Yep, I did! :) Safe mode is the only way I can run Safe Mode. No log, sorry...
Have you uninstalled combofix from the computer? A few newer variants of malware in my lab have been using a new protection built-in to cause a BSOD by setting a false PEB offset to one of the vulnerable drivers when you use combofix specifically. Lets make sure this is not your case.
I meant IF it was ComboFix's removal of a .sys file that caused BSOD, then we can reverse it using the Erunt backup created. It's easy to do just doubleclick it.
No combofix log in this location? --> C:\Combofix.txt
No combofix log in this location? --> C:\Combofix.txt
ASKER
Combofix is uninstalled now, there is no folders left for combofix. No, there is no Combofix.txt in the C:\ directory. I will try to restart the computer now and see what happens.
ASKER
Still BSOD's... :(
ASKER
Okay, I tried to put all the infections from Malwarebytes back (88 of them). Also, the original reason it was brought in was System Tool (found the original sign in sheet). That did not fix the issue. I ran Combofix again, which removed infections and I made sure it booted back into safe mode, however I STILL did not get a logfile. I found something that is somewhat interesting...
There seems to be multiple network adapters, which I don't understand. I know there is a wireless and a wired, but then there is 6 other local area connections. I've already downloaded the appropriate drivers from Acer's website, uninstalled the current drivers and software, and reinstalled. I also in command prompt typed "set devmgr_show_nonpresent_dev ices=1" to show ALL installed instances of the network adapters and deleted what I found.
I will attach the ipconfig results. And of course, after trying each thing, I rebooted to see if it BSOD's. :(
ipconfig.txt
There seems to be multiple network adapters, which I don't understand. I know there is a wireless and a wired, but then there is 6 other local area connections. I've already downloaded the appropriate drivers from Acer's website, uninstalled the current drivers and software, and reinstalled. I also in command prompt typed "set devmgr_show_nonpresent_dev
I will attach the ipconfig results. And of course, after trying each thing, I rebooted to see if it BSOD's. :(
ipconfig.txt
ASKER
I know I shouldn't bump, but it has been 3 days... does anyone have any other ideas???
When you checked for a the system dump where did you check for it? Curious.
ASKER
C:\windows\minidump
The minidump(s) may also be located in:
%systemroot%\minidump\
You may have to enable “Show all files and folders" in
Control Panel > Folder Options > View.
Also make sure that your computer is set to write minidumps.
Right-click My computer>Properties>Advanc ed>Startup and recovery, click settings and choose small memory dumps.
This may help ...
http://www.cakewalk.com/Support/ProblemReporter/minidump.asp
Also try My Computer>Properties>Advanc ed>Startup & Recovery.
Are the boxes under 'Settings' checked, & 'small memory dump' selected?
Occasionally if there's no minidump, you could be getting a total crash before Windows has had a chance to produce a crash dump.
Suggest you then scan the hard disk for errors, running the command chkdsk /r
You could also try the appropriate HD diagnostic from here>
"Hard Drive Diagnostics Tools and Utilities":
http://tacktech.com/display.cfm?ttid=287
Incidently, absence of minidump can also be due to deteriorating motherboard capacitors, or a flakey power supply.
%systemroot%\minidump\
You may have to enable “Show all files and folders" in
Control Panel > Folder Options > View.
Also make sure that your computer is set to write minidumps.
Right-click My computer>Properties>Advanc
This may help ...
http://www.cakewalk.com/Support/ProblemReporter/minidump.asp
Also try My Computer>Properties>Advanc
Are the boxes under 'Settings' checked, & 'small memory dump' selected?
Occasionally if there's no minidump, you could be getting a total crash before Windows has had a chance to produce a crash dump.
Suggest you then scan the hard disk for errors, running the command chkdsk /r
You could also try the appropriate HD diagnostic from here>
"Hard Drive Diagnostics Tools and Utilities":
http://tacktech.com/display.cfm?ttid=287
Incidently, absence of minidump can also be due to deteriorating motherboard capacitors, or a flakey power supply.
ASKER
Well, this is a laptop, and I tell the computer to write a full memory dump, but the option changes when I reboot from Safe Mode, like it never saved what I did...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Error code 0x80071A91 when trying to install Service Pack 1
Try entering this in a elevated command prompt and trying the update again.
fsutil resource setautoreset true c:\
fsutil resource setautoreset true c:\
ASKER
I actually already tried it :) But it didn't work
ASKER
I'm going to upload the gmer scan I did. It will BSOD if I included the second option (I think services), but on no others. It LOOKS like it bsod's when scanning crsss.exe? and crypt32.dll.
gmer-registry.log
gmer-registry.log
ASKER
I've been looking at files created within the last 3 weeks, seeing if there was anything sticking out. I saw several odd files, and deleted them. Though some seem to keep recreating. I zipped the files up and are uploading for you guys to look at.
Infections.zip.zip
Infections.zip.zip
From your gmer log you have active kernel system hooking. The other files you send where santizex(0 bit) files. Most likely cleaned from infection.
ASKER
Okay, how to I fix the active kernel system hooking issue?
ASKER
I downloaded Unhackme and am uploading a scanlog. It did find some files that are of concern, but 'removing' them with the program and rebooting seems to have no effect.
regrunlog.txt
regrunlog.txt
Ok, try entering entering windows key + r and then type msconfig in the run box, hit enter. When the msconfig tool appears you should be on the General tab by default. You have 3 options on that tab. Select "Selective startup" then uncheck "Load startup startup items", click apply, and reboot, enter windows normally and check to see it will allow you to entry windows normally without a BSOD.
If not go into safe boot and repeat these steps again except make sure "Load system services" and "Load startup items" are uncheck hit apply and reboot in normal mode.
If not go into safe boot and repeat these steps again except make sure "Load system services" and "Load startup items" are uncheck hit apply and reboot in normal mode.
ASKER
I did try that, unfortunately every time I reboot, any changes I made seem to be gone. I even selected Diagnostic startup, and when it rebooted, it was back to selective startup with both options checkmarked.
Ok, the important part is it worked. Now we need to find one by one which driver is causing the trouble since it has been narrowed down.
ASKER
Okay, how do we go about that? I guess I'm confused how it worked. It still BSOD's in normal mode.
That's not good at all. If you have the vista install DVD you can do a system restore off of that. If not check for a system restore partition on your drive by hitting F8 after your bios on startup just before the windows XP login screen. If none of these options work te only thing left to do is backup any important files and format am reinstall vista or buy a vista install dvd. Took me a while to find a picture step through for you to guide from but here it is
http://www.bleepingcomputer.com/tutorials/tutorial142.html
http://www.bleepingcomputer.com/tutorials/tutorial142.html
ASKER
Unfortunately, there is no system restore points made for me to recover from. I really don't want to format and install vista if at all possible. I know that is always an option, but I would like to fix this computer without doing that. I did just try an upgrade repair install, but it does not work in safe mode. I don't know why Microsoft made it so difficult vs. how it was for Windows XP. Sigh... Any other ideas?
Assuming for the moment that the BSOD is due to a corrupted driver, see if this Driver Verify helps.
Instructions for Drive Verifier.
http://www.techsupportforum.com/2110308-post4.html
Ignore the no1 instruction to "create a SR restore point" because your System_Restore is non functional ... unless of course the 'restore point' selection still works ... could you confirm please?
Instructions for Drive Verifier.
http://www.techsupportforum.com/2110308-post4.html
Ignore the no1 instruction to "create a SR restore point" because your System_Restore is non functional ... unless of course the 'restore point' selection still works ... could you confirm please?
@ jcgriff2 ... Hi, i thought the name 'rang a bell', with that last link it seems i'm referring to some of your previous work!
ASKER
Nope, cannot create a restore point, however I did find some interesting things I believe... and the Driver verifier did not run and create a minidump, but I'm going to attach a screenshot with a list of drivers... very odd.
dump_atapi.sys
dump_dumpata.sys
bcmwl6.sys
dkbfltr.sys
psdfilter.sys
psdnserv.sys
psdvdisk.sys
yk60x86.sys
ntidrvr.sys
o2media.sys
o2sd.sys
syntp.sys
Tell me what you think! :P I don't think the dump ones belong there, do they?
verifier.jpg
verifier2.jpg
dump_atapi.sys
dump_dumpata.sys
bcmwl6.sys
dkbfltr.sys
psdfilter.sys
psdnserv.sys
psdvdisk.sys
yk60x86.sys
ntidrvr.sys
o2media.sys
o2sd.sys
syntp.sys
Tell me what you think! :P I don't think the dump ones belong there, do they?
verifier.jpg
verifier2.jpg
Thanks ... although i've seen dump_atapi.sys and dump_dumpata.sys listed before, as shown in this next link, but i'm not sure why this is so.
http://www.pchelpforum.com/win-7-vista-bsod/104517-warcraft-blue-screen-death.html
http://www.pchelpforum.com/win-7-vista-bsod/104517-warcraft-blue-screen-death.html
It could be telling us there's a Malware infection still present.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Could you walk me through how to create the Recovery Console disk and what files to copy over?
ASKER
Sorry, I don't know how to put code in for dump files, but here's some I created with Process Explorer
ProcessExplorerDumps.zip
ProcessExplorerDumps.zip
First off I would like to make sure you ask the customer if they have got a recovery disc with there acer computer as there is a chance they did if not there should be a recovery partition somewhere along the bootup. Hitting F8 after the bios screens. Some computers are different and have it with the f11 for some reason I would just atleast try that option before you do the below steps. Additionally I tryed to find a pictorial guide to give you buy it seems the link was broken so I did not include the link in the first step.
To burn the recovery console DVD all you need to do is.
1.) Go to here or use the bittorrent links here the first link provides a highspeed download of iso image file, but it cost near $10. Bittorrent links do not.
Courtesy of C4 consulting,
1. Copy the recdisc.exe file out of sp1 vista beta or alternatively I can e-mail this file to you ( this post complete with a pictorial guide and the file is available here)
2. Open up the system32 folder (C:\Windows\System32)
3. Select recdisc.exe and open up its properties (right clicking on the file will bring up the property selection)
4. Select the “security” tab
5. Click on “Advanced”
Select the “owners” tab and click “edit”
6. Select “Administrators” to change the owners ( alternatively you can select your user account)
7. Click OK, then Ok on the next screen
8. You should be looking at the “file security settings” window
Select “administrators” (or your user account)
9. Tick the “allow boxes” and “full control”, then OK and Ok
10. It’s a good idea to make a copy of this file, in case you need to add it back latter
11. Copy and replace the recdisc.exe file with the one you downloaded
12. Create a shortcut and place it on your desktop to enable easy access
13. That’s it
Running the Program:
1. Double Click the shortcut you created earlier (alternatively type in c:\windows\system32\recdis c.exe)
2. Follow the prompts, It will ask you to insert your vista install disc,
3. Then will ask you to insert a blank cd
4. That’s it
How to use it
1. Boot up the computer and hit the del or F2 key (depending on the computer) to enter BIOs
2. Navigate to the boot settings menu
3. Ensure the CDRom is the first boot preference
4. When prompted, press any key to boot off the cd
5. Wait for the cd to load
6. It will then load the install screen ( remember this cd will not install or re-install windows)
7. Select repair
8. Run the repair/recovery tool you need
If you really want to read the original article's here is the links as well. I would really suggest that you make a recovery DVD from a separate vista machine that has the SP1 installed with the recdisc.exe already on it and the same architecture.
Reference:
Technet recdisc.exe tool
Vista startup problems
To burn the recovery console DVD all you need to do is.
1.) Go to here or use the bittorrent links here the first link provides a highspeed download of iso image file, but it cost near $10. Bittorrent links do not.
Courtesy of C4 consulting,
1. Copy the recdisc.exe file out of sp1 vista beta or alternatively I can e-mail this file to you ( this post complete with a pictorial guide and the file is available here)
2. Open up the system32 folder (C:\Windows\System32)
3. Select recdisc.exe and open up its properties (right clicking on the file will bring up the property selection)
4. Select the “security” tab
5. Click on “Advanced”
Select the “owners” tab and click “edit”
6. Select “Administrators” to change the owners ( alternatively you can select your user account)
7. Click OK, then Ok on the next screen
8. You should be looking at the “file security settings” window
Select “administrators” (or your user account)
9. Tick the “allow boxes” and “full control”, then OK and Ok
10. It’s a good idea to make a copy of this file, in case you need to add it back latter
11. Copy and replace the recdisc.exe file with the one you downloaded
12. Create a shortcut and place it on your desktop to enable easy access
13. That’s it
Running the Program:
1. Double Click the shortcut you created earlier (alternatively type in c:\windows\system32\recdis
2. Follow the prompts, It will ask you to insert your vista install disc,
3. Then will ask you to insert a blank cd
4. That’s it
How to use it
1. Boot up the computer and hit the del or F2 key (depending on the computer) to enter BIOs
2. Navigate to the boot settings menu
3. Ensure the CDRom is the first boot preference
4. When prompted, press any key to boot off the cd
5. Wait for the cd to load
6. It will then load the install screen ( remember this cd will not install or re-install windows)
7. Select repair
8. Run the repair/recovery tool you need
If you really want to read the original article's here is the links as well. I would really suggest that you make a recovery DVD from a separate vista machine that has the SP1 installed with the recdisc.exe already on it and the same architecture.
Reference:
Technet recdisc.exe tool
Vista startup problems
ASKER
I guess I don't understand what to do, could you make it more clear please? I got recdisc.exe file off of another Vista computer and copied it to this computer (this one didn't have it). I changed the permissions and tried to run it, but nothing happened. I downloaded the Vista Recovery Disc, and ran it, but it seems to have done nothing different than running the actual Vista disc and do repair.
If you ran the Recovery disk as a bootup you should have a option to do a system restore using the last system backup this should as it is ebony run as a PE disk and not directly from the operating system. It has everything that you need to repair the system. I'd you can't do a restore from there they may have no better of an option then to do a full restore. I would try entering the vista recovery DVD again and boot off of that and then attempt to run the system restore. If you succeed the then you will be happily at a state before the BSOD's. Hope it works for you. It works for me and I have tried these for a lot of different systems.
ASKER
Sorry, there is no system restore points. I know that reload is an option, I'm just trying to prevent reloading. The customer doesn't want to reload if it's not neccessary, and honestly it's gotten to the point that I WANT to beat this da*n thing! You know?
ASKER
Okay, I hate to do it, but I reloaded the system. Everything appears to be working, so there was definitely something software-wise causing an issue. Sigh... Oh well. Thank you everybody for your assistance.
Well without a good dump file it is hard to tell. The last dump showed a infection with W32.Koobface nasty worm...You will need to talk to them about internet safety and best practices for safe Internet surfing. Thus worm drops a lot of files after infection. There might be some files still in the system. Technical details are here if you want to read them. Since you removed the antivirus protection from the system have you tried using a Bootable antivirus rescue DVD? Examples of these are listed Here There has to be another kernel driver that is running that the worm dropped and is not compatible with vista's kernel pooling. I should of asked this earlier. Did you check the system's eventlog's for access calls and driver failures? I am trying to look for ad many ways to get you a good answer for this and safely on your way again I hate these worms.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well there are a few last resorts. Looking at the add-in hardware(memory, ram, etc) and check to make sure all the slots are fitted properly since the computer has been moved it's possible that some of the hardware possibly got loosened from the car ride over or just moving it in the shop. Mind taking photo of the bluescreenand posting it here to confirm as well?
Arg didn't reload lol. Oh well!
ASKER
THank you for your help, I don't know who to award points too... little help???
Split points among those who gave it a good effort.
Agreed, there was a lot of good help here.
I'd suggest a split there was a lot of good suggestions here.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thank everyone who tried to help...one day we will run across this again, and we WILL find the answer! I guess this is another day where we have to give the gold medal to those infection writing inconsiderates. Anytime I need more help, I know I'll be looking towards you guys.
We can't win them all, but you know where we all are if or when you need us again ...and thanks for the recognision.
i also recommend avast antivirus because it can scan your machine before windows starts.