Stop 0x0000008e after infection removal

I had a computer with an infection recently, so I have ran several scans on the computer. I have used

Malwarebytes Anti-Malware
SUPERAntiSpyware
Combofix (I found out after reading this site, I shouldn't have ran it already)

Now, I get a BSOD 0x0000008e in normal mode after about a minute or so. Safe mode is fine.

I have the DDS log, however Gmer BSOD's when attempting to scan. Both logs are in 100.zip.

I hope there is something we can do, as I do not want to reload it. Thank you in advance.

If you need anything else, let me know.

Just to update, the computer has been running in safe mode for 2 days now, so whatever is causing the issue only happens in normal mode. My thought would be an infection attached to a driver, but I don't know how to track it down...
100.zip
LVL 8
Scott ThompsonComputer Technician / OwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wuyinzhiCommented:
so i assume the virus still active in your machine. you should remove the process from memory first. you can use tool like Process Explorer, find the malicious process and kill the process, then delete the file. (you should be careful with this step).

i also recommend avast antivirus because it can scan your machine before windows starts.
0
willcompCommented:
Stop 08E is nearly always caused by a driver. One of your drivers may have been affected by the cleaning process.

Since you have a BSOD, minidumps should have been created (provided settings are default). Look in the C:\windows\minidump folder and attach the 2 most recent minidump (*.dmp) files to a comment -- date is included in file name. Analysis of the dump file should allow us to pinpoint the faulting driver.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I will attach the memory dumps, however it does not create one from the issue I'm having.  I have installed Bluescreenview on the computer, and the last BSOD minidump is from 3/20/2011.

I haven't seen anything running in the background, but I will download Process Explorer and see if I can find anything sticking out.
Mini032011-09.dmp
Mini032011-08.dmp
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

willcompCommented:
You're correct -- those old dumps are not relevant.

Ensure that minidump file creation is enabled:

Click Start, point to Settings, and then click Control Panel.
Double-click System.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I made sure Small Memory dump was selected and booted the computer into normal mode.  It did BSOD and restart several times.  However, it still did not create another dump file.  I checked the setting again in Safe Mode, and it has changed back to Kernel Memory Dump.
0
willcompCommented:
Are there any recent full kernel dumps? Are there any restore points?

I had a Vista PC in the shop several months ago with similar symptoms. It bluescreened immediately in normal mode but ran in safe mode. Could not get minidump settings to hold and although it supposedly created kernel dumps, there were none. Also no restore points. I tried booting into VGA mode without success, so it probably wasn't the video driver. Wound up backing up files and restoring factory image if I remember correctly. It was that way when I received it and don't know if any malware was removed.

You can try booting into VGA Only mode as well to see if that helps.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
There is no restore points (I have checked already), and I don't see any full kernel dumps.  I will try to boot into VGA mode (though I think that didn't work either).  I'll keep on the look out for repsonses! :)
0
willcompCommented:
Looks like the same situation I encountered. I'm fairly knowledgeable and don't give up easily, but that one got the better of me. Not much one can do with drivers in safe mode, especially when the culprit is unknown.

I have a copy of MS DaRT 6.0 (ERD Commander for Vista) and it didn't provide any help either.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Another thing to mention is EVERY TIME I load windows, System Properties opens.  Also, I think the MSCONFIG keeps resetting itself.  VGA Mode did not solve the problem.  It still BSODed.
0
John GriffithConsultantCommented:
The 2 dumps show NIS/ N360 installed. Did you run the Norton Removal Tool?

NIS/ N360 Removal - sysnative.com - MVP

Found this driver in dumps - klifoko.sys  Mon Apr 26 23:04:54 2004 (408DCDD6)

It is Troj/Mdrop-CMW Trojan [Sophos] - http://www.sophos.com/security/analyses/viruses-and-spyware/trojmdropcmw.html

Did you get it removed?

The dumps as well as DDS show Vista SP0.  Vista SP1 & SP2 are not installed.  

http://sysnative.com/0x1/Vista_SP_Prepwork.html

Device drivers need updates -
atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
SynTP.sys    Fri Sep 07 14:16:58 2007 (46E1959A)
yk60x86.sys  Fri Mar 23 06:11:54 2007 (4603A7EA)


http://sysnative.com/0x1/DriverReference.html#atikmdag.sys
http://sysnative.com/0x1/DriverReference.html#SynTP.sys
http://sysnative.com/0x1/DriverReference.html#yk60x86.sys

Uninstall Zynga, Yahoo, Google toolbars/ apps - http://www.revouninstaller.com/revo_uninstaller_free_download.html

Regards. . .

jcgriff2 MVP
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
John GriffithConsultantCommented:
Dump logs in code box.
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MGN7I3YC\Mini032011-09[1].dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.17021.x86fre.vista_gdr.100218-0019
Machine Name:
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sun Mar 20 22:30:57.055 2011 (GMT-4)
System Uptime: 0 days 6:01:10.867
Loading Kernel Symbols
...............................................................
................................................................
......................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {c0000005, 81c6016e, 879ab794, 879ab490}

Probably caused by : ntkrpamp.exe ( nt!RtlImageNtHeaderEx+45 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81c6016e, The address that the exception occurred at
Arg3: 879ab794, Exception Record Address
Arg4: 879ab490, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!RtlImageNtHeaderEx+45
81c6016e 66813a4d5a      cmp     word ptr [edx],5A4Dh

EXCEPTION_RECORD:  879ab794 -- (.exr 0xffffffff879ab794)
ExceptionAddress: 81c6016e (nt!RtlImageNtHeaderEx+0x00000045)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 7ffa0000
Attempt to read from address 7ffa0000

CONTEXT:  879ab490 -- (.cxr 0xffffffff879ab490)
eax=00000000 ebx=8543b188 ecx=00000000 edx=7ffa0000 esi=00000000 edi=879ab870
eip=81c6016e esp=879ab85c ebp=879ab85c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlImageNtHeaderEx+0x45:
81c6016e 66813a4d5a      cmp     word ptr [edx],5A4Dh     ds:0023:7ffa0000=????
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WLIDSVC.EXE

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  7ffa0000

READ_ADDRESS: GetPointerFromAddress: unable to read from 81d315ac
Unable to read MiSystemVaType memory at 81d117e0
 7ffa0000 

FOLLOWUP_IP: 
nt!RtlImageNtHeaderEx+45
81c6016e 66813a4d5a      cmp     word ptr [edx],5A4Dh

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from 81c601f9 to 81c6016e

STACK_TEXT:  
879ab85c 81c601f9 00000000 00000000 8543e0d0 nt!RtlImageNtHeaderEx+0x45
879ab8f4 81e4ff6c 800015e4 879ab9e8 00000000 nt!RtlImageNtHeader+0x1a
879abb24 81ceb263 97239000 83871034 00000000 nt!SePrivilegeCheck+0x33
879abd44 81c78fc0 800015e4 00000000 838c2ad0 nt!MiFreePoolPages+0x82a
879abd7c 81e25704 9c6bfad8 879a0680 00000000 nt!ExpWorkerThread+0xfd
879abdc0 81c9162e 81c78ec3 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!RtlImageNtHeaderEx+45

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b7d25c9

STACK_COMMAND:  .cxr 0xffffffff879ab490 ; kb

FAILURE_BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+45

BUCKET_ID:  0x7E_nt!RtlImageNtHeaderEx+45

Followup: MachineOwner
---------

1: kd> k
ChildEBP RetAddr  
879ab85c 81c601f9 nt!RtlImageNtHeaderEx+0x45
879ab8f4 81e4ff6c nt!RtlImageNtHeader+0x1a
879abb24 81ceb263 nt!SePrivilegeCheck+0x33
879abd44 81c78fc0 nt!MiFreePoolPages+0x82a
879abd7c 81e25704 nt!ExpWorkerThread+0xfd
879abdc0 81c9162e nt!PspSystemThreadStartup+0x9d
00000000 00000000 nt!KiThreadStartup+0x16
1: kd> lmnt
start    end        module name
80201000 80203900   compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
80204000 8027f000   Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
8027f000 802ba000   CLFS     CLFS.SYS     Wed Dec 05 20:55:42 2007 (4757569E)
802ba000 802c2000   BOOTVID  BOOTVID.dll  Thu Nov 02 05:39:29 2006 (4549BCD1)
802c2000 802cb000   PSHED    PSHED.dll    Thu Nov 02 05:42:51 2006 (4549BD9B)
80401000 8040ab00   o2media  o2media.sys  Mon Apr 02 22:04:27 2007 (4611B62B)
8040b000 80429000   ataport  ataport.SYS  Fri Jan 18 22:01:56 2008 (47916824)
80429000 80431000   atapi    atapi.sys    Fri Jan 18 22:01:56 2008 (47916824)
80431000 8043f000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 22:01:56 2008 (47916824)
8043f000 80446000   pciide   pciide.sys   Fri Jan 18 22:01:57 2008 (47916825)
80446000 80470000   pcmcia   pcmcia.sys   Thu Nov 02 04:35:13 2006 (4549ADC1)
80470000 80480000   mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
80480000 8048a000   BATTC    BATTC.SYS    Thu Aug 30 20:57:44 2007 (46D76788)
8048a000 80499000   volmgr   volmgr.sys   Tue Dec 12 22:29:12 2006 (457F7388)
80499000 804be000   pci      pci.sys      Tue Dec 12 21:42:27 2006 (457F6893)
804be000 804c6000   msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
804c6000 804cf000   WMILIB   WMILIB.SYS   Thu Nov 02 04:54:53 2006 (4549B25D)
804cf000 80512000   acpi     acpi.sys     Thu Aug 30 20:57:46 2007 (46D7678A)
80512000 8051f000   WDFLDR   WDFLDR.SYS   Wed Dec 05 21:21:19 2007 (47575C9F)
8051f000 80600000   CI       CI.dll       Mon Feb 18 23:59:14 2008 (47BA6222)
80606000 8060e000   spldr    spldr.sys    Wed Oct 25 18:40:44 2006 (453FE7EC)
8060e000 80639000   msrpc    msrpc.sys    Thu Nov 02 04:50:16 2006 (4549B148)
80639000 8073d000   ndis     ndis.sys     Thu Nov 02 04:57:33 2006 (4549B2FD)
8073d000 80746000   psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
80746000 80756000   fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000   fltmgr   fltmgr.sys   Thu Nov 02 04:30:58 2006 (4549ACC2)
80787000 8078fb80   o2sd     o2sd.sys     Mon Apr 02 04:11:06 2007 (4610BA9A)
80790000 807b6000   SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
807b6000 80800000   volmgrx  volmgrx.sys  Thu Nov 02 04:51:54 2006 (4549B1AA)
81c00000 81fa1000   nt       ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
81fa1000 81fd5000   hal      halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
82004000 8200d000   PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000   psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
8201f000 82055000   volsnap  volsnap.sys  Thu Oct 25 22:04:17 2007 (47214B21)
82055000 820bf000   ksecdd   ksecdd.sys   Mon Jun 15 09:10:14 2009 (4A364836)
820bf000 821c7000   Ntfs     Ntfs.sys     Sun Dec 16 04:31:37 2007 (4764F079)
821c7000 82200000   NETIO    NETIO.SYS    Fri Aug 14 10:24:15 2009 (4A85738F)
82382000 8238b000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8238b000 823ac000   CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
823ac000 823bd000   disk     disk.sys     Thu Nov 02 04:51:40 2006 (4549B19C)
823bd000 823e2000   ecache   ecache.sys   Thu Nov 02 04:52:42 2006 (4549B1DA)
823e2000 823f1000   mup      mup.sys      Thu Nov 02 04:31:04 2006 (4549ACC8)
823f1000 82400000   partmgr  partmgr.sys  Thu Nov 02 04:51:47 2006 (4549B1A3)
8555b000 85563000   kdcom    kdcom.dll    Thu Nov 02 05:42:20 2006 (4549BD7C)
87855000 8785a080   SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
878e8000 878ef800   nscirda  nscirda.sys  Thu Nov 02 04:57:06 2006 (4549B2E2)
87910000 87918000   rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
87928000 87930000   dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
87930000 87938000   RootMdm  RootMdm.sys  Thu Nov 02 04:58:51 2006 (4549B34B)
87968000 87970000   RDPCDD   RDPCDD.sys   Thu Nov 02 05:02:01 2006 (4549B409)
879d4000 879e3000   amdk8    amdk8.sys    Thu Nov 02 04:30:18 2006 (4549AC9A)
87c4f000 87c5c000   crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
87ca0000 87ca1800   NTIDrvr  NTIDrvr.sys  Tue Dec 21 15:33:14 2004 (41C8888A)
87cac000 87cad380   swenum   swenum.sys   Tue Dec 12 22:28:16 2006 (457F7350)
87cb4000 87cb5780   SYMDNS   SYMDNS.SYS   Mon Oct 23 20:26:34 2006 (453D5DBA)
87cbc000 87cbd700   USBD     USBD.SYS     Thu Aug 30 21:23:36 2007 (46D76D98)
87d00000 87d0f200   ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
87d30000 87d40000   NDProxy  NDProxy.SYS  Tue Jul 03 21:28:13 2007 (468AF7AD)
87d70000 87d80000   lltdio   lltdio.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
8a606000 8a611000   kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8a611000 8a629000   cdrom    cdrom.sys    Thu Nov 02 04:51:44 2006 (4549B1A0)
8a629000 8a637000   usbehci  usbehci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a637000 8a644000   watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
8a644000 8a64f000   tunnel   tunnel.sys   Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8a64f000 8a65b000   vga      vga.sys      Thu Nov 02 04:53:56 2006 (4549B224)
8a670000 8a679000   rasacd   rasacd.sys   Thu Nov 02 04:58:13 2006 (4549B325)
8a68b000 8a693180   SYMIDS   SYMIDS.SYS   Mon Oct 23 20:29:36 2006 (453D5E70)
8a694000 8a69d000   tunmp    tunmp.sys    Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a69d000 8a6a6000   wmiacpi  wmiacpi.sys  Thu Aug 30 20:57:47 2007 (46D7678B)
8a6c1000 8a6ca000   irenum   irenum.sys   Thu Nov 02 04:57:04 2006 (4549B2E0)
8a6f7000 8a700000   Fs_Rec   Fs_Rec.SYS   Mon Apr 16 21:26:39 2007 (4624224F)
8a72c000 8a72f780   CmBatt   CmBatt.sys   Thu Aug 30 20:57:48 2007 (46D7678C)
8a797000 8a79dd00   sncduvc  sncduvc.SYS  Wed Dec 27 22:21:50 2006 (4593384E)
8a79e000 8a7a5000   hny      hny.sys      Mon Dec 20 08:18:05 2010 (4D0F578D)
8a7c8000 8a7cf000   Null     Null.SYS     Thu Nov 02 04:51:05 2006 (4549B179)
8a7cf000 8a7d6000   Beep     Beep.SYS     Thu Nov 02 04:51:03 2006 (4549B177)
8a7d6000 8a7dc380   HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
8a7f2000 8a7f8a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
8a80a000 8a817080   1394BUS  1394BUS.SYS  Wed Feb 07 21:04:45 2007 (45CA853D)
8a818000 8a823000   mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
8a823000 8a836000   i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8a836000 8a848000   HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8a848000 8a885000   USBPORT  USBPORT.SYS  Thu Aug 30 21:23:43 2007 (46D76D9F)
8a885000 8a8c3000   yk60x86  yk60x86.sys  Fri Mar 23 06:11:54 2007 (4603A7EA)
8a8c3000 8a960000   dxgkrnl  dxgkrnl.sys  Mon Jul 02 21:01:10 2007 (46899FD6)
8a96a000 8a974000   usbohci  usbohci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a974000 8a97e000   DKbFltr  DKbFltr.sys  Thu Oct 19 04:24:28 2006 (4537363C)
8a97e000 8a988000   mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
8a988000 8a992000   ndisuio  ndisuio.sys  Thu Nov 02 04:57:22 2006 (4549B2F2)
8a9b0000 8a9ba000   nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
8a9c4000 8a9ce000   Dxapi    Dxapi.sys    Thu Nov 02 04:38:17 2006 (4549AE79)
8a9d8000 8a9e2000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
8b209000 8b246000   HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
8b246000 8b26b000   drmk     drmk.sys     Thu Nov 02 05:20:49 2006 (4549B871)
8b26b000 8b298000   portcls  portcls.sys  Thu Nov 02 04:55:02 2006 (4549B266)
8b298000 8b2a4e80   STREAM   STREAM.SYS   Thu Nov 02 04:55:00 2006 (4549B264)
8b2b5000 8b2e9000   usbhub   usbhub.sys   Thu Aug 30 21:24:00 2007 (46D76DB0)
8b2e9000 8b313000   ks       ks.sys       Fri Mar 07 21:14:06 2008 (47D1F66E)
8b313000 8b322000   termdd   termdd.sys   Tue Dec 12 22:53:43 2006 (457F7947)
8b322000 8b32f000   umbus    umbus.sys    Thu Nov 02 04:55:24 2006 (4549B27C)
8b32f000 8b33a000   Msfs     Msfs.SYS     Thu Nov 02 04:30:56 2006 (4549ACC0)
8b33a000 8b34d000   raspptp  raspptp.sys  Mon Jan 08 21:17:01 2007 (45A2FB1D)
8b34d000 8b35c000   raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8b35c000 8b37f000   ndiswan  ndiswan.sys  Thu Nov 02 04:58:13 2006 (4549B325)
8b37f000 8b38a000   ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8b38a000 8b3a1000   rasl2tp  rasl2tp.sys  Mon Jan 08 21:17:02 2007 (45A2FB1E)
8b3a1000 8b3ae000   modem    modem.sys    Thu Nov 02 04:58:52 2006 (4549B34C)
8b3ae000 8b3b9000   TDI      TDI.SYS      Thu Nov 02 04:58:46 2006 (4549B346)
8b3b9000 8b3f9000   storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b3f9000 8b424000   msiscsi  msiscsi.sys  Thu Nov 02 04:52:40 2006 (4549B1D8)
8b424000 8b451700   SynTP    SynTP.sys    Fri Sep 07 14:16:58 2007 (46E1959A)
8b452000 8b4d8000   bcmwl6   bcmwl6.sys   Tue Dec 19 14:55:55 2006 (458843CB)
8b4d8000 8bc00000   atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
8bc04000 8bc25000   VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8bc25000 8bdffe40   RTKVHDA  RTKVHDA.sys  Wed Aug 22 06:44:12 2007 (46CC137C)
8be49000 8befd000   HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8befd000 8c000000   HSX_DPV  HSX_DPV.sys  Wed Nov 08 18:55:07 2006 (45526E5B)
8c00b000 8c01f000   smb      smb.sys      Thu Nov 02 04:57:10 2006 (4549B2E6)
8c01f000 8c034000   tdx      tdx.sys      Thu Nov 02 04:57:34 2006 (4549B2FE)
8c034000 8c04d000   fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
8c04d000 8c122000   tcpip    tcpip.sys    Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c122000 8c130000   Npfs     Npfs.SYS     Thu Nov 02 04:30:57 2006 (4549ACC1)
8c13b000 8c146000   SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
8c146000 8c151000   dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8c172000 8c17d000   tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8c21f000 8c25a000   rdbss    rdbss.sys    Thu Nov 02 04:31:24 2006 (4549ACDC)
8c25a000 8c2c0000   SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
8c2c0000 8c2d1000   SRTSPX   SRTSPX.SYS   Fri Nov 03 21:12:10 2006 (454BE8EA)
8c2d1000 8c2f2f00   SYMFW    SYMFW.SYS    Mon Oct 23 20:28:55 2006 (453D5E47)
8c2f3000 8c315000   SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c315000 8c340f00   SYMTDI   SYMTDI.SYS   Mon Oct 23 20:26:29 2006 (453D5DB5)
8c341000 8c354000   wanarp   wanarp.sys   Tue Jul 03 21:28:16 2007 (468AF7B0)
8c354000 8c362000   netbios  netbios.sys  Thu Oct 19 19:38:12 2006 (45380C64)
8c362000 8c378000   pacer    pacer.sys    Tue Jul 03 21:27:33 2007 (468AF785)
8c378000 8c3aa000   netbt    netbt.sys    Thu Nov 02 04:57:18 2006 (4549B2EE)
8c3aa000 8c3b9000   klifoko  klifoko.sys  Mon Apr 26 23:04:54 2004 (408DCDD6)
8c3b9000 8c400000   afd      afd.sys      Thu Nov 02 04:58:41 2006 (4549B341)
8c8be000 8c8e6000   fastfat  fastfat.SYS  Thu Nov 02 04:30:49 2006 (4549ACB9)
8c8f6000 8c90d000   dfsc     dfsc.sys     Thu Nov 02 04:31:04 2006 (4549ACC8)
8c90d000 8c92a000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c92a000 8c98c000   eeCtrl   eeCtrl.sys   Wed Oct 25 20:15:50 2006 (453FFE36)
8c98c000 8c9c0000   IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
8ce59000 8cfff280   snp2uvc  snp2uvc.sys  Mon Jun 11 22:38:23 2007 (466E071F)
90b88000 90b97000   monitor  monitor.sys  Sun Dec 16 04:56:44 2007 (4764F65C)
95800000 95a00000   win32k   win32k.sys   Fri Aug 14 10:01:22 2009 (4A856E32)
96270000 9628b000   luafv    luafv.sys    Thu Nov 02 04:33:07 2006 (4549AD43)
96400000 96409000   TSDDD    TSDDD.dll    Thu Nov 02 05:02:02 2006 (4549B40A)
96410000 9641e000   cdd      cdd.dll      unavailable (00000000)
98412000 984a0000   spsys    spsys.sys    Wed Oct 25 18:43:28 2006 (453FE890)
98562000 98580000   irda     irda.sys     Thu Nov 02 04:57:09 2006 (4549B2E5)
9ac01000 9ac1c000   srvnet   srvnet.sys   Fri Dec 11 07:15:29 2009 (4B2237E1)
9ad1c000 9ad2f000   rspndr   rspndr.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
9ad2f000 9ad5a000   nwifi    nwifi.sys    Fri Jan 18 22:06:33 2008 (47916939)
9ba15000 9ba66000   srv      srv.sys      Fri Dec 11 07:15:47 2009 (4B2237F3)
9ba66000 9ba8a000   srv2     srv2.sys     Mon Sep 14 05:50:53 2009 (4AAE11FD)
9ba8a000 9ba9c000   mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
9ba9c000 9bad5000   mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9bad5000 9baf3000   mrxsmb   mrxsmb.sys   Tue Feb 23 08:14:40 2010 (4B83D4C0)
9bb33000 9bb53000   mrxdav   mrxdav.sys   Fri Jan 11 20:45:54 2008 (47881BD2)
9bb53000 9bb67000   mpsdrv   mpsdrv.sys   Wed Jun 06 22:55:55 2007 (466773BB)
9bb67000 9bb80000   bowser   bowser.sys   Thu Nov 02 04:31:11 2006 (4549ACCF)
9c41b000 9c431000   cdfs     cdfs.sys     Thu Nov 02 04:30:50 2006 (4549ACBA)
9c596000 9c5ff000   HTTP     HTTP.sys     Sat Feb 20 16:30:14 2010 (4B805466)
9c6a8000 9c6ab180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
9c7d6000 9c7dd000   int15    int15.sys    Mon Jul 02 22:03:24 2007 (4689AE6C)
9d6a2000 9d780000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)

Unloaded modules:
8d2c8000 8d2d0000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9c4b9000 9c4d1000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87c4f000 87c5c000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a665000 8a670000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87920000 87928000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
879e3000 879ec000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
1: kd> lmntsm
start    end        module name
8a80a000 8a817080   1394BUS  1394BUS.SYS  Wed Feb 07 21:04:45 2007 (45CA853D)
804cf000 80512000   acpi     acpi.sys     Thu Aug 30 20:57:46 2007 (46D7678A)
8c3b9000 8c400000   afd      afd.sys      Thu Nov 02 04:58:41 2006 (4549B341)
879d4000 879e3000   amdk8    amdk8.sys    Thu Nov 02 04:30:18 2006 (4549AC9A)
80429000 80431000   atapi    atapi.sys    Fri Jan 18 22:01:56 2008 (47916824)
8040b000 80429000   ataport  ataport.SYS  Fri Jan 18 22:01:56 2008 (47916824)
8b4d8000 8bc00000   atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
80480000 8048a000   BATTC    BATTC.SYS    Thu Aug 30 20:57:44 2007 (46D76788)
8b452000 8b4d8000   bcmwl6   bcmwl6.sys   Tue Dec 19 14:55:55 2006 (458843CB)
8a7cf000 8a7d6000   Beep     Beep.SYS     Thu Nov 02 04:51:03 2006 (4549B177)
802ba000 802c2000   BOOTVID  BOOTVID.dll  Thu Nov 02 05:39:29 2006 (4549BCD1)
9bb67000 9bb80000   bowser   bowser.sys   Thu Nov 02 04:31:11 2006 (4549ACCF)
96410000 9641e000   cdd      cdd.dll      unavailable (00000000)
9c41b000 9c431000   cdfs     cdfs.sys     Thu Nov 02 04:30:50 2006 (4549ACBA)
8a611000 8a629000   cdrom    cdrom.sys    Thu Nov 02 04:51:44 2006 (4549B1A0)
8051f000 80600000   CI       CI.dll       Mon Feb 18 23:59:14 2008 (47BA6222)
8238b000 823ac000   CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
8027f000 802ba000   CLFS     CLFS.SYS     Wed Dec 05 20:55:42 2007 (4757569E)
8a72c000 8a72f780   CmBatt   CmBatt.sys   Thu Aug 30 20:57:48 2007 (46D7678C)
80201000 80203900   compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
87c4f000 87c5c000   crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
82382000 8238b000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8c8f6000 8c90d000   dfsc     dfsc.sys     Thu Nov 02 04:31:04 2006 (4549ACC8)
823ac000 823bd000   disk     disk.sys     Thu Nov 02 04:51:40 2006 (4549B19C)
8a974000 8a97e000   DKbFltr  DKbFltr.sys  Thu Oct 19 04:24:28 2006 (4537363C)
8b246000 8b26b000   drmk     drmk.sys     Thu Nov 02 05:20:49 2006 (4549B871)
87928000 87930000   dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8c146000 8c151000   dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8a9c4000 8a9ce000   Dxapi    Dxapi.sys    Thu Nov 02 04:38:17 2006 (4549AE79)
8a8c3000 8a960000   dxgkrnl  dxgkrnl.sys  Mon Jul 02 21:01:10 2007 (46899FD6)
823bd000 823e2000   ecache   ecache.sys   Thu Nov 02 04:52:42 2006 (4549B1DA)
8c92a000 8c98c000   eeCtrl   eeCtrl.sys   Wed Oct 25 20:15:50 2006 (453FFE36)
8c90d000 8c92a000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c8be000 8c8e6000   fastfat  fastfat.SYS  Thu Nov 02 04:30:49 2006 (4549ACB9)
80746000 80756000   fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000   fltmgr   fltmgr.sys   Thu Nov 02 04:30:58 2006 (4549ACC2)
8a6f7000 8a700000   Fs_Rec   Fs_Rec.SYS   Mon Apr 16 21:26:39 2007 (4624224F)
8c034000 8c04d000   fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
81fa1000 81fd5000   hal      halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
8a836000 8a848000   HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8a7d6000 8a7dc380   HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
8a79e000 8a7a5000   hny      hny.sys      Mon Dec 20 08:18:05 2010 (4D0F578D)
8be49000 8befd000   HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8befd000 8c000000   HSX_DPV  HSX_DPV.sys  Wed Nov 08 18:55:07 2006 (45526E5B)
8b209000 8b246000   HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
9c596000 9c5ff000   HTTP     HTTP.sys     Sat Feb 20 16:30:14 2010 (4B805466)
8a823000 8a836000   i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8c98c000 8c9c0000   IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
9c7d6000 9c7dd000   int15    int15.sys    Mon Jul 02 22:03:24 2007 (4689AE6C)
98562000 98580000   irda     irda.sys     Thu Nov 02 04:57:09 2006 (4549B2E5)
8a6c1000 8a6ca000   irenum   irenum.sys   Thu Nov 02 04:57:04 2006 (4549B2E0)
8a606000 8a611000   kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8555b000 85563000   kdcom    kdcom.dll    Thu Nov 02 05:42:20 2006 (4549BD7C)
8c3aa000 8c3b9000   klifoko  klifoko.sys  Mon Apr 26 23:04:54 2004 (408DCDD6)
8b2e9000 8b313000   ks       ks.sys       Fri Mar 07 21:14:06 2008 (47D1F66E)
82055000 820bf000   ksecdd   ksecdd.sys   Mon Jun 15 09:10:14 2009 (4A364836)
87d70000 87d80000   lltdio   lltdio.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
96270000 9628b000   luafv    luafv.sys    Thu Nov 02 04:33:07 2006 (4549AD43)
9c6a8000 9c6ab180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
8b3a1000 8b3ae000   modem    modem.sys    Thu Nov 02 04:58:52 2006 (4549B34C)
90b88000 90b97000   monitor  monitor.sys  Sun Dec 16 04:56:44 2007 (4764F65C)
8a818000 8a823000   mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
80470000 80480000   mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
9bb53000 9bb67000   mpsdrv   mpsdrv.sys   Wed Jun 06 22:55:55 2007 (466773BB)
9bb33000 9bb53000   mrxdav   mrxdav.sys   Fri Jan 11 20:45:54 2008 (47881BD2)
9bad5000 9baf3000   mrxsmb   mrxsmb.sys   Tue Feb 23 08:14:40 2010 (4B83D4C0)
9ba9c000 9bad5000   mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9ba8a000 9ba9c000   mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
8b32f000 8b33a000   Msfs     Msfs.SYS     Thu Nov 02 04:30:56 2006 (4549ACC0)
804be000 804c6000   msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
8b3f9000 8b424000   msiscsi  msiscsi.sys  Thu Nov 02 04:52:40 2006 (4549B1D8)
8060e000 80639000   msrpc    msrpc.sys    Thu Nov 02 04:50:16 2006 (4549B148)
8a97e000 8a988000   mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
823e2000 823f1000   mup      mup.sys      Thu Nov 02 04:31:04 2006 (4549ACC8)
80639000 8073d000   ndis     ndis.sys     Thu Nov 02 04:57:33 2006 (4549B2FD)
8b37f000 8b38a000   ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8a988000 8a992000   ndisuio  ndisuio.sys  Thu Nov 02 04:57:22 2006 (4549B2F2)
8b35c000 8b37f000   ndiswan  ndiswan.sys  Thu Nov 02 04:58:13 2006 (4549B325)
87d30000 87d40000   NDProxy  NDProxy.SYS  Tue Jul 03 21:28:13 2007 (468AF7AD)
8c354000 8c362000   netbios  netbios.sys  Thu Oct 19 19:38:12 2006 (45380C64)
8c378000 8c3aa000   netbt    netbt.sys    Thu Nov 02 04:57:18 2006 (4549B2EE)
821c7000 82200000   NETIO    NETIO.SYS    Fri Aug 14 10:24:15 2009 (4A85738F)
8c122000 8c130000   Npfs     Npfs.SYS     Thu Nov 02 04:30:57 2006 (4549ACC1)
878e8000 878ef800   nscirda  nscirda.sys  Thu Nov 02 04:57:06 2006 (4549B2E2)
8a9b0000 8a9ba000   nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
81c00000 81fa1000   nt       ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
820bf000 821c7000   Ntfs     Ntfs.sys     Sun Dec 16 04:31:37 2007 (4764F079)
87ca0000 87ca1800   NTIDrvr  NTIDrvr.sys  Tue Dec 21 15:33:14 2004 (41C8888A)
8a7c8000 8a7cf000   Null     Null.SYS     Thu Nov 02 04:51:05 2006 (4549B179)
9ad2f000 9ad5a000   nwifi    nwifi.sys    Fri Jan 18 22:06:33 2008 (47916939)
80401000 8040ab00   o2media  o2media.sys  Mon Apr 02 22:04:27 2007 (4611B62B)
80787000 8078fb80   o2sd     o2sd.sys     Mon Apr 02 04:11:06 2007 (4610BA9A)
87d00000 87d0f200   ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
8c362000 8c378000   pacer    pacer.sys    Tue Jul 03 21:27:33 2007 (468AF785)
823f1000 82400000   partmgr  partmgr.sys  Thu Nov 02 04:51:47 2006 (4549B1A3)
80499000 804be000   pci      pci.sys      Tue Dec 12 21:42:27 2006 (457F6893)
8043f000 80446000   pciide   pciide.sys   Fri Jan 18 22:01:57 2008 (47916825)
80431000 8043f000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 22:01:56 2008 (47916824)
80446000 80470000   pcmcia   pcmcia.sys   Thu Nov 02 04:35:13 2006 (4549ADC1)
9d6a2000 9d780000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
8b26b000 8b298000   portcls  portcls.sys  Thu Nov 02 04:55:02 2006 (4549B266)
8073d000 80746000   psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
82004000 8200d000   PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000   psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
802c2000 802cb000   PSHED    PSHED.dll    Thu Nov 02 05:42:51 2006 (4549BD9B)
8a670000 8a679000   rasacd   rasacd.sys   Thu Nov 02 04:58:13 2006 (4549B325)
8b38a000 8b3a1000   rasl2tp  rasl2tp.sys  Mon Jan 08 21:17:02 2007 (45A2FB1E)
8b34d000 8b35c000   raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8b33a000 8b34d000   raspptp  raspptp.sys  Mon Jan 08 21:17:01 2007 (45A2FB1D)
8c21f000 8c25a000   rdbss    rdbss.sys    Thu Nov 02 04:31:24 2006 (4549ACDC)
87968000 87970000   RDPCDD   RDPCDD.sys   Thu Nov 02 05:02:01 2006 (4549B409)
87910000 87918000   rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
8a7f2000 8a7f8a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
87930000 87938000   RootMdm  RootMdm.sys  Thu Nov 02 04:58:51 2006 (4549B34B)
9ad1c000 9ad2f000   rspndr   rspndr.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
8bc25000 8bdffe40   RTKVHDA  RTKVHDA.sys  Wed Aug 22 06:44:12 2007 (46CC137C)
80790000 807b6000   SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
8a9d8000 8a9e2000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
8c00b000 8c01f000   smb      smb.sys      Thu Nov 02 04:57:10 2006 (4549B2E6)
8a797000 8a79dd00   sncduvc  sncduvc.SYS  Wed Dec 27 22:21:50 2006 (4593384E)
8ce59000 8cfff280   snp2uvc  snp2uvc.sys  Mon Jun 11 22:38:23 2007 (466E071F)
8c25a000 8c2c0000   SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
80606000 8060e000   spldr    spldr.sys    Wed Oct 25 18:40:44 2006 (453FE7EC)
98412000 984a0000   spsys    spsys.sys    Wed Oct 25 18:43:28 2006 (453FE890)
8c2c0000 8c2d1000   SRTSPX   SRTSPX.SYS   Fri Nov 03 21:12:10 2006 (454BE8EA)
9ba15000 9ba66000   srv      srv.sys      Fri Dec 11 07:15:47 2009 (4B2237F3)
9ba66000 9ba8a000   srv2     srv2.sys     Mon Sep 14 05:50:53 2009 (4AAE11FD)
9ac01000 9ac1c000   srvnet   srvnet.sys   Fri Dec 11 07:15:29 2009 (4B2237E1)
8b3b9000 8b3f9000   storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b298000 8b2a4e80   STREAM   STREAM.SYS   Thu Nov 02 04:55:00 2006 (4549B264)
87cac000 87cad380   swenum   swenum.sys   Tue Dec 12 22:28:16 2006 (457F7350)
87cb4000 87cb5780   SYMDNS   SYMDNS.SYS   Mon Oct 23 20:26:34 2006 (453D5DBA)
8c2f3000 8c315000   SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c2d1000 8c2f2f00   SYMFW    SYMFW.SYS    Mon Oct 23 20:28:55 2006 (453D5E47)
8a68b000 8a693180   SYMIDS   SYMIDS.SYS   Mon Oct 23 20:29:36 2006 (453D5E70)
8c13b000 8c146000   SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
87855000 8785a080   SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
8c315000 8c340f00   SYMTDI   SYMTDI.SYS   Mon Oct 23 20:26:29 2006 (453D5DB5)
8b424000 8b451700   SynTP    SynTP.sys    Fri Sep 07 14:16:58 2007 (46E1959A)
8c04d000 8c122000   tcpip    tcpip.sys    Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c172000 8c17d000   tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8b3ae000 8b3b9000   TDI      TDI.SYS      Thu Nov 02 04:58:46 2006 (4549B346)
8c01f000 8c034000   tdx      tdx.sys      Thu Nov 02 04:57:34 2006 (4549B2FE)
8b313000 8b322000   termdd   termdd.sys   Tue Dec 12 22:53:43 2006 (457F7947)
96400000 96409000   TSDDD    TSDDD.dll    Thu Nov 02 05:02:02 2006 (4549B40A)
8a694000 8a69d000   tunmp    tunmp.sys    Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a644000 8a64f000   tunnel   tunnel.sys   Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8b322000 8b32f000   umbus    umbus.sys    Thu Nov 02 04:55:24 2006 (4549B27C)
87cbc000 87cbd700   USBD     USBD.SYS     Thu Aug 30 21:23:36 2007 (46D76D98)
8a629000 8a637000   usbehci  usbehci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8b2b5000 8b2e9000   usbhub   usbhub.sys   Thu Aug 30 21:24:00 2007 (46D76DB0)
8a96a000 8a974000   usbohci  usbohci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a848000 8a885000   USBPORT  USBPORT.SYS  Thu Aug 30 21:23:43 2007 (46D76D9F)
8a64f000 8a65b000   vga      vga.sys      Thu Nov 02 04:53:56 2006 (4549B224)
8bc04000 8bc25000   VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8048a000 80499000   volmgr   volmgr.sys   Tue Dec 12 22:29:12 2006 (457F7388)
807b6000 80800000   volmgrx  volmgrx.sys  Thu Nov 02 04:51:54 2006 (4549B1AA)
8201f000 82055000   volsnap  volsnap.sys  Thu Oct 25 22:04:17 2007 (47214B21)
8c341000 8c354000   wanarp   wanarp.sys   Tue Jul 03 21:28:16 2007 (468AF7B0)
8a637000 8a644000   watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
80204000 8027f000   Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
80512000 8051f000   WDFLDR   WDFLDR.SYS   Wed Dec 05 21:21:19 2007 (47575C9F)
95800000 95a00000   win32k   win32k.sys   Fri Aug 14 10:01:22 2009 (4A856E32)
8a69d000 8a6a6000   wmiacpi  wmiacpi.sys  Thu Aug 30 20:57:47 2007 (46D7678B)
804c6000 804cf000   WMILIB   WMILIB.SYS   Thu Nov 02 04:54:53 2006 (4549B25D)
8a885000 8a8c3000   yk60x86  yk60x86.sys  Fri Mar 23 06:11:54 2007 (4603A7EA)

Unloaded modules:
8d2c8000 8d2d0000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9c4b9000 9c4d1000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87c4f000 87c5c000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a665000 8a670000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87920000 87928000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
879e3000 879ec000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
1: kd> .cxr 0xffffffff879ab490
eax=00000000 ebx=8543b188 ecx=00000000 edx=7ffa0000 esi=00000000 edi=879ab870
eip=81c6016e esp=879ab85c ebp=879ab85c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!RtlImageNtHeaderEx+0x45:
81c6016e 66813a4d5a      cmp     word ptr [edx],5A4Dh     ds:0023:7ffa0000=????
1: kd> .exr 0xffffffff879ab794
ExceptionAddress: 81c6016e (nt!RtlImageNtHeaderEx+0x00000045)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 7ffa0000
Attempt to read from address 7ffa0000



____________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\48DSV9T5\Mini032011-08[1].dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*a:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.17021.x86fre.vista_gdr.100218-0019
Machine Name:
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sun Mar 20 16:29:19.179 2011 (GMT-4)
System Uptime: 0 days 0:03:11.007
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 2ae0, a139bbb4, 0}

*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+12175 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00002ae0, The address that the exception occurred at
Arg3: a139bbb4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
+12a
00002ae0 ??              ???

TRAP_FRAME:  a139bbb4 -- (.trap 0xffffffffa139bbb4)
ErrCode = 00000010
eax=86fe1424 ebx=86fda828 ecx=00002ae0 edx=00000000 esi=86fe1430 edi=97e5d5b0
eip=00002ae0 esp=a139bc28 ebp=a139bc8c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
00002ae0 ??              ???
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81e1bf29 to 00002ae0

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
a139bc24 81e1bf29 86fe1424 a13907cc 86fdaa88 0x2ae0
a139bc8c 81e1afa8 86fe1430 00000000 86fda828 nt!PspExitThread+0x62f
a139bca8 81e1b77b 86fda828 00000000 00000001 nt!PspTerminateThreadByPointer+0x5b
a139bcd0 8c1f0175 00000000 00000000 9aadead0 nt!NtTerminateThread+0x74
a139bd54 81c8cb1a 00000000 00000000 02e5ff30 SYMEVENT+0x12175
a139bd54 00000000 00000000 00000000 02e5ff30 nt!KiFastCallEntry+0x12a
a139bdc4 00000000 77950f34 0000001b 00000246 0x0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
SYMEVENT+12175
8c1f0175 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  SYMEVENT+12175

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4535a9f4

FAILURE_BUCKET_ID:  0x8E_SYMEVENT+12175

BUCKET_ID:  0x8E_SYMEVENT+12175

Followup: MachineOwner
---------

1: kd> lmvm SYMEVENT
start    end        module name
8c1de000 8c200000   SYMEVENT T (no symbols)           
    Loaded symbol image file: SYMEVENT.SYS
    Image path: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    Image name: SYMEVENT.SYS
    Timestamp:        Wed Oct 18 00:13:40 2006 (4535A9F4)
    CheckSum:         0001E2A5
    ImageSize:        00022000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmnt
start    end        module name
80201000 80203900   compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
80204000 8027f000   Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
8027f000 802ba000   CLFS     CLFS.SYS     Wed Dec 05 20:55:42 2007 (4757569E)
802ba000 802c2000   BOOTVID  BOOTVID.dll  Thu Nov 02 05:39:29 2006 (4549BCD1)
802c2000 802cb000   PSHED    PSHED.dll    Thu Nov 02 05:42:51 2006 (4549BD9B)
80401000 8040ab00   o2media  o2media.sys  Mon Apr 02 22:04:27 2007 (4611B62B)
8040b000 80429000   ataport  ataport.SYS  Fri Jan 18 22:01:56 2008 (47916824)
80429000 80431000   atapi    atapi.sys    Fri Jan 18 22:01:56 2008 (47916824)
80431000 8043f000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 22:01:56 2008 (47916824)
8043f000 80446000   pciide   pciide.sys   Fri Jan 18 22:01:57 2008 (47916825)
80446000 80470000   pcmcia   pcmcia.sys   Thu Nov 02 04:35:13 2006 (4549ADC1)
80470000 80480000   mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
80480000 8048a000   BATTC    BATTC.SYS    Thu Aug 30 20:57:44 2007 (46D76788)
8048a000 80499000   volmgr   volmgr.sys   Tue Dec 12 22:29:12 2006 (457F7388)
80499000 804be000   pci      pci.sys      Tue Dec 12 21:42:27 2006 (457F6893)
804be000 804c6000   msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
804c6000 804cf000   WMILIB   WMILIB.SYS   Thu Nov 02 04:54:53 2006 (4549B25D)
804cf000 80512000   acpi     acpi.sys     Thu Aug 30 20:57:46 2007 (46D7678A)
80512000 8051f000   WDFLDR   WDFLDR.SYS   Wed Dec 05 21:21:19 2007 (47575C9F)
8051f000 80600000   CI       CI.dll       Mon Feb 18 23:59:14 2008 (47BA6222)
80606000 8060e000   spldr    spldr.sys    Wed Oct 25 18:40:44 2006 (453FE7EC)
8060e000 80639000   msrpc    msrpc.sys    Thu Nov 02 04:50:16 2006 (4549B148)
80639000 8073d000   ndis     ndis.sys     Thu Nov 02 04:57:33 2006 (4549B2FD)
8073d000 80746000   psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
80746000 80756000   fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000   fltmgr   fltmgr.sys   Thu Nov 02 04:30:58 2006 (4549ACC2)
80787000 8078fb80   o2sd     o2sd.sys     Mon Apr 02 04:11:06 2007 (4610BA9A)
80790000 807b6000   SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
807b6000 80800000   volmgrx  volmgrx.sys  Thu Nov 02 04:51:54 2006 (4549B1AA)
81c00000 81fa1000   nt       ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
81fa1000 81fd5000   hal      halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
82004000 8200d000   PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000   psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
8201f000 82055000   volsnap  volsnap.sys  Thu Oct 25 22:04:17 2007 (47214B21)
82055000 820bf000   ksecdd   ksecdd.sys   Mon Jun 15 09:10:14 2009 (4A364836)
820bf000 821c7000   Ntfs     Ntfs.sys     Sun Dec 16 04:31:37 2007 (4764F079)
821c7000 82200000   NETIO    NETIO.SYS    Fri Aug 14 10:24:15 2009 (4A85738F)
82382000 8238b000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8238b000 823ac000   CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
823ac000 823bd000   disk     disk.sys     Thu Nov 02 04:51:40 2006 (4549B19C)
823bd000 823e2000   ecache   ecache.sys   Thu Nov 02 04:52:42 2006 (4549B1DA)
823e2000 823f1000   mup      mup.sys      Thu Nov 02 04:31:04 2006 (4549ACC8)
823f1000 82400000   partmgr  partmgr.sys  Thu Nov 02 04:51:47 2006 (4549B1A3)
855c3000 855cb000   kdcom    kdcom.dll    Thu Nov 02 05:42:20 2006 (4549BD7C)
87843000 87848080   SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
87892000 87899000   Null     Null.SYS     Thu Nov 02 04:51:05 2006 (4549B179)
878f0000 878f7800   nscirda  nscirda.sys  Thu Nov 02 04:57:06 2006 (4549B2E2)
878f8000 87900000   RootMdm  RootMdm.sys  Thu Nov 02 04:58:51 2006 (4549B34B)
87928000 87930000   dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
87930000 87938000   RDPCDD   RDPCDD.sys   Thu Nov 02 05:02:01 2006 (4549B409)
87960000 87968000   rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
879d4000 879e3000   amdk8    amdk8.sys    Thu Nov 02 04:30:18 2006 (4549AC9A)
87c05000 87c12000   crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
87c16000 87c1d000   Beep     Beep.SYS     Thu Nov 02 04:51:03 2006 (4549B177)
87c1d000 87c23380   HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
87c32000 87c39000   int15    int15.sys    Mon Jul 02 22:03:24 2007 (4689AE6C)
87c40000 87c46a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
87c5c000 87c63000   hny      hny.sys      Mon Dec 20 08:18:05 2010 (4D0F578D)
87c71000 87c77d00   sncduvc  sncduvc.SYS  Wed Dec 27 22:21:50 2006 (4593384E)
87ca6000 87ca7780   SYMDNS   SYMDNS.SYS   Mon Oct 23 20:26:34 2006 (453D5DBA)
87ca8000 87ca9380   swenum   swenum.sys   Tue Dec 12 22:28:16 2006 (457F7350)
87cae000 87caf700   USBD     USBD.SYS     Thu Aug 30 21:23:36 2007 (46D76D98)
87cb0000 87cb1800   NTIDrvr  NTIDrvr.sys  Tue Dec 21 15:33:14 2004 (41C8888A)
87d00000 87d0f200   ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
87d30000 87d40000   NDProxy  NDProxy.SYS  Tue Jul 03 21:28:13 2007 (468AF7AD)
87d80000 87d90000   lltdio   lltdio.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
8a405000 8a410000   tunnel   tunnel.sys   Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8a434000 8a43c180   SYMIDS   SYMIDS.SYS   Mon Oct 23 20:29:36 2006 (453D5E70)
8a43d000 8a446000   irenum   irenum.sys   Thu Nov 02 04:57:04 2006 (4549B2E0)
8a461000 8a46a000   tunmp    tunmp.sys    Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a46a000 8a473000   wmiacpi  wmiacpi.sys  Thu Aug 30 20:57:47 2007 (46D7678B)
8a473000 8a47c000   Fs_Rec   Fs_Rec.SYS   Mon Apr 16 21:26:39 2007 (4624224F)
8a485000 8a48e000   rasacd   rasacd.sys   Thu Nov 02 04:58:13 2006 (4549B325)
8a4bf000 8a4ca000   kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
8a4ca000 8a4e2000   cdrom    cdrom.sys    Thu Nov 02 04:51:44 2006 (4549B1A0)
8a4e2000 8a4f0000   usbehci  usbehci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a4f0000 8a52e000   yk60x86  yk60x86.sys  Fri Mar 23 06:11:54 2007 (4603A7EA)
8a52e000 8a53b000   watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
8a5fc000 8a5ff780   CmBatt   CmBatt.sys   Thu Aug 30 20:57:48 2007 (46D7678C)
8a600000 8a63d000   USBPORT  USBPORT.SYS  Thu Aug 30 21:23:43 2007 (46D76D9F)
8a63d000 8a6c3000   bcmwl6   bcmwl6.sys   Tue Dec 19 14:55:55 2006 (458843CB)
8a6c3000 8a760000   dxgkrnl  dxgkrnl.sys  Mon Jul 02 21:01:10 2007 (46899FD6)
8a774000 8a77e000   usbohci  usbohci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a77e000 8a788000   DKbFltr  DKbFltr.sys  Thu Oct 19 04:24:28 2006 (4537363C)
8a788000 8a792000   mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
8a79c000 8a7a6000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
8a7a6000 8a7b0000   ndisuio  ndisuio.sys  Thu Nov 02 04:57:22 2006 (4549B2F2)
8a7ba000 8a7c4000   nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
8a7d8000 8a7e2000   Dxapi    Dxapi.sys    Thu Nov 02 04:38:17 2006 (4549AE79)
8ae04000 8ae12000   Npfs     Npfs.SYS     Thu Nov 02 04:30:57 2006 (4549ACC1)
8ae12000 8ae1d000   Msfs     Msfs.SYS     Thu Nov 02 04:30:56 2006 (4549ACC0)
8ae1d000 8ae29000   vga      vga.sys      Thu Nov 02 04:53:56 2006 (4549B224)
8ae69000 8aea6000   HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
8aea6000 8aecb000   drmk     drmk.sys     Thu Nov 02 05:20:49 2006 (4549B871)
8aecb000 8aef8000   portcls  portcls.sys  Thu Nov 02 04:55:02 2006 (4549B266)
8af08000 8af3c000   usbhub   usbhub.sys   Thu Aug 30 21:24:00 2007 (46D76DB0)
8af3c000 8af66000   ks       ks.sys       Fri Mar 07 21:14:06 2008 (47D1F66E)
8af66000 8af75000   termdd   termdd.sys   Tue Dec 12 22:53:43 2006 (457F7947)
8af75000 8af82000   umbus    umbus.sys    Thu Nov 02 04:55:24 2006 (4549B27C)
8af82000 8af95000   raspptp  raspptp.sys  Mon Jan 08 21:17:01 2007 (45A2FB1D)
8af95000 8afa4000   raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8afa4000 8afc7000   ndiswan  ndiswan.sys  Thu Nov 02 04:58:13 2006 (4549B325)
8afc7000 8afd2000   ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8afd2000 8afe9000   rasl2tp  rasl2tp.sys  Mon Jan 08 21:17:02 2007 (45A2FB1E)
8afe9000 8aff6000   modem    modem.sys    Thu Nov 02 04:58:52 2006 (4549B34C)
8aff6000 8b001000   TDI      TDI.SYS      Thu Nov 02 04:58:46 2006 (4549B346)
8b001000 8b041000   storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8b041000 8b06c000   msiscsi  msiscsi.sys  Thu Nov 02 04:52:40 2006 (4549B1D8)
8b06c000 8b079080   1394BUS  1394BUS.SYS  Wed Feb 07 21:04:45 2007 (45CA853D)
8b07a000 8b085000   mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
8b085000 8b0b2700   SynTP    SynTP.sys    Fri Sep 07 14:16:58 2007 (46E1959A)
8b0b3000 8b0c6000   i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8b0c6000 8b0d8000   HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
8b0d8000 8b800000   atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
8ba04000 8ba25000   VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8ba25000 8bbffe40   RTKVHDA  RTKVHDA.sys  Wed Aug 22 06:44:12 2007 (46CC137C)
8bc01000 8bc10000   klifoko  klifoko.sys  Mon Apr 26 23:04:54 2004 (408DCDD6)
8bc10000 8bc29000   fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
8bc49000 8bcfd000   HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8bcfd000 8be00000   HSX_DPV  HSX_DPV.sys  Wed Nov 08 18:55:07 2006 (45526E5B)
8be0a000 8be1b000   SRTSPX   SRTSPX.SYS   Fri Nov 03 21:12:10 2006 (454BE8EA)
8be1b000 8be46f00   SYMTDI   SYMTDI.SYS   Mon Oct 23 20:26:29 2006 (453D5DB5)
8be47000 8be5a000   wanarp   wanarp.sys   Tue Jul 03 21:28:16 2007 (468AF7B0)
8be5a000 8be68000   netbios  netbios.sys  Thu Oct 19 19:38:12 2006 (45380C64)
8be68000 8be73000   SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
8be73000 8be89000   pacer    pacer.sys    Tue Jul 03 21:27:33 2007 (468AF785)
8be89000 8bebb000   netbt    netbt.sys    Thu Nov 02 04:57:18 2006 (4549B2EE)
8bebb000 8bf02000   afd      afd.sys      Thu Nov 02 04:58:41 2006 (4549B341)
8bf02000 8bf16000   smb      smb.sys      Thu Nov 02 04:57:10 2006 (4549B2E6)
8bf16000 8bf2b000   tdx      tdx.sys      Thu Nov 02 04:57:34 2006 (4549B2FE)
8bf2b000 8c000000   tcpip    tcpip.sys    Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c01b000 8c032000   dfsc     dfsc.sys     Thu Nov 02 04:31:04 2006 (4549ACC8)
8c032000 8c04f000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c05d000 8c091000   IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
8c0d1000 8c10c000   rdbss    rdbss.sys    Thu Nov 02 04:31:24 2006 (4549ACDC)
8c10c000 8c12df00   SYMFW    SYMFW.SYS    Mon Oct 23 20:28:55 2006 (453D5E47)
8c12e000 8c139000   dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8c1a7000 8c1b2000   tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8c1de000 8c200000   SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c769000 8c791000   fastfat  fastfat.SYS  Thu Nov 02 04:30:49 2006 (4549ACB9)
8c791000 8c79de80   STREAM   STREAM.SYS   Thu Nov 02 04:55:00 2006 (4549B264)
8c79e000 8c800000   eeCtrl   eeCtrl.sys   Wed Oct 25 20:15:50 2006 (453FFE36)
8ca59000 8cbff280   snp2uvc  snp2uvc.sys  Mon Jun 11 22:38:23 2007 (466E071F)
94a00000 94c00000   win32k   win32k.sys   Fri Aug 14 10:01:22 2009 (4A856E32)
95798000 957a0000   xaudio   xaudio.sys   Fri Aug 04 20:39:09 2006 (44D3E8AD)
95c00000 95c09000   TSDDD    TSDDD.dll    Thu Nov 02 05:02:02 2006 (4549B40A)
95c10000 95c1e000   cdd      cdd.dll      unavailable (00000000)
95f88000 95f97000   monitor  monitor.sys  Sun Dec 16 04:56:44 2007 (4764F65C)
964d4000 964ef000   luafv    luafv.sys    Thu Nov 02 04:33:07 2006 (4549AD43)
9a462000 9a475000   rspndr   rspndr.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
9a475000 9a4a0000   nwifi    nwifi.sys    Fri Jan 18 22:06:33 2008 (47916939)
9a4a0000 9a4be000   irda     irda.sys     Thu Nov 02 04:57:09 2006 (4549B2E5)
9a517000 9a532000   srvnet   srvnet.sys   Fri Dec 11 07:15:29 2009 (4B2237E1)
9a572000 9a600000   spsys    spsys.sys    Wed Oct 25 18:43:28 2006 (453FE890)
9ac02000 9ac16000   mpsdrv   mpsdrv.sys   Wed Jun 06 22:55:55 2007 (466773BB)
9ac5c000 9acc5000   HTTP     HTTP.sys     Sat Feb 20 16:30:14 2010 (4B805466)
9b61b000 9b61ca00   000      000.fcl      Wed May 03 22:21:48 2006 (4459653C)
9b629000 9b67a000   srv      srv.sys      Fri Dec 11 07:15:47 2009 (4B2237F3)
9b6ba000 9b6de000   srv2     srv2.sys     Mon Sep 14 05:50:53 2009 (4AAE11FD)
9b6de000 9b6f0000   mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
9b6f0000 9b729000   mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9b729000 9b747000   mrxsmb   mrxsmb.sys   Tue Feb 23 08:14:40 2010 (4B83D4C0)
9b747000 9b767000   mrxdav   mrxdav.sys   Fri Jan 11 20:45:54 2008 (47881BD2)
9b767000 9b780000   bowser   bowser.sys   Thu Nov 02 04:31:11 2006 (4549ACCF)
9c03a000 9c050000   cdfs     cdfs.sys     Thu Nov 02 04:30:50 2006 (4549ACBA)
9dc22000 9dd00000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
9ddfc000 9ddff180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
a3216000 a3227ee0   NAVENG   NAVENG.SYS   Thu Sep 21 15:01:06 2006 (4512E172)
a8437000 a849d000   SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
a849d000 a8566ae0   NAVEX15  NAVEX15.SYS  Thu Sep 21 14:34:08 2006 (4512DB20)
a8567000 a85b0000   SRTSP    SRTSP.SYS    Fri Nov 03 21:12:10 2006 (454BE8EA)

Unloaded modules:
957e8000 957f0000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9b611000 9b629000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87c05000 87c12000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a4a0000 8a4ab000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87900000 87908000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a47c000 8a485000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
1: kd> lmntsm
start    end        module name
9b61b000 9b61ca00   000      000.fcl      Wed May 03 22:21:48 2006 (4459653C)
8b06c000 8b079080   1394BUS  1394BUS.SYS  Wed Feb 07 21:04:45 2007 (45CA853D)
804cf000 80512000   acpi     acpi.sys     Thu Aug 30 20:57:46 2007 (46D7678A)
8bebb000 8bf02000   afd      afd.sys      Thu Nov 02 04:58:41 2006 (4549B341)
879d4000 879e3000   amdk8    amdk8.sys    Thu Nov 02 04:30:18 2006 (4549AC9A)
80429000 80431000   atapi    atapi.sys    Fri Jan 18 22:01:56 2008 (47916824)
8040b000 80429000   ataport  ataport.SYS  Fri Jan 18 22:01:56 2008 (47916824)
8b0d8000 8b800000   atikmdag atikmdag.sys Sat Aug 11 23:09:56 2007 (46BE7A04)
80480000 8048a000   BATTC    BATTC.SYS    Thu Aug 30 20:57:44 2007 (46D76788)
8a63d000 8a6c3000   bcmwl6   bcmwl6.sys   Tue Dec 19 14:55:55 2006 (458843CB)
87c16000 87c1d000   Beep     Beep.SYS     Thu Nov 02 04:51:03 2006 (4549B177)
802ba000 802c2000   BOOTVID  BOOTVID.dll  Thu Nov 02 05:39:29 2006 (4549BCD1)
9b767000 9b780000   bowser   bowser.sys   Thu Nov 02 04:31:11 2006 (4549ACCF)
95c10000 95c1e000   cdd      cdd.dll      unavailable (00000000)
9c03a000 9c050000   cdfs     cdfs.sys     Thu Nov 02 04:30:50 2006 (4549ACBA)
8a4ca000 8a4e2000   cdrom    cdrom.sys    Thu Nov 02 04:51:44 2006 (4549B1A0)
8051f000 80600000   CI       CI.dll       Mon Feb 18 23:59:14 2008 (47BA6222)
8238b000 823ac000   CLASSPNP CLASSPNP.SYS Thu Nov 02 04:51:34 2006 (4549B196)
8027f000 802ba000   CLFS     CLFS.SYS     Wed Dec 05 20:55:42 2007 (4757569E)
8a5fc000 8a5ff780   CmBatt   CmBatt.sys   Thu Aug 30 20:57:48 2007 (46D7678C)
80201000 80203900   compbatt compbatt.sys Thu Aug 30 20:57:47 2007 (46D7678B)
87c05000 87c12000   crashdmp crashdmp.sys Thu Nov 02 04:51:36 2006 (4549B198)
82382000 8238b000   crcdisk  crcdisk.sys  Thu Nov 02 04:52:27 2006 (4549B1CB)
8c01b000 8c032000   dfsc     dfsc.sys     Thu Nov 02 04:31:04 2006 (4549ACC8)
823ac000 823bd000   disk     disk.sys     Thu Nov 02 04:51:40 2006 (4549B19C)
8a77e000 8a788000   DKbFltr  DKbFltr.sys  Thu Oct 19 04:24:28 2006 (4537363C)
8aea6000 8aecb000   drmk     drmk.sys     Thu Nov 02 05:20:49 2006 (4549B871)
87928000 87930000   dump_atapi dump_atapi.sys Fri Jan 18 22:01:56 2008 (47916824)
8c12e000 8c139000   dump_dumpata dump_dumpata.sys Thu Nov 02 04:51:34 2006 (4549B196)
8a7d8000 8a7e2000   Dxapi    Dxapi.sys    Thu Nov 02 04:38:17 2006 (4549AE79)
8a6c3000 8a760000   dxgkrnl  dxgkrnl.sys  Mon Jul 02 21:01:10 2007 (46899FD6)
823bd000 823e2000   ecache   ecache.sys   Thu Nov 02 04:52:42 2006 (4549B1DA)
8c79e000 8c800000   eeCtrl   eeCtrl.sys   Wed Oct 25 20:15:50 2006 (453FFE36)
8c032000 8c04f000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Wed Oct 25 20:15:50 2006 (453FFE36)
8c769000 8c791000   fastfat  fastfat.SYS  Thu Nov 02 04:30:49 2006 (4549ACB9)
80746000 80756000   fileinfo fileinfo.sys Thu Nov 02 04:36:47 2006 (4549AE1F)
80756000 80787000   fltmgr   fltmgr.sys   Thu Nov 02 04:30:58 2006 (4549ACC2)
8a473000 8a47c000   Fs_Rec   Fs_Rec.SYS   Mon Apr 16 21:26:39 2007 (4624224F)
8bc10000 8bc29000   fwpkclnt fwpkclnt.sys Thu Nov 02 04:57:26 2006 (4549B2F6)
81fa1000 81fd5000   hal      halmacpi.dll Sat Dec 23 23:05:34 2006 (458DFC8E)
8b0c6000 8b0d8000   HDAudBus HDAudBus.sys Sat Mar 24 14:54:34 2007 (460573EA)
87c1d000 87c23380   HIDPARSE HIDPARSE.SYS Thu May 10 21:30:33 2007 (4643C739)
87c5c000 87c63000   hny      hny.sys      Mon Dec 20 08:18:05 2010 (4D0F578D)
8bc49000 8bcfd000   HSX_CNXT HSX_CNXT.sys Wed Nov 08 18:53:45 2006 (45526E09)
8bcfd000 8be00000   HSX_DPV  HSX_DPV.sys  Wed Nov 08 18:55:07 2006 (45526E5B)
8ae69000 8aea6000   HSXHWAZL HSXHWAZL.sys Wed Nov 08 18:53:56 2006 (45526E14)
9ac5c000 9acc5000   HTTP     HTTP.sys     Sat Feb 20 16:30:14 2010 (4B805466)
8b0b3000 8b0c6000   i8042prt i8042prt.sys Wed Dec 05 21:18:28 2007 (47575BF4)
8c05d000 8c091000   IDSvix86 IDSvix86.sys Fri Oct 20 00:01:56 2006 (45384A34)
87c32000 87c39000   int15    int15.sys    Mon Jul 02 22:03:24 2007 (4689AE6C)
9a4a0000 9a4be000   irda     irda.sys     Thu Nov 02 04:57:09 2006 (4549B2E5)
8a43d000 8a446000   irenum   irenum.sys   Thu Nov 02 04:57:04 2006 (4549B2E0)
8a4bf000 8a4ca000   kbdclass kbdclass.sys Wed Dec 05 21:18:23 2007 (47575BEF)
855c3000 855cb000   kdcom    kdcom.dll    Thu Nov 02 05:42:20 2006 (4549BD7C)
8bc01000 8bc10000   klifoko  klifoko.sys  Mon Apr 26 23:04:54 2004 (408DCDD6)
8af3c000 8af66000   ks       ks.sys       Fri Mar 07 21:14:06 2008 (47D1F66E)
82055000 820bf000   ksecdd   ksecdd.sys   Mon Jun 15 09:10:14 2009 (4A364836)
87d80000 87d90000   lltdio   lltdio.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
964d4000 964ef000   luafv    luafv.sys    Thu Nov 02 04:33:07 2006 (4549AD43)
9ddfc000 9ddff180   mdmxsdk  mdmxsdk.sys  Mon Jun 19 17:26:59 2006 (449716A3)
8afe9000 8aff6000   modem    modem.sys    Thu Nov 02 04:58:52 2006 (4549B34C)
95f88000 95f97000   monitor  monitor.sys  Sun Dec 16 04:56:44 2007 (4764F65C)
8b07a000 8b085000   mouclass mouclass.sys Wed Dec 05 21:18:22 2007 (47575BEE)
80470000 80480000   mountmgr mountmgr.sys Thu Nov 02 04:51:06 2006 (4549B17A)
9ac02000 9ac16000   mpsdrv   mpsdrv.sys   Wed Jun 06 22:55:55 2007 (466773BB)
9b747000 9b767000   mrxdav   mrxdav.sys   Fri Jan 11 20:45:54 2008 (47881BD2)
9b729000 9b747000   mrxsmb   mrxsmb.sys   Tue Feb 23 08:14:40 2010 (4B83D4C0)
9b6f0000 9b729000   mrxsmb10 mrxsmb10.sys Tue Feb 23 08:14:49 2010 (4B83D4C9)
9b6de000 9b6f0000   mrxsmb20 mrxsmb20.sys Tue Feb 23 08:14:41 2010 (4B83D4C1)
8ae12000 8ae1d000   Msfs     Msfs.SYS     Thu Nov 02 04:30:56 2006 (4549ACC0)
804be000 804c6000   msisadrv msisadrv.sys Tue Dec 12 21:42:18 2006 (457F688A)
8b041000 8b06c000   msiscsi  msiscsi.sys  Thu Nov 02 04:52:40 2006 (4549B1D8)
8060e000 80639000   msrpc    msrpc.sys    Thu Nov 02 04:50:16 2006 (4549B148)
8a788000 8a792000   mssmbios mssmbios.sys Tue Dec 12 21:42:24 2006 (457F6890)
823e2000 823f1000   mup      mup.sys      Thu Nov 02 04:31:04 2006 (4549ACC8)
a3216000 a3227ee0   NAVENG   NAVENG.SYS   Thu Sep 21 15:01:06 2006 (4512E172)
a849d000 a8566ae0   NAVEX15  NAVEX15.SYS  Thu Sep 21 14:34:08 2006 (4512DB20)
80639000 8073d000   ndis     ndis.sys     Thu Nov 02 04:57:33 2006 (4549B2FD)
8afc7000 8afd2000   ndistapi ndistapi.sys Tue Jul 03 21:28:09 2007 (468AF7A9)
8a7a6000 8a7b0000   ndisuio  ndisuio.sys  Thu Nov 02 04:57:22 2006 (4549B2F2)
8afa4000 8afc7000   ndiswan  ndiswan.sys  Thu Nov 02 04:58:13 2006 (4549B325)
87d30000 87d40000   NDProxy  NDProxy.SYS  Tue Jul 03 21:28:13 2007 (468AF7AD)
8be5a000 8be68000   netbios  netbios.sys  Thu Oct 19 19:38:12 2006 (45380C64)
8be89000 8bebb000   netbt    netbt.sys    Thu Nov 02 04:57:18 2006 (4549B2EE)
821c7000 82200000   NETIO    NETIO.SYS    Fri Aug 14 10:24:15 2009 (4A85738F)
8ae04000 8ae12000   Npfs     Npfs.SYS     Thu Nov 02 04:30:57 2006 (4549ACC1)
878f0000 878f7800   nscirda  nscirda.sys  Thu Nov 02 04:57:06 2006 (4549B2E2)
8a7ba000 8a7c4000   nsiproxy nsiproxy.sys Thu Nov 02 04:57:30 2006 (4549B2FA)
81c00000 81fa1000   nt       ntkrpamp.exe Thu Feb 18 06:34:33 2010 (4B7D25C9)
820bf000 821c7000   Ntfs     Ntfs.sys     Sun Dec 16 04:31:37 2007 (4764F079)
87cb0000 87cb1800   NTIDrvr  NTIDrvr.sys  Tue Dec 21 15:33:14 2004 (41C8888A)
87892000 87899000   Null     Null.SYS     Thu Nov 02 04:51:05 2006 (4549B179)
9a475000 9a4a0000   nwifi    nwifi.sys    Fri Jan 18 22:06:33 2008 (47916939)
80401000 8040ab00   o2media  o2media.sys  Mon Apr 02 22:04:27 2007 (4611B62B)
80787000 8078fb80   o2sd     o2sd.sys     Mon Apr 02 04:11:06 2007 (4610BA9A)
87d00000 87d0f200   ohci1394 ohci1394.sys Wed Feb 07 21:04:50 2007 (45CA8542)
8be73000 8be89000   pacer    pacer.sys    Tue Jul 03 21:27:33 2007 (468AF785)
823f1000 82400000   partmgr  partmgr.sys  Thu Nov 02 04:51:47 2006 (4549B1A3)
80499000 804be000   pci      pci.sys      Tue Dec 12 21:42:27 2006 (457F6893)
8043f000 80446000   pciide   pciide.sys   Fri Jan 18 22:01:57 2008 (47916825)
80431000 8043f000   PCIIDEX  PCIIDEX.SYS  Fri Jan 18 22:01:56 2008 (47916824)
80446000 80470000   pcmcia   pcmcia.sys   Thu Nov 02 04:35:13 2006 (4549ADC1)
9dc22000 9dd00000   peauth   peauth.sys   Mon Oct 23 04:55:32 2006 (453C8384)
8aecb000 8aef8000   portcls  portcls.sys  Thu Nov 02 04:55:02 2006 (4549B266)
8073d000 80746000   psdfilter psdfilter.sys Wed Apr 25 04:28:17 2007 (462F1121)
82004000 8200d000   PSDNServ PSDNServ.sys Tue Mar 13 07:04:32 2007 (45F68540)
8200d000 8201f000   psdvdisk psdvdisk.sys Tue Mar 13 07:04:44 2007 (45F6854C)
802c2000 802cb000   PSHED    PSHED.dll    Thu Nov 02 05:42:51 2006 (4549BD9B)
8a485000 8a48e000   rasacd   rasacd.sys   Thu Nov 02 04:58:13 2006 (4549B325)
8afd2000 8afe9000   rasl2tp  rasl2tp.sys  Mon Jan 08 21:17:02 2007 (45A2FB1E)
8af95000 8afa4000   raspppoe raspppoe.sys Thu Nov 02 04:58:12 2006 (4549B324)
8af82000 8af95000   raspptp  raspptp.sys  Mon Jan 08 21:17:01 2007 (45A2FB1D)
8c0d1000 8c10c000   rdbss    rdbss.sys    Thu Nov 02 04:31:24 2006 (4549ACDC)
87930000 87938000   RDPCDD   RDPCDD.sys   Thu Nov 02 05:02:01 2006 (4549B409)
87960000 87968000   rdpencdd rdpencdd.sys Thu Nov 02 05:02:01 2006 (4549B409)
87c40000 87c46a00   RimSerial RimSerial.sys Mon Nov 24 12:02:13 2008 (492ADE15)
878f8000 87900000   RootMdm  RootMdm.sys  Thu Nov 02 04:58:51 2006 (4549B34B)
9a462000 9a475000   rspndr   rspndr.sys   Thu Nov 02 04:56:48 2006 (4549B2D0)
8ba25000 8bbffe40   RTKVHDA  RTKVHDA.sys  Wed Aug 22 06:44:12 2007 (46CC137C)
80790000 807b6000   SCSIPORT SCSIPORT.SYS Thu Nov 02 04:51:38 2006 (4549B19A)
8a79c000 8a7a6000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
8bf02000 8bf16000   smb      smb.sys      Thu Nov 02 04:57:10 2006 (4549B2E6)
87c71000 87c77d00   sncduvc  sncduvc.SYS  Wed Dec 27 22:21:50 2006 (4593384E)
8ca59000 8cbff280   snp2uvc  snp2uvc.sys  Mon Jun 11 22:38:23 2007 (466E071F)
a8437000 a849d000   SPBBCDrv SPBBCDrv.sys Fri Oct 06 17:01:22 2006 (4526C422)
80606000 8060e000   spldr    spldr.sys    Wed Oct 25 18:40:44 2006 (453FE7EC)
9a572000 9a600000   spsys    spsys.sys    Wed Oct 25 18:43:28 2006 (453FE890)
a8567000 a85b0000   SRTSP    SRTSP.SYS    Fri Nov 03 21:12:10 2006 (454BE8EA)
8be0a000 8be1b000   SRTSPX   SRTSPX.SYS   Fri Nov 03 21:12:10 2006 (454BE8EA)
9b629000 9b67a000   srv      srv.sys      Fri Dec 11 07:15:47 2009 (4B2237F3)
9b6ba000 9b6de000   srv2     srv2.sys     Mon Sep 14 05:50:53 2009 (4AAE11FD)
9a517000 9a532000   srvnet   srvnet.sys   Fri Dec 11 07:15:29 2009 (4B2237E1)
8b001000 8b041000   storport storport.sys Thu Nov 02 04:51:45 2006 (4549B1A1)
8c791000 8c79de80   STREAM   STREAM.SYS   Thu Nov 02 04:55:00 2006 (4549B264)
87ca8000 87ca9380   swenum   swenum.sys   Tue Dec 12 22:28:16 2006 (457F7350)
87ca6000 87ca7780   SYMDNS   SYMDNS.SYS   Mon Oct 23 20:26:34 2006 (453D5DBA)
8c1de000 8c200000   SYMEVENT SYMEVENT.SYS Wed Oct 18 00:13:40 2006 (4535A9F4)
8c10c000 8c12df00   SYMFW    SYMFW.SYS    Mon Oct 23 20:28:55 2006 (453D5E47)
8a434000 8a43c180   SYMIDS   SYMIDS.SYS   Mon Oct 23 20:29:36 2006 (453D5E70)
8be68000 8be73000   SYMNDISV SYMNDISV.SYS Mon Oct 23 20:38:52 2006 (453D609C)
87843000 87848080   SYMREDRV SYMREDRV.SYS Mon Oct 23 20:29:54 2006 (453D5E82)
8be1b000 8be46f00   SYMTDI   SYMTDI.SYS   Mon Oct 23 20:26:29 2006 (453D5DB5)
8b085000 8b0b2700   SynTP    SynTP.sys    Fri Sep 07 14:16:58 2007 (46E1959A)
8bf2b000 8c000000   tcpip    tcpip.sys    Thu Feb 18 07:05:31 2010 (4B7D2D0B)
8c1a7000 8c1b2000   tcpipreg tcpipreg.sys Thu Nov 02 04:57:46 2006 (4549B30A)
8aff6000 8b001000   TDI      TDI.SYS      Thu Nov 02 04:58:46 2006 (4549B346)
8bf16000 8bf2b000   tdx      tdx.sys      Thu Nov 02 04:57:34 2006 (4549B2FE)
8af66000 8af75000   termdd   termdd.sys   Tue Dec 12 22:53:43 2006 (457F7947)
95c00000 95c09000   TSDDD    TSDDD.dll    Thu Nov 02 05:02:02 2006 (4549B40A)
8a461000 8a46a000   tunmp    tunmp.sys    Thu Feb 18 07:04:29 2010 (4B7D2CCD)
8a405000 8a410000   tunnel   tunnel.sys   Thu Feb 18 07:04:38 2010 (4B7D2CD6)
8af75000 8af82000   umbus    umbus.sys    Thu Nov 02 04:55:24 2006 (4549B27C)
87cae000 87caf700   USBD     USBD.SYS     Thu Aug 30 21:23:36 2007 (46D76D98)
8a4e2000 8a4f0000   usbehci  usbehci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8af08000 8af3c000   usbhub   usbhub.sys   Thu Aug 30 21:24:00 2007 (46D76DB0)
8a774000 8a77e000   usbohci  usbohci.sys  Thu Aug 30 21:23:40 2007 (46D76D9C)
8a600000 8a63d000   USBPORT  USBPORT.SYS  Thu Aug 30 21:23:43 2007 (46D76D9F)
8ae1d000 8ae29000   vga      vga.sys      Thu Nov 02 04:53:56 2006 (4549B224)
8ba04000 8ba25000   VIDEOPRT VIDEOPRT.SYS Thu Nov 02 04:54:07 2006 (4549B22F)
8048a000 80499000   volmgr   volmgr.sys   Tue Dec 12 22:29:12 2006 (457F7388)
807b6000 80800000   volmgrx  volmgrx.sys  Thu Nov 02 04:51:54 2006 (4549B1AA)
8201f000 82055000   volsnap  volsnap.sys  Thu Oct 25 22:04:17 2007 (47214B21)
8be47000 8be5a000   wanarp   wanarp.sys   Tue Jul 03 21:28:16 2007 (468AF7B0)
8a52e000 8a53b000   watchdog watchdog.sys Thu Nov 02 04:37:44 2006 (4549AE58)
80204000 8027f000   Wdf01000 Wdf01000.sys Wed Dec 05 21:21:28 2007 (47575CA8)
80512000 8051f000   WDFLDR   WDFLDR.SYS   Wed Dec 05 21:21:19 2007 (47575C9F)
94a00000 94c00000   win32k   win32k.sys   Fri Aug 14 10:01:22 2009 (4A856E32)
8a46a000 8a473000   wmiacpi  wmiacpi.sys  Thu Aug 30 20:57:47 2007 (46D7678B)
804c6000 804cf000   WMILIB   WMILIB.SYS   Thu Nov 02 04:54:53 2006 (4549B25D)
95798000 957a0000   xaudio   xaudio.sys   Fri Aug 04 20:39:09 2006 (44D3E8AD)
8a4f0000 8a52e000   yk60x86  yk60x86.sys  Fri Mar 23 06:11:54 2007 (4603A7EA)

Unloaded modules:
957e8000 957f0000   drmkaud.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
9b611000 9b629000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87c05000 87c12000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a4a0000 8a4ab000   dump_ataport
    Timestamp: unavailable (00000000)
    Checksum:  00000000
87900000 87908000   dump_atapi.s
    Timestamp: unavailable (00000000)
    Checksum:  00000000
8a47c000 8a485000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000

Open in new window

0
willcompCommented:
"Another thing to mention is EVERY TIME I load windows, System Properties opens.  Also, I think the MSCONFIG keeps resetting itself." --- one again, same behavior as the one I had. Had forgotted those tidbits.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
That's SO WEIRD, isn't it willcomp??? :P  Hopefully we find an answer.  If it was mine, I would just wipe it, but this is a customer's computer.  I uninstalled ALL Toolbars through Programs & Features, and ran the Norton Removal Tool.  Same issue still occuring.
0
willcompCommented:
There is a repair install of sorts for Vista but it has to be run from normal mode. It was not an option in my case since I could not get into normal mode at all. The repair is an upgrade install of the same Vista version. If you can get into normal mode long enough, it may be an option. Here are instructions:
http://www.vistax64.com/tutorials/88236-repair-install-vista.html
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Unfortunately, I do not believe that is a viable option.  Normal mode crashes after about 30 seconds.  Never did like the way to do a repair install for Vista.  Why couldn't they make it more like Windows XP?  Don't get me wrong, I LOVE Windows 7, and Vista was the stepping stone to it, but that feature in Windows XP was priceless for fixing issues like this.
0
JonveeCommented:
Have been following this thread with interest, and wondering if you still have a Malware infection present.  

From your minidump analysis:
>> Probably caused by : SYMEVENT.SYS <<

As already suggested the software SYMEVENT is by Symantec Corporation

symevent.sys file information:
http://www.file.net/process/symevent.sys.html

Did you run Malwarebytes in normal mode?
If no, try downloading & updating Malwarebytes anti-Malware, from here:
http://www.malwarebytes.org/mbam.php
Then run in normal mode.  

Whatever the outcome, please try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro

Also, the recently successful Dr.Web CureIt!:
http://www.freedrweb.com/cureit/?lng=en

Finally the ESET Online Scanner, a free, & powerful tool:
http://www.eset.com/online-scanner

If it is an infection, this could work, and save a possible re-load.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I cannot run Malwarebytes in normal mode, but I have ran it in safe mode.  It has removed several infections already.  I have tried Hitman Pro also, which found 1 infection, to no joy.  I am downloading Dr. Web Cureit now.

SYMEVENT.sys no longer exists, most likely due to using the Norton Removal Tool

I will run ESET and Dr. Web once they have downloaded and post back the results.
0
JonveeCommented:

>>I cannot run Malwarebytes in normal mode<<
Not sure if you tried renaming Malwarebytes before downloading it to your desktop.
Many Malware infections will prevent good scanners from running properly, & this one was designed for normal mode.

You could try using the IE “Save As” function to rename MBAM.

This recent article by Expert younghv may help:
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html

Rkill is good, and is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools:
http://www.technibble.com/rkill-repair-tool-of-the-week/

RKill - What it does and What it Doesn't - A brief introduction to the program:
http://www.bleepingcomputer.com/forums/topic308364.html
0
rpggamergirlCommented:
Unsuccessful removal of drivers(malware or not) can also caused BSOD.
Which scanner caused it.

You could try restoring it from the quarantine.... If it ws comboFix it creates erunt backup... Delete files can also be restored from quarantine.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Dr. Web Cure It found 1 infection (C:\windows\system32\desktop _.ini
ESET found 3 Infections JS/Kryptik.Q trojan

Still BSOD's.
I will try rkill and run combofix again.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
No luck, I will try to use the ERUNT, however I'm not sure if any program caused the BSOD in normal mode.  When it was brought in for infection removal, we went into safe mode first to get around the infection.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Addition, I don't know how to use ERUNT with Windows Vista...
0
JonveeCommented:
ERUNT works ok with Vista if run under elevated privileges.
This link should help>
http://www.winhelponline.com/blog/backup-windows-vista-registry-daily-using-erunt/

also ...
Take a complete registry backup using ERUNT:
http://www.winxptutor.com/regback.htm

Incidently do you have the logfile from the last ComboFix scan please, it may show something of interest?
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I do not have the last Combofix logfile, because when it reboots, everything goes back to what it was.  So, combofix acts like it never ran.
0
JonveeCommented:
ok, thanks ... but it does look as if it never fully ran!
So, could you ensure the following points please ...

Before using ComboFix disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running.
Rename ComboFix.exe (to Combo-Fix.exe for example), before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.
You can try this key combination to reach a Run box >>
Windows Logo+R: Run dialog box

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Do not mouseclick Combofix's window while it is running, because it may stall.  
ComboFix should be run in normal mode of course ...see if that helps.


You probably saw the recommendations for TDSSKiller in the earlier link.
i don't wish to simply throw various scanners at you, but as we're trying to prevent a reload we might as well try every trick in the book, & this is another good Tool!  
You could download from here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

TDSSKiller tutorial, if reqd:
http://support.kaspersky.com/viruses/solutions?qid=208280684
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I ran TDSSKiller again (already ran it), after updating from the website.  No luck.  Also, when I run Combofix, it's actually named ComboFixMe.exe (just because I have ran into ones that stop you before!).  Not bad ideas though, just things I've already tried :(
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Also, as far as I know, there is no active scanner installed or running.
0
JonveeCommented:
Yesterday you said >>Normal mode crashes after about 30 seconds<<
Which presumably is why ComboFix in normal mode, is not running for up to approximately(say) 20 minutes.
In this case you could try running CF in Safe mode to see if there is a meaningfull CF log file generated.   i know ...bet you've already tried that! :)
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Yep, I did! :)  Safe mode is the only way I can run Safe Mode.  No log, sorry...
0
Russell_VenableCommented:
Have you uninstalled combofix from the computer? A few newer variants of malware in my lab have been using a new protection built-in to cause a BSOD by setting a false PEB offset to one of the vulnerable drivers when you use combofix specifically.  Lets make sure this is not your case.

0
rpggamergirlCommented:
I meant IF it was ComboFix's removal of a .sys file that caused BSOD, then we can reverse it using the Erunt backup created. It's easy to do just doubleclick it.


No combofix log in this location? --> C:\Combofix.txt


0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Combofix is uninstalled now, there is no folders left for combofix.  No, there is no Combofix.txt in the C:\ directory.  I will try to restart the computer now and see what happens.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Still BSOD's... :(
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Okay, I tried to put all the infections from Malwarebytes back (88 of them).  Also, the original reason it was brought in was System Tool (found the original sign in sheet).  That did not fix the issue.  I ran Combofix again, which removed infections and I made sure it booted back into safe mode, however I STILL did not get a logfile.  I found something that is somewhat interesting...

There seems to be multiple network adapters, which I don't understand.  I know there is a wireless and a wired, but then there is 6 other local area connections.  I've already downloaded the appropriate drivers from Acer's website, uninstalled the current drivers and software, and reinstalled.  I also in command prompt typed "set devmgr_show_nonpresent_devices=1" to show ALL installed instances of the network adapters and deleted what I found.

I will attach the ipconfig results.  And of course, after trying each thing, I rebooted to see if it BSOD's. :(
ipconfig.txt
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I know I shouldn't bump, but it has been 3 days... does anyone have any other ideas???
0
Russell_VenableCommented:
When you checked for a the system dump where did you check for it? Curious.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
C:\windows\minidump
0
JonveeCommented:
The minidump(s) may also be located in:
%systemroot%\minidump\

You may have to enable “Show all files and folders" in
Control Panel > Folder Options > View.

Also make sure that your computer is set to write minidumps.
Right-click My computer>Properties>Advanced>Startup and recovery, click settings and choose small memory dumps.

This may help ...
http://www.cakewalk.com/Support/ProblemReporter/minidump.asp

Also try My Computer>Properties>Advanced>Startup & Recovery.
Are the boxes under 'Settings' checked, & 'small memory dump' selected?

Occasionally if there's no minidump, you could be getting a total crash before Windows has had a chance to produce a crash dump.  
Suggest you then scan the hard disk for errors, running the command chkdsk /r

You could also try the appropriate HD diagnostic from here>
"Hard Drive Diagnostics Tools and Utilities":
http://tacktech.com/display.cfm?ttid=287

Incidently, absence of minidump can also be due to deteriorating motherboard capacitors, or a flakey power supply.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Well, this is a laptop, and I tell the computer to write a full memory dump, but the option changes when I reboot from Safe Mode, like it never saved what I did...
0
Russell_VenableCommented:
Come to think of it. Since this is a kernel exception error I would like you to do a manual windows update. Let's see if you can't get the the latest service pack installed and see how it goes from there.

Go here to manually update
http://www.microsoft.com/protect/computer/updates/mu.mspx

Or if must the automatic method
http://update.microsoft.com/

If this does not solve the kernel error we are going to need to start looking at drivers since you said it bluescreena after 30 sec's of startup.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Error code 0x80071A91 when trying to install Service Pack 1
0
Russell_VenableCommented:
Try entering this in a elevated command prompt and trying the update again.

fsutil resource setautoreset true c:\
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I actually already tried it :)  But it didn't work
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I'm going to upload the gmer scan I did.  It will BSOD if I included the second option (I think services), but on no others.  It LOOKS like it bsod's when scanning crsss.exe?  and crypt32.dll.
gmer-registry.log
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I've been looking at files created within the last 3 weeks, seeing if there was anything sticking out.  I saw several odd files, and deleted them.  Though some seem to keep recreating.  I zipped the files up and are uploading for you guys to look at.
Infections.zip.zip
0
Russell_VenableCommented:
From your gmer log you have active kernel system hooking. The other files you send where santizex(0 bit) files. Most likely cleaned from infection.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Okay, how to I fix the active kernel system hooking issue?
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I downloaded Unhackme and am uploading a scanlog.  It did find some files that are of concern, but 'removing' them with the program and rebooting seems to have no effect.
regrunlog.txt
0
Russell_VenableCommented:
Ok, try entering entering windows key + r and then type msconfig in the run box, hit enter. When the msconfig tool appears you should be on the General tab by default. You have 3 options on that tab. Select "Selective startup" then uncheck "Load startup startup items", click apply, and reboot, enter windows normally and check to see it will allow you to entry windows normally without a BSOD.

If not go into safe boot and repeat these steps again except make sure "Load system services" and "Load startup items" are uncheck hit apply and reboot in normal mode.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I did try that, unfortunately every time I reboot, any changes I made seem to be gone.  I even selected Diagnostic startup, and when it rebooted, it was back to selective startup with both options checkmarked.
0
Russell_VenableCommented:
Ok, the important part is it worked. Now we need to find one by one which driver is causing the trouble since it has been narrowed down.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Okay, how do we go about that?  I guess I'm confused how it worked.  It still BSOD's in normal mode.
0
Russell_VenableCommented:
That's not good at all. If you have the vista install DVD you can do a system restore off of that. If not check for a system restore partition on your drive by hitting F8 after your bios on startup just before the windows XP login screen. If none of these options work te only thing left to do is backup any important files and format am reinstall vista or buy a vista install dvd. Took me a while to find a picture step through for you to guide from but here it is

http://www.bleepingcomputer.com/tutorials/tutorial142.html
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Unfortunately, there is no system restore points made for me to recover from.  I really don't want to format and install vista if at all possible.  I know that is always an option, but I would like to fix this computer without doing that.  I did just try an upgrade repair install, but it does not work in safe mode.  I don't know why Microsoft made it so difficult vs. how it was for Windows XP.  Sigh...  Any other ideas?
0
JonveeCommented:
Assuming for the moment that the BSOD is due to a corrupted driver, see if this Driver Verify helps.
Instructions for Drive Verifier.  
http://www.techsupportforum.com/2110308-post4.html

Ignore the no1 instruction to "create a SR restore point" because your System_Restore is non functional ... unless of course the 'restore point' selection still works ... could you confirm please?
0
JonveeCommented:
@ jcgriff2  ... Hi, i thought the name 'rang a bell', with that last link it seems i'm referring to some of your previous work!
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Nope, cannot create a restore point, however I did find some interesting things I believe...  and the Driver verifier did not run and create a minidump, but I'm going to attach a screenshot with a list of drivers... very odd.

dump_atapi.sys
dump_dumpata.sys
bcmwl6.sys
dkbfltr.sys
psdfilter.sys
psdnserv.sys
psdvdisk.sys
yk60x86.sys
ntidrvr.sys
o2media.sys
o2sd.sys
syntp.sys

Tell me what you think! :P  I don't think the dump ones belong there, do they?
verifier.jpg
verifier2.jpg
0
JonveeCommented:
Thanks ... although i've seen dump_atapi.sys and dump_dumpata.sys listed before, as shown in this next link, but i'm not sure why this is so.
http://www.pchelpforum.com/win-7-vista-bsod/104517-warcraft-blue-screen-death.html
0
JonveeCommented:
It could be telling us there's a Malware infection still present.
0
Russell_VenableCommented:

I'd you have used process explorer it makes a memory dump of the driver so it can process the PE headers while the copy of the driver is not running for further analysis. 

Dump_Dumpata.sys is a vista system driver for managing ATA devices.

Dump_atapi.sys is the IDE port driver.

Dlbfltr.sys is the Dritek Keyboard Filter Driver

bcmwl6.sys is Broadcom 802.11 Network Adapter wireless driver

psdfilter.sys is Acer eDataSecurity Management PSD Filter Driver
psdnserv.sys is
PSD Named Pipe Driver - Acer eDataSecurity Management
psdvdisk.sys is Acer eDataSecurity Management PSD Virtual Disk Driver
yk60x86.sys is Miniport Driver for Marvell Yukon Ethernet Controller.
ntidrvr.sys - not sure what this driver does, but it is from 
NewTech Infosystems, Inc.
o2media.sys - company o2media
o2sd.sys is O2Micro SD Reader Driver
syntp.sys is is the Synaptics Touchpad Driver

Drivers are created into memory and stored locally as a dump file along with everything else that was running in the same memory space. Generally a dump like this will be much larger then the original driver size.  

So in essence that is your direct memory mapped file of the driver  that your AV creates to scan for signatures. Nothing malicious just makes scanning faster. None of the files you listed are rootkit drivers unless they don't match filesize header of the original.

Have you created a recovery console disk by going to run and typing recdisc.expand burning one to DVD? I would suggest your next approach should be going to another vista system and make sure that system is the same architecture(x86/x64/IA64/etc)
of the same system and burn that recovery console disc and use that ad your recovery console to repair your Drivers using a vista installation disk to copy those original files over to over-write the existing ones.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Could you walk me through how to create the Recovery Console disk and what files to copy over?
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Sorry, I don't know how to put code in for dump files, but here's some I created with Process Explorer
ProcessExplorerDumps.zip
0
Russell_VenableCommented:
First off I would like to make sure you ask the customer if they have got a recovery disc with there acer computer as there is a chance they did if not there should be a recovery partition somewhere along the bootup. Hitting F8 after the bios screens. Some computers are different and have it with the f11 for some reason I would just atleast try that option before you do the below steps. Additionally I tryed to find a pictorial guide to give you buy it seems the link was broken so I did not include the link in the first step.

To burn the recovery console DVD all you need to do is.

1.) Go to here or use the bittorrent links here the first link provides a highspeed download of iso image file, but it cost near $10. Bittorrent links do not.

Courtesy of C4 consulting,

1. Copy the recdisc.exe file out of sp1 vista beta or alternatively I can e-mail this file to you ( this post complete with a pictorial guide and the file is available here)
2. Open up the system32 folder (C:\Windows\System32)
3. Select recdisc.exe and open up its properties (right clicking on the file will bring up the property selection)
4. Select the “security” tab
5. Click on “Advanced”
Select the “owners” tab and click “edit”
6. Select “Administrators” to change the owners ( alternatively you can select your user account)
7.       Click OK, then Ok on the next screen
8.       You should be looking at the “file security settings” window
Select “administrators” (or your user account)
 
9.       Tick the “allow boxes” and “full control”, then OK and Ok
10.    It’s a good idea to make a copy of this file, in case you need to add it back latter
11.   Copy and replace  the recdisc.exe file with the one you downloaded
12.   Create a shortcut and place it on your desktop to enable easy access
13.   That’s it
 
Running the Program:
1.       Double Click the shortcut you created earlier (alternatively type in c:\windows\system32\recdisc.exe)
2.        Follow the prompts, It will ask you to insert your vista install disc,
3.       Then will ask you to insert a blank cd
4.       That’s it

How to use it
1.       Boot up the computer and hit the del or F2 key (depending on the computer) to enter BIOs
2.       Navigate to the boot settings menu
3.       Ensure the CDRom is the first boot preference
4.       When prompted, press any key to boot off the cd
5.       Wait for the cd to load
6.       It will then load the install screen ( remember this cd will not install or re-install windows)
7.       Select repair
8.       Run the repair/recovery tool you need
 
If you really want to read the original article's here is the links as well. I would really suggest that you make a recovery DVD from a separate vista machine that has the SP1 installed with the recdisc.exe already on it and the same architecture.

Reference:
Technet recdisc.exe tool

Vista startup problems
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I guess I don't understand what to do, could you make it more clear please?  I got recdisc.exe file off of another Vista computer and copied it to this computer (this one didn't have it).  I changed the permissions and tried to run it, but nothing happened.  I downloaded the Vista Recovery Disc, and ran it, but it seems to have done nothing different than running the actual Vista disc and do repair.
0
Russell_VenableCommented:
If you ran the Recovery disk as a bootup you should have a option to do a system restore using the last system backup this should as it is ebony run as a PE disk and not directly from the operating system. It has everything that you need to repair the system. I'd you can't do a restore from there they may have no better of an option then to do a full restore. I would try entering the vista recovery DVD again and boot off of that and then attempt to run the system restore. If you succeed the then you will be happily at a state before the BSOD's. Hope it works for you. It works for me and I have tried these for a lot of different systems.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Sorry, there is no system restore points.  I know that reload is an option, I'm just trying to prevent reloading.  The customer doesn't want to reload if it's not neccessary, and honestly it's gotten to the point that I WANT to beat this da*n thing!  You know?
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
Okay, I hate to do it, but I reloaded the system.  Everything appears to be working, so there was definitely something software-wise causing an issue.  Sigh... Oh well.  Thank you everybody for your assistance.
0
Russell_VenableCommented:
Well without a good dump file it is hard to tell. The last dump showed a infection with W32.Koobface nasty worm...You will need to talk to them about internet safety and best practices for safe Internet surfing. Thus worm drops a lot of files after infection. There might be some files still in the system. Technical details are here if you want to read them. Since you removed the antivirus protection from the system have you tried using a Bootable antivirus rescue DVD? Examples of these are listed Here There has to be another kernel driver that is running that the worm dropped and is not compatible with vista's kernel pooling. I should of asked this earlier. Did you check the system's eventlog's for access calls and driver failures? I am trying to look for ad many ways to get you a good answer for this and safely on your way again I hate these worms.
0
willcompCommented:
"but I reloaded the system" -- can I say I told you so?

There were probably registry changes which would have helped but I am not a registry guru and could not find any information that proved useful. I only nuke and pave as a last resort.
0
Russell_VenableCommented:
Well there are a few last resorts. Looking at the add-in hardware(memory, ram, etc) and check to make sure all the slots are fitted properly since the computer has been moved it's possible that some of the hardware possibly got loosened from the car ride over or just moving it in the shop. Mind taking photo of the bluescreenand posting it here to confirm as well?
0
Russell_VenableCommented:
Arg didn't reload lol. Oh well!
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
THank you for your help, I don't know who to award points too... little help???
0
willcompCommented:
Split points among those who gave it a good effort.
0
Russell_VenableCommented:
Agreed, there was a lot of good help here.
0
Russell_VenableCommented:
I'd suggest a split there was a lot of good suggestions here.
0
JonveeCommented:
Agreed ... split points, appropriately.
0
Scott ThompsonComputer Technician / OwnerAuthor Commented:
I thank everyone who tried to help...one day we will run across this again, and we WILL find the answer!  I guess this is another day where we have to give the gold medal to those infection writing inconsiderates.  Anytime I need more help, I know I'll be looking towards you guys.
0
JonveeCommented:
We can't win them all, but you know where we all are if or when you need us again ...and thanks for the recognision.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.