blue screen windows 7 please help

A

ACT

New member
Local time
9:43 PM
Messages
1
hi all i just work on ma pc by win 7 installed but suddenly blue screen came and i restarted.till that time im trying to turn on ma pc but in start up blue screen shows up and restart automatically.i try in safe mode pc comes up without any problem.note: I have win xp too please help dmp file attached
 

My Computer

OS
win 7 ultimate
The module ntkr128g.exe shows up in the dump as a patched Kernel.

Code: 
82e14000 83224000  [COLOR=red] nt[/COLOR]       [COLOR=blue]ntkr128g.exe[/COLOR] Mon Jul 13 19:15:19 2009 (4A5BC007)

You are running a cracked version of Windows 7. I suggest that you purchae a genuine Windows 7 DVD.

Rehards. . .

jcgriff2

.

Code: 
[COLOR=#000055][FONT=lucida console]Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Copyright (c) Microsoft Corporation. All rights reserved.[/FONT][/COLOR]
 
[COLOR=#000055][FONT=lucida console]Loading Dump File [C:\Users\PalmDesert7\_jcgriff2_\dbug\__Kernel__\020610-25662-01.dmp][/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Mini Kernel Dump File: Only registers and stack trace are available[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]WARNING: Whitespace at end of path element[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols[/FONT][/COLOR]
 
[COLOR=#000055][FONT=lucida console]Executable search path is: [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Unable to load image \SystemRoot\system32\ntkr128g.exe, Win32 error 0n2[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** WARNING: Unable to verify timestamp for ntkr128g.exe[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** ERROR: Module load completed but symbols could not be loaded for ntkr128g.exe[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Windows 7 Kernel Version 7600 MP (4 procs) Free x86 compatible[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Product: WinNt, suite: TerminalServer SingleUserTS[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Built by: 7600.16385.x86fre.win7_rtm.090713-1255[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Machine Name:[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Kernel base = 0x82e14000 PsLoadedModuleList = 0x82f5c810[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Debug session time: Fri Feb  5 18:55:01.984 2010 (GMT-5)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]System Uptime: 0 days 0:00:11.467[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Unable to load image \SystemRoot\system32\ntkr128g.exe, Win32 error 0n2[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** WARNING: Unable to verify timestamp for ntkr128g.exe[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** ERROR: Module load completed but symbols could not be loaded for ntkr128g.exe[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Loading Kernel Symbols[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]...............................................................[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]..................[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Loading User Symbols[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]2: kd> !analyze -v[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*******************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*                                                                             *[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*                        Bugcheck Analysis                                    *[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*                                                                             *[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*******************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]PAGE_FAULT_IN_NONPAGED_AREA (50)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Invalid system memory was referenced.  This cannot be protected by try-except,[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]it must be protected by a Probe.  Typically the address is just plain bad or it[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]is pointing at freed memory.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Arguments:[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Arg1: ffffffff, memory referenced.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Arg2: 00000000, value 0 = read operation, 1 = write operation.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Arg3: 9239bed0, If non-zero, the instruction address which referenced the bad memory[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]address.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Arg4: 00000000, (reserved)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Debugging Details:[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]------------------[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** WARNING: Unable to verify timestamp for KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*** ERROR: Module load completed but symbols could not be loaded for KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***** Kernel symbols are WRONG. Please fix symbols to do analysis.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!KPRCB                                      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!KPRCB                                      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Your debugger is not using the correct symbols                 ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    In order for this command to work properly, your symbol path   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    must point to .pdb files that have full type information.      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Certain .pdb files (such as the public OS symbols) do not      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    contain the required information.  Contact the group that      ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    provided you with these symbols if you need this command to    ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    work.                                                          ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***    Type referenced: nt!_KPRCB                                     ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]***                                                                   ***[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]*************************************************************************[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]ADDITIONAL_DEBUG_TEXT:  [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Use '!findthebuild' command to search for the target build information.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]FAULTING_MODULE: 82e14000 nt[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]DEBUG_FLR_IMAGE_TIMESTAMP:  4b6bf201[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]READ_ADDRESS: unable to get nt!MmSpecialPoolStart[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]unable to get nt!MmSpecialPoolEnd[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]unable to get nt!MmPoolCodeStart[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]unable to get nt!MmPoolCodeEnd[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]ffffffff [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]FAULTING_IP: [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]KGootkit+3ed0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9239bed0 6681384d5a      cmp     word ptr [eax],5A4Dh[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]MM_INTERNAL_CODE:  0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]CUSTOMER_CRASH_COUNT:  1[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]BUGCHECK_STR:  0x50[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]CURRENT_IRQL:  0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]LAST_CONTROL_TRANSFER:  from 82e5a5f8 to 82e998e3[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]STACK_TEXT:  [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]WARNING: Stack unwind information not available. Following frames may be wrong.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85c14 82e5a5f8 00000000 ffffffff 00000000 nt+0x858e3[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85c2c 9239bed0 badb0d00 82e573a9 00000008 nt+0x465f8[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85ca4 9239c7ff 9239c5a0 00000001 00000000 KGootkit+0x3ed0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85ce0 9239cae7 82e5738f 82e5738f 82e81f03 KGootkit+0x47ff[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d00 82e81f2b 86fc8000 00000000 85ec9020 KGootkit+0x4ae7[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d50 8302266d 00000001 bac6ac56 00000000 nt+0x6df2b[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d90 82ed40d9 82e81e1e 00000001 00000000 nt+0x20e66d[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]00000000 00000000 00000000 00000000 00000000 nt+0xc00d9[/FONT][/COLOR]
 
[COLOR=#000055][FONT=lucida console]STACK_COMMAND:  kb[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]FOLLOWUP_IP: [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]KGootkit+3ed0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9239bed0 6681384d5a      cmp     word ptr [eax],5A4Dh[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]SYMBOL_STACK_INDEX:  2[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]SYMBOL_NAME:  KGootkit+3ed0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]FOLLOWUP_NAME:  MachineOwner[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]MODULE_NAME: KGootkit[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]IMAGE_NAME:  KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]BUCKET_ID:  WRONG_SYMBOLS[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Followup: MachineOwner[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]---------[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]2: kd> lmvm KGootkit[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]start    end        module name[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92398000 923a0600   KGootkit T (no symbols)           [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  Loaded symbol image file: KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  Image path: \SystemRoot\System32\drivers\KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  Image name: KGootkit.sys[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  Timestamp:        Fri Feb 05 05:25:05 2010 (4B6BF201)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  CheckSum:         00017653[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  ImageSize:        00008600[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]  Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]2: kd> k[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]ChildEBP RetAddr  [/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]WARNING: Stack unwind information not available. Following frames may be wrong.[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85c14 82e5a5f8 nt+0x858e3[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85c2c 9239bed0 nt+0x465f8[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85ca4 9239c7ff KGootkit+0x3ed0[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85ce0 9239cae7 KGootkit+0x47ff[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d00 82e81f2b KGootkit+0x4ae7[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d50 8302266d nt+0x6df2b[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ff85d90 82ed40d9 nt+0x20e66d[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]00000000 00000000 nt+0xc00d9[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]2: kd> lmnt'[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]Unknown option '''[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]start    end        module name[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]80bc0000 80bc8000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]82e14000 83224000   nt       ntkr128g.exe Mon Jul 13 19:15:19 2009 (4A5BC007)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]83224000 8325b000   hal      halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8da19000 8da91000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8da91000 8daa2000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daa2000 8daaa000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daaa000 8daec000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daec000 8db97000   CI       CI.dll       Mon Jul 13 21:09:28 2009 (4A5BDAC8)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8db97000 8dbcb000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dbcb000 8dbea000   cdrom    cdrom.sys    Mon Jul 13 19:11:24 2009 (4A5BBF1C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc04000 8dc75000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc75000 8dc83000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc83000 8dccb000   ACPI     ACPI.sys     Mon Jul 13 19:11:11 2009 (4A5BBF0F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dccb000 8dcd4000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dcd4000 8dcdc000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dcdc000 8dd06000   pci      pci.sys      Mon Jul 13 19:11:16 2009 (4A5BBF14)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd06000 8dd11000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd11000 8dd22000   partmgr  partmgr.sys  Mon Jul 13 19:11:35 2009 (4A5BBF27)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd22000 8dd32000   volmgr   volmgr.sys   Mon Jul 13 19:11:25 2009 (4A5BBF1D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd32000 8dd7d000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd7d000 8dd84000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd84000 8dd92000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd92000 8dda8000   mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dda8000 8ddb1000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddb1000 8ddd4000   ataport  ataport.SYS  Mon Jul 13 19:11:18 2009 (4A5BBF16)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddd4000 8dddd000   amdxata  amdxata.sys  Tue May 19 13:57:35 2009 (4A12F30F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dddd000 8ddee000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddee000 8ddf9000   klbg     klbg.sys     Mon Dec 15 11:41:09 2008 (494688A5)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de00000 8de0e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de0e000 8de17000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de2e000 8df5d000   Ntfs     Ntfs.sys     Mon Jul 13 19:12:05 2009 (4A5BBF45)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df5d000 8df88000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df88000 8df9b000   ksecdd   ksecdd.sys   Mon Jul 13 19:11:56 2009 (4A5BBF3C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df9b000 8dff8000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e01a000 8e0d1000   ndis     ndis.sys     Mon Jul 13 19:12:24 2009 (4A5BBF58)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e0d1000 8e10f000   NETIO    NETIO.SYS    Mon Jul 13 19:12:35 2009 (4A5BBF63)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e10f000 8e134000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e134000 8e161000   rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e161000 8e193000   fvevol   fvevol.sys   Mon Jul 13 19:13:01 2009 (4A5BBF7D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e193000 8e1a4000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1a4000 8e1c9000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1c9000 8e1d2000   dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1d2000 8e1e3000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e200000 8e20b000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e20e000 8e357000   tcpip    tcpip.sys    Mon Jul 13 19:13:18 2009 (4A5BBF8E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e357000 8e388000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e388000 8e390380   vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e391000 8e3d0000   volsnap  volsnap.sys  Mon Jul 13 19:11:34 2009 (4A5BBF26)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3d0000 8e3d8000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3d8000 8e3e8000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3e8000 8e3f0000   hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3f0000 8e3fd000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92214000 9225d000   klif     klif.sys     Fri Jul 03 05:08:10 2009 (4A4DCA7A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9225d000 92264000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92264000 9226b000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9226b000 92277000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92277000 92298000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92298000 922a5000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922a5000 922ad000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:01:40 2009 (4A5BCAE4)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922ad000 922b5000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922b5000 922bd000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922bd000 922c8000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922c8000 922d6000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922d6000 922ed000   tdx      tdx.sys      Mon Jul 13 19:12:10 2009 (4A5BBF4A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922ed000 922f8000   TDI      TDI.SYS      Mon Jul 13 19:12:12 2009 (4A5BBF4C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922f8000 92306000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92306000 92320000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92320000 92333000   wanarp   wanarp.sys   Mon Jul 13 19:55:02 2009 (4A5BC956)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92333000 92343000   termdd   termdd.sys   Mon Jul 13 20:01:35 2009 (4A5BCADF)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92343000 92384000   rdbss    rdbss.sys    Mon Jul 13 19:14:26 2009 (4A5BBFD2)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92384000 9238e000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9238e000 92398000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92398000 923a0600   KGootkit KGootkit.sys Fri Feb 05 05:25:05 2010 (4B6BF201)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95008000 95528000   kl1      kl1.sys      Mon Jun 15 06:00:15 2009 (4A361BAF)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95528000 95582000   afd      afd.sys      Mon Jul 13 19:12:34 2009 (4A5BBF62)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95582000 955b4000   netbt    netbt.sys    Mon Jul 13 19:12:18 2009 (4A5BBF52)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955b4000 955bb000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955bb000 955da000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955da000 955eb000   vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955eb000 955f2000   klim6    klim6.sys    Fri May 15 10:50:04 2009 (4A0D811C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955f2000 955fa000   anodlwf  anodlwf.sys  Fri Mar 06 05:09:51 2009 (49B0F66F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955fa000 955fc170   lixgax   lixgax.sys   Wed Jan 20 12:17:19 2010 (4B573A9F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]2: kd> lmntsm[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]start    end        module name[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc83000 8dccb000   ACPI     ACPI.sys     Mon Jul 13 19:11:11 2009 (4A5BBF0F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95528000 95582000   afd      afd.sys      Mon Jul 13 19:12:34 2009 (4A5BBF62)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddd4000 8dddd000   amdxata  amdxata.sys  Tue May 19 13:57:35 2009 (4A12F30F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955f2000 955fa000   anodlwf  anodlwf.sys  Fri Mar 06 05:09:51 2009 (49B0F66F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dda8000 8ddb1000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddb1000 8ddd4000   ataport  ataport.SYS  Mon Jul 13 19:11:18 2009 (4A5BBF16)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92264000 9226b000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daa2000 8daaa000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dbcb000 8dbea000   cdrom    cdrom.sys    Mon Jul 13 19:11:24 2009 (4A5BBF1C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daec000 8db97000   CI       CI.dll       Mon Jul 13 21:09:28 2009 (4A5BDAC8)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1a4000 8e1c9000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8daaa000 8daec000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df9b000 8dff8000   cng      cng.sys      Mon Jul 13 19:32:55 2009 (4A5BC427)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3f0000 8e3fd000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e193000 8e1a4000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1c9000 8e1d2000   dump_atapi dump_atapi.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e200000 8e20b000   dump_dumpata dump_dumpata.sys Mon Jul 13 19:11:16 2009 (4A5BBF14)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e1d2000 8e1e3000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dddd000 8ddee000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8db97000 8dbcb000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de0e000 8de17000   Fs_Rec   Fs_Rec.sys   Mon Jul 13 19:11:14 2009 (4A5BBF12)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e161000 8e193000   fvevol   fvevol.sys   Mon Jul 13 19:13:01 2009 (4A5BBF7D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e357000 8e388000   fwpkclnt fwpkclnt.sys Mon Jul 13 19:12:03 2009 (4A5BBF43)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]83224000 8325b000   hal      halmacpi.dll Mon Jul 13 19:11:03 2009 (4A5BBF07)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3e8000 8e3f0000   hwpolicy hwpolicy.sys Mon Jul 13 19:11:01 2009 (4A5BBF05)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]80bc0000 80bc8000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92398000 923a0600   KGootkit KGootkit.sys Fri Feb 05 05:25:05 2010 (4B6BF201)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95008000 95528000   kl1      kl1.sys      Mon Jun 15 06:00:15 2009 (4A361BAF)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8ddee000 8ddf9000   klbg     klbg.sys     Mon Dec 15 11:41:09 2008 (494688A5)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92214000 9225d000   klif     klif.sys     Fri Jul 03 05:08:10 2009 (4A4DCA7A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955eb000 955f2000   klim6    klim6.sys    Fri May 15 10:50:04 2009 (4A0D811C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df88000 8df9b000   ksecdd   ksecdd.sys   Mon Jul 13 19:11:56 2009 (4A5BBF3C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e10f000 8e134000   ksecpkg  ksecpkg.sys  Mon Jul 13 19:34:00 2009 (4A5BC468)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955fa000 955fc170   lixgax   lixgax.sys   Wed Jan 20 12:17:19 2010 (4B573A9F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8da19000 8da91000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon Jul 13 21:06:41 2009 (4A5BDA21)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd92000 8dda8000   mountmgr mountmgr.sys Mon Jul 13 19:11:27 2009 (4A5BBF1F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922bd000 922c8000   Msfs     Msfs.SYS     Mon Jul 13 19:11:26 2009 (4A5BBF1E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dcd4000 8dcdc000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8df5d000 8df88000   msrpc    msrpc.sys    Mon Jul 13 19:11:59 2009 (4A5BBF3F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9238e000 92398000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3d8000 8e3e8000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e01a000 8e0d1000   ndis     ndis.sys     Mon Jul 13 19:12:24 2009 (4A5BBF58)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922f8000 92306000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]95582000 955b4000   netbt    netbt.sys    Mon Jul 13 19:12:18 2009 (4A5BBF52)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e0d1000 8e10f000   NETIO    NETIO.SYS    Mon Jul 13 19:12:35 2009 (4A5BBF63)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922c8000 922d6000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92384000 9238e000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]82e14000 83224000   nt       ntkr128g.exe Mon Jul 13 19:15:19 2009 (4A5BC007)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de2e000 8df5d000   Ntfs     Ntfs.sys     Mon Jul 13 19:12:05 2009 (4A5BBF45)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9225d000 92264000   Null     Null.SYS     Mon Jul 13 19:11:12 2009 (4A5BBF10)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955bb000 955da000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd11000 8dd22000   partmgr  partmgr.sys  Mon Jul 13 19:11:35 2009 (4A5BBF27)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dcdc000 8dd06000   pci      pci.sys      Mon Jul 13 19:11:16 2009 (4A5BBF14)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd7d000 8dd84000   pciide   pciide.sys   Mon Jul 13 19:11:19 2009 (4A5BBF17)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd84000 8dd92000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8de00000 8de0e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8da91000 8daa2000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92343000 92384000   rdbss    rdbss.sys    Mon Jul 13 19:14:26 2009 (4A5BBFD2)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922a5000 922ad000   RDPCDD   RDPCDD.sys   Mon Jul 13 20:01:40 2009 (4A5BCAE4)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922ad000 922b5000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922b5000 922bd000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e134000 8e161000   rdyboost rdyboost.sys Mon Jul 13 19:22:02 2009 (4A5BC19A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92306000 92320000   serial   serial.sys   Mon Jul 13 19:45:33 2009 (4A5BC71D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e3d0000 8e3d8000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e20e000 8e357000   tcpip    tcpip.sys    Mon Jul 13 19:13:18 2009 (4A5BBF8E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922ed000 922f8000   TDI      TDI.SYS      Mon Jul 13 19:12:12 2009 (4A5BBF4C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]922d6000 922ed000   tdx      tdx.sys      Mon Jul 13 19:12:10 2009 (4A5BBF4A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92333000 92343000   termdd   termdd.sys   Mon Jul 13 20:01:35 2009 (4A5BCADF)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd06000 8dd11000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]9226b000 92277000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92277000 92298000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e388000 8e390380   vmstorfl vmstorfl.sys Mon Jul 13 19:28:44 2009 (4A5BC32C)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd22000 8dd32000   volmgr   volmgr.sys   Mon Jul 13 19:11:25 2009 (4A5BBF1D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dd32000 8dd7d000   volmgrx  volmgrx.sys  Mon Jul 13 19:11:41 2009 (4A5BBF2D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8e391000 8e3d0000   volsnap  volsnap.sys  Mon Jul 13 19:11:34 2009 (4A5BBF26)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955da000 955eb000   vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92320000 92333000   wanarp   wanarp.sys   Mon Jul 13 19:55:02 2009 (4A5BC956)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]92298000 922a5000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc04000 8dc75000   Wdf01000 Wdf01000.sys Mon Jul 13 19:11:36 2009 (4A5BBF28)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dc75000 8dc83000   WDFLDR   WDFLDR.SYS   Mon Jul 13 19:11:25 2009 (4A5BBF1D)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]955b4000 955bb000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)[/FONT][/COLOR]
[COLOR=#000055][FONT=lucida console]8dccb000 8dcd4000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)[/FONT][/COLOR]
 

My Computer

OS
Windows 7 - Vista
You must log in or register to reply here.
Back
Top