Symbols could not be loaded for win32k.sys

writhziden

writhziden

Administrator, .NET/UWP Developer
Staff member
Joined
May 23, 2012
Posts
2,943
Location
Colorado
Anyone else have issues with the win32k.sys module? Specifically these messages:
*** WARNING: Unable to verify checksum for win32k.sys
Click to expand...
and
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Click to expand...

The issue with win32k.sys was wreaking havoc with the Sysnative BSOD Apps. I finally was able to find a workaround, but it would be nice to know why this issue exists. Let me know if you have problems with the .dmps attached, as well.

Here are some .dmps that I have issues with: View attachment SymbolIssues.zip


Thanks.

-Mike
 
Last edited:
Yep.. win32k showed up w/o symbols in all 9 dumps.

McAfee & Intel wifi in a few.

One new MS symbol was d/l - bthport.sys

Here is a 167 MB ProcMon log recording SysnativeBSODApps.exe & kd.exe I/O activity -

17.7 MB zip - https://www.sysnative.com/temp/

ProcMon opens the PML file - http://live.sysinternals.com/Procmon.exe

All output from my run is attached.

No idea what's up w/ win32k at this time.
 

Attachments

I have a group of 518 .dmps. I receive this error on 30% of them whether I use online or local symbols. Re-running does not resolve it for most of them. I'll have to do further testing to give you more accurate data as to how many are affected. Preliminary results are 110 of the first 378 were affected:
Code: 
378 .dmps processed 
[LIST=1]
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[*]*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[/LIST]
 
That may be more difficult to find out, but it is an excellent suggestion. I'll look into it. Keep the thoughts coming.
 


ProcMon screenshots...

Check out the ProcessTree --- look at the time on the kd's. One is 5 min... or never finished..?

ProcessTree.png

Path sorted by READ bytes shows total READ bytes = 222 MB; NT = 216 MB - 97.3% (of the 222 MB). All other symbol files are listed. IDK if that is normal or not.

PATH_sortedby_READ_bytes.png


The other 2 are ProcMon I/O sorted by dir, file ext.

Doesn't help us w/ win32k, but interesting as hell to me nonetheless!
 

Attachments

  • DIR.png
    DIR.png
    106.5 KB · Views: 2
  • EXT.png
    EXT.png
    128.5 KB · Views: 3
writhziden said:
I have a group of 518 .dmps. I receive this error on 30% of them whether I use online or local symbols. Re-running does not resolve it for most of them. I'll have to do further testing to give you more accurate data as to how many are affected. Preliminary results are 110 of the first 378 were affected:
Code: 
378 .dmps processed 
[/QUOTE]

Zip them up,  please.

I want to pull the timestamps & build number from them.

I won't be back home until later tonight.
Click to expand...
 
I am currently consolidating only the ones that cause the win32k.sys error to appear using local symbols. I am then going to run them with online symbols and see how many are cleaned up. Do you want the full 518 or just the ones I have issues with? Do you want both sets of issues (local and then internet) or just the ones I ran local symbols for?
 
I'll take them all... separated, please.

I want to see if any timestamps match between those with sym errors & those without.

It really is time to send our findings to Mark Russinovich, but I need to compile a 1 or 2 page Word doc with links to the dumps & STATS, e.g., OS (build), win32k timestamps, versions.

We're going in circles and they may very well know the answer.
 
Alright, I'll separate the ones that do not have win32k.sys problems at all, the ones that do if run with local symbols, the ones that do even with internet symbols, etc.
 
This is all so baffling. Maybe someone else can make some sense of it: https://rapidshare.com/files/3340162011/win32k.sys_Symbols.zip


Most of those that are missing are:
Code: 
fffff960`000e0000 fffff960`003f5000   win32k   win32k.sys   unavailable (00000000)
Not sure what causes this... I see it on retail and OEM systems.

One I found was:
Code: 
fffff960`000b0000 fffff960`003c5000   win32k   win32k.sys   Mon Jun 11 21:08:09 2012 (4FD6B299)

This came from the same system though that showed unavailable earlier. The two that always have issues are:
Code: 
fffff960`000e0000 fffff960`003f5000   win32k   win32k.sys   unavailable (00000000)
fffff960`000b0000 fffff960`003c5000   win32k   win32k.sys   Mon Jun 11 21:08:[B][COLOR=#ff0000]09[/COLOR][/B] 2012 (4FD6B299)

I wonder if some of these could be counterfeit Windows systems or systems using OEM DVDs... The above was from an ASUS RAMPAGE IV EXTREME.

I do note that most of the unavailable win32k.sys modules are on Dell and ASUS computers so far...

Nope, that rules that out:
Code: 
fffff960`00070000 fffff960`00385000   win32k   win32k.sys   Mon Jun 11 21:08:[COLOR=#ff0000][B]08[/B][/COLOR] 2012 (4FD6B298)
was also found on a Dell system and the symbols could be loaded. Odd thing that this is just one second prior to the version above that cannot be verified.

If you check Drivers.txt, you can search for win32k.sys easier. Keep in mind that unavailable (00000000) is converted to Unk 0 00:00:00 1969 (00000000) by the Synsative BSOD Apps.

You can also check SMBIOS.txt for whether the system is OEM or retail based. I don't have systeminfo.txt to show whether Windows is OEM or retail, though. I think that may have been enlightening. In SMBIOS.txt, search for Product Name


So here is what I wonder: Is win32k.sys just more prone to becoming corrupted in the module list, or is it due to OEM software not having the right versions? Could it also be counterfeit Windows that causes this? I am more apt to think it is corrupted easier in the module list or it is an OEM issue, but I do wonder... What are others' thoughts on this?​
 
Last edited:
Interesting. Those are definitely good methods to find out if it is a valid version or if the driver itself has become corrupted. I'll have to check these two things in the future with OPs if I see win32k.sys has an unavailable or (00000000) timestamp. Since you recommend Sigcheck as the better option, I'll start with that. I know signature information can be missing with cracked OSes, but is there another reason you recommend it?
 
Fair enough. At least digging into these has revealed some common traits. The most mysterious one to me is the version that is one second off from the timestamp that is accepted.
 
Also .. these commands may help...

Code: 
!for_each_module .echo @#ModuleName fver = @#FileVersion pver = @#ProductVersion 

!for_each_module .echo @#ModuleIndex : @#Base @#End @#ModuleName @#ImageName  @#LoadedImageName

Read More:


IDK......
 
No... just ran one with win32k sym error -


Code: 
3: kd> [COLOR="#FF0000"]!for_each_module .echo @#ModuleName fver = @#FileVersion pver = @#ProductVersion [/COLOR]
kdcom fver = 6.1.7601.17556 (win7sp1_gdr.110204-2120) pver = 6.1.7601.17556
hal fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
nt fver = 6.1.7601.17835 (win7sp1_gdr.120503-2030) pver = 6.1.7601.17835
Wdf01000 fver = 1.9.7600.16385 (win7_rtm.090713-1255) pver = 1.9.7600.16385
WDFLDR fver =  pver =
mcupdate_AuthenticAMD fver =  pver =
PSHED fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
CLFS fver =  pver =
CI fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
atapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ACPI fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
WMILIB fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
msisadrv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
pci fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
vdrvroot fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
vsflt67 fver =  pver =
partmgr fver =  pver =
volmgr fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
volmgrx fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
pciide fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
PCIIDEX fver =  pver =
mountmgr fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
vmbus fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
winhv fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
psinknc fver =  pver =
ataport fver =  pver =
msahci fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
amdxata fver =  pver =
fltmgr fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
fileinfo fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
msrpc fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
cng fver = 6.1.7601.17856 (win7sp1_gdr.120601-1505) pver = 6.1.7601.17856
tdx fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
TDI fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
NNSTlsc fver =  pver =
Npfs fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Ntfs fver = 6.1.7601.17577 (win7sp1_gdr.110310-1504) pver = 6.1.7601.17577
ksecdd fver = 6.1.7601.17856 (win7sp1_gdr.120601-1505) pver = 6.1.7601.17856
pcw fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Fs_Rec fver = 6.1.7601.17787 (win7sp1_gdr.120229-1502) pver = 6.1.7601.17787
Msfs fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndis fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
NETIO fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
ksecpkg fver = 6.1.7601.17856 (win7sp1_gdr.120601-1505) pver = 6.1.7601.17856
cdrom fver =  pver =
vga fver =  pver =
VIDEOPRT fver =  pver =
watchdog fver =  pver =
rdpencdd fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdprefmp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
CLASSPNP fver =  pver =
luafv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
tcpip fver = 6.1.7601.17802 (win7sp1_gdr.120329-2050) pver = 6.1.7601.17802
fwpkclnt fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
vmstorfl fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
volsnap fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
spldr fver =  pver =
rdyboost fver =  pver =
mup fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
hwpolicy fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
fltsrv fver =  pver =
fvevol fver =  pver =
disk fver =  pver =
Null fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Beep fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
RDPCDD fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
netbios fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
serial fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
wanarp fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
termdd fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
SCDEmu fver =  pver =
rdbss fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
nsiproxy fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
afd fver = 6.1.7601.17752 (win7sp1_gdr.111227-1505) pver = 6.1.7601.17752
netbt fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
wfplwf fver =  pver =
pacer fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
NNSNAHSL fver =  pver =
NNSHttp fver =  pver =
NNSAlpc fver =  pver =
mssmbios fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ElbyCDIO fver =  pver =
discache fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Dxapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
monitor fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
NNSStrm fver =  pver =
NNSSmtp fver =  pver =
NNSPrv fver =  pver =
NNSProt fver =  pver =
NNSPop3 fver =  pver =
NNSPihsw fver =  pver =
NNSPicc fver =  pver =
NNSIds fver =  pver =
mpsdrv fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
PSINAflt fver =  pver =
PSINProt fver =  pver =
PSINFile fver =  pver =
PSINProc fver =  pver =
WudfPf fver =  pver =
lltdio fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rspndr fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
HTTP fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
bowser fver = 6.1.7601.17565 (win7sp1_gdr.110222-1630) pver = 6.1.7601.17565
atikmpag fver =  pver =
rassstp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
VKbms fver =  pver =
HIDCLASS fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
HIDPARSE fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
rdpbus fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
kbdclass fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
csc fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
dfsc fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
blbdrive fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
AppleCharger fver =  pver =
tunnel fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
amdppm fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
wmiacpi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
mouclass fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
dump_dumpata fver =  pver =
dump_msahci fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
dump_dumpfve fver =  pver =
USBPORT fver = 6.1.7601.17586 (win7sp1_gdr.110324-1501) pver = 6.1.7601.17586
usbehci fver = 6.1.7601.17586 (win7sp1_gdr.110324-1501) pver = 6.1.7601.17586
1394ohci fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
serenum fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
CompositeBus fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
AgileVpn fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ndistapi fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
Rt64win7 fver =  pver =
AnyDVD fver =  pver =
GEARAspiWDM fver =  pver =
usbohci fver = 6.1.7601.17586 (win7sp1_gdr.110324-1501) pver = 6.1.7601.17586
rasl2tp fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
mshidkmdf fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
swenum fver =  pver =
atikmdag fver =  pver =
dxgkrnl fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
dxgmms1 fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
HDAudBus fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
EtronXHCI fver =  pver =
ndiswan fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
raspppoe fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
raspptp fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
crashdmp fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
ks fver =  pver =
amdiox64 fver =  pver =
umbus fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
EtronHub3 fver =  pver =
USBD fver =  pver =
usbhub fver = 6.1.7601.17586 (win7sp1_gdr.110324-1501) pver = 6.1.7601.17586
NDProxy fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
mouhid fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
kbdhid fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
RtHDMIVX fver =  pver =
portcls fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
drmk fver =  pver =
ksthunk fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
usbccgp fver = 6.1.7601.17586 (win7sp1_gdr.110324-1501) pver = 6.1.7601.17586
peauth fver =  pver =
secdrv fver =  pver =
mrxsmb fver = 6.1.7601.17605 (win7sp1_gdr.110426-1503) pver = 6.1.7601.17605
mrxsmb10 fver = 6.1.7601.17647 (win7sp1_gdr.110708-1503) pver = 6.1.7601.17647
mrxsmb20 fver = 6.1.7601.17605 (win7sp1_gdr.110426-1503) pver = 6.1.7601.17605
AODDriver2 fver =  pver =
srvnet fver = 6.1.7601.17608 (win7sp1_gdr.110428-1525) pver = 6.1.7601.17608
tcpipreg fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
hidusb fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
Lycosa fver =  pver =
RTKVHD64 fver =  pver =
Lachesis fver =  pver =
mbam fver =  pver =
srv2 fver = 6.1.7601.17608 (win7sp1_gdr.110428-1525) pver = 6.1.7601.17608
srv fver = 6.1.7601.17608 (win7sp1_gdr.110428-1525) pver = 6.1.7601.17608
gdrv fver =  pver =
rdpdr fver = 6.1.7601.17514 (win7sp1_rtm.101119-1850) pver = 6.1.7601.17514
asyncmac fver = 6.1.7600.16385 (win7_rtm.090713-1255) pver = 6.1.7600.16385
[COLOR="#FF0000"]win32k fver =  pver =[/COLOR]
TSDDD fver =  pver =
cdd fver =  pver =
ATMFD fver =  pver =

Code: 
3: kd> [COLOR="#FF0000"]!for_each_module .echo @#ModuleIndex : @#Base @#End @#ModuleName @#ImageName  @#LoadedImageName[/COLOR]
00 : fffff80000bcd000 fffff80000bd7000 kdcom kdcom.dll
01 : fffff80003807000 fffff80003850000 hal hal.dll
02 : fffff80003850000 fffff80003e38000 nt ntkrnlmp.exe  ntkrnlmp.exe
03 : fffff88000c00000 fffff88000ca4000 Wdf01000 \SystemRoot\system32\drivers\Wdf01000.sys
04 : fffff88000ca4000 fffff88000cb3000 WDFLDR \SystemRoot\system32\drivers\WDFLDR.SYS
05 : fffff88000cba000 fffff88000cc7000 mcupdate_AuthenticAMD \SystemRoot\system32\mcupdate_AuthenticAMD.dll
06 : fffff88000cc7000 fffff88000cdb000 PSHED \SystemRoot\system32\PSHED.dll
07 : fffff88000cdb000 fffff88000d39000 CLFS \SystemRoot\system32\CLFS.SYS
08 : fffff88000d39000 fffff88000df9000 CI \SystemRoot\system32\CI.dll
09 : fffff88000e00000 fffff88000e09000 atapi \SystemRoot\system32\drivers\atapi.sys
0a : fffff88000e22000 fffff88000e79000 ACPI \SystemRoot\system32\drivers\ACPI.sys
0b : fffff88000e79000 fffff88000e82000 WMILIB \SystemRoot\system32\drivers\WMILIB.SYS
0c : fffff88000e82000 fffff88000e8c000 msisadrv \SystemRoot\system32\drivers\msisadrv.sys
0d : fffff88000e8c000 fffff88000ebf000 pci \SystemRoot\system32\drivers\pci.sys
0e : fffff88000ebf000 fffff88000ecc000 vdrvroot \SystemRoot\system32\drivers\vdrvroot.sys
0f : fffff88000ecc000 fffff88000ef2000 vsflt67 \SystemRoot\system32\DRIVERS\vsflt67.sys
10 : fffff88000ef2000 fffff88000f07000 partmgr \SystemRoot\System32\drivers\partmgr.sys
11 : fffff88000f07000 fffff88000f1c000 volmgr \SystemRoot\system32\drivers\volmgr.sys
12 : fffff88000f1c000 fffff88000f78000 volmgrx \SystemRoot\System32\drivers\volmgrx.sys
13 : fffff88000f78000 fffff88000f7f000 pciide \SystemRoot\system32\drivers\pciide.sys
14 : fffff88000f7f000 fffff88000f8f000 PCIIDEX \SystemRoot\system32\drivers\PCIIDEX.SYS
15 : fffff88000f8f000 fffff88000fa9000 mountmgr \SystemRoot\System32\drivers\mountmgr.sys
16 : fffff88000fa9000 fffff88000fe5000 vmbus \SystemRoot\system32\drivers\vmbus.sys
17 : fffff88000fe5000 fffff88000ff9000 winhv \SystemRoot\system32\drivers\winhv.sys
18 : fffff88001000000 fffff88001038000 psinknc \SystemRoot\system32\DRIVERS\psinknc.sys
19 : fffff8800103b000 fffff88001065000 ataport \SystemRoot\system32\drivers\ataport.SYS
1a : fffff88001065000 fffff88001070000 msahci \SystemRoot\system32\DRIVERS\msahci.sys
1b : fffff88001070000 fffff8800107b000 amdxata \SystemRoot\system32\drivers\amdxata.sys
1c : fffff8800107b000 fffff880010c7000 fltmgr \SystemRoot\system32\drivers\fltmgr.sys  fltmgr.sys
1d : fffff880010c7000 fffff880010db000 fileinfo \SystemRoot\system32\drivers\fileinfo.sys
1e : fffff880010db000 fffff88001139000 msrpc \SystemRoot\System32\Drivers\msrpc.sys
1f : fffff88001139000 fffff880011ab000 cng \SystemRoot\System32\Drivers\cng.sys
20 : fffff880011ab000 fffff880011cd000 tdx \SystemRoot\system32\DRIVERS\tdx.sys
21 : fffff880011cd000 fffff880011da000 TDI \SystemRoot\system32\DRIVERS\TDI.SYS
22 : fffff880011da000 fffff880011f8000 NNSTlsc \SystemRoot\system32\DRIVERS\NNSTlsc.sys
23 : fffff88001200000 fffff88001211000 Npfs \SystemRoot\System32\Drivers\Npfs.SYS
24 : fffff88001218000 fffff880013bb000 Ntfs \SystemRoot\System32\Drivers\Ntfs.sys  Ntfs.sys
25 : fffff880013bb000 fffff880013d6000 ksecdd \SystemRoot\System32\Drivers\ksecdd.sys
26 : fffff880013d6000 fffff880013e7000 pcw \SystemRoot\System32\drivers\pcw.sys
27 : fffff880013e7000 fffff880013f1000 Fs_Rec \SystemRoot\System32\Drivers\Fs_Rec.sys
28 : fffff880013f1000 fffff880013fc000 Msfs \SystemRoot\System32\Drivers\Msfs.SYS
29 : fffff88001402000 fffff880014f5000 ndis \SystemRoot\system32\drivers\ndis.sys
2a : fffff880014f5000 fffff88001555000 NETIO \SystemRoot\system32\drivers\NETIO.SYS
2b : fffff88001555000 fffff8800157f000 ksecpkg \SystemRoot\System32\Drivers\ksecpkg.sys
2c : fffff8800157f000 fffff880015a9000 cdrom \SystemRoot\system32\DRIVERS\cdrom.sys
2d : fffff880015a9000 fffff880015b7000 vga \SystemRoot\System32\drivers\vga.sys
2e : fffff880015b7000 fffff880015dc000 VIDEOPRT \SystemRoot\System32\drivers\VIDEOPRT.SYS
2f : fffff880015dc000 fffff880015ec000 watchdog \SystemRoot\System32\drivers\watchdog.sys
30 : fffff880015ec000 fffff880015f5000 rdpencdd \SystemRoot\system32\drivers\rdpencdd.sys
31 : fffff880015f5000 fffff880015fe000 rdprefmp \SystemRoot\system32\drivers\rdprefmp.sys
32 : fffff88001600000 fffff88001630000 CLASSPNP \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
33 : fffff88001630000 fffff88001653000 luafv \SystemRoot\system32\drivers\luafv.sys
34 : fffff8800166b000 fffff8800186e000 tcpip \SystemRoot\System32\drivers\tcpip.sys
35 : fffff8800186e000 fffff880018b8000 fwpkclnt \SystemRoot\System32\drivers\fwpkclnt.sys
36 : fffff880018b8000 fffff880018c8000 vmstorfl \SystemRoot\system32\drivers\vmstorfl.sys
37 : fffff880018c8000 fffff88001914000 volsnap \SystemRoot\system32\drivers\volsnap.sys
38 : fffff88001914000 fffff8800191c000 spldr \SystemRoot\System32\Drivers\spldr.sys
39 : fffff8800191c000 fffff88001956000 rdyboost \SystemRoot\System32\drivers\rdyboost.sys
3a : fffff88001956000 fffff88001968000 mup \SystemRoot\System32\Drivers\mup.sys
3b : fffff88001968000 fffff88001971000 hwpolicy \SystemRoot\System32\drivers\hwpolicy.sys
3c : fffff88001971000 fffff88001995000 fltsrv \SystemRoot\system32\DRIVERS\fltsrv.sys
3d : fffff88001995000 fffff880019cf000 fvevol \SystemRoot\System32\DRIVERS\fvevol.sys
3e : fffff880019cf000 fffff880019e5000 disk \SystemRoot\system32\DRIVERS\disk.sys
3f : fffff880019e5000 fffff880019ee000 Null \SystemRoot\System32\Drivers\Null.SYS
40 : fffff880019ee000 fffff880019f5000 Beep \SystemRoot\System32\Drivers\Beep.SYS
41 : fffff880019f5000 fffff880019fe000 RDPCDD \SystemRoot\System32\DRIVERS\RDPCDD.sys
42 : fffff88002c00000 fffff88002c0f000 netbios \SystemRoot\system32\DRIVERS\netbios.sys
43 : fffff88002c0f000 fffff88002c2c000 serial \SystemRoot\system32\DRIVERS\serial.sys
44 : fffff88002c2c000 fffff88002c47000 wanarp \SystemRoot\system32\DRIVERS\wanarp.sys
45 : fffff88002c47000 fffff88002c5b000 termdd \SystemRoot\system32\drivers\termdd.sys
46 : fffff88002c5b000 fffff88002c82000 SCDEmu \SystemRoot\System32\Drivers\SCDEmu.SYS
47 : fffff88002c82000 fffff88002cd3000 rdbss \SystemRoot\system32\DRIVERS\rdbss.sys
48 : fffff88002cd3000 fffff88002cdf000 nsiproxy \SystemRoot\system32\drivers\nsiproxy.sys
49 : fffff88002cf0000 fffff88002d79000 afd \SystemRoot\system32\drivers\afd.sys
4a : fffff88002d79000 fffff88002dbe000 netbt \SystemRoot\System32\DRIVERS\netbt.sys
4b : fffff88002dbe000 fffff88002dc7000 wfplwf \SystemRoot\system32\DRIVERS\wfplwf.sys
4c : fffff88002dc7000 fffff88002ded000 pacer \SystemRoot\system32\DRIVERS\pacer.sys
4d : fffff88002ded000 fffff88002df9000 NNSNAHSL \SystemRoot\system32\DRIVERS\NNSNAHSL.sys
4e : fffff88003c00000 fffff88003c24000 NNSHttp \SystemRoot\system32\DRIVERS\NNSHttp.sys
4f : fffff88003c24000 fffff88003c3e000 NNSAlpc \SystemRoot\system32\DRIVERS\NNSAlpc.sys
50 : fffff88003c3e000 fffff88003c49000 mssmbios \SystemRoot\system32\drivers\mssmbios.sys
51 : fffff88003c49000 fffff88003c55000 ElbyCDIO \SystemRoot\System32\Drivers\ElbyCDIO.sys
52 : fffff88003c55000 fffff88003c64000 discache \SystemRoot\System32\drivers\discache.sys
53 : fffff88003c64000 fffff88003c70000 Dxapi \SystemRoot\System32\drivers\Dxapi.sys
54 : fffff88003c70000 fffff88003c7e000 monitor \SystemRoot\system32\DRIVERS\monitor.sys
55 : fffff88003c8a000 fffff88003cc7000 NNSStrm \SystemRoot\system32\DRIVERS\NNSStrm.sys
56 : fffff88003cc7000 fffff88003ce7000 NNSSmtp \SystemRoot\system32\DRIVERS\NNSSmtp.sys
57 : fffff88003ce7000 fffff88003d20000 NNSPrv \SystemRoot\system32\DRIVERS\NNSPrv.sys
58 : fffff88003d20000 fffff88003d72000 NNSProt \SystemRoot\system32\DRIVERS\NNSProt.sys
59 : fffff88003d72000 fffff88003d93000 NNSPop3 \SystemRoot\system32\DRIVERS\NNSPop3.sys
5a : fffff88003d93000 fffff88003daa000 NNSPihsw \SystemRoot\system32\DRIVERS\NNSPihsw.sys
5b : fffff88003daa000 fffff88003dc8000 NNSPicc \SystemRoot\system32\DRIVERS\NNSPicc.sys
5c : fffff88003dc8000 fffff88003df0000 NNSIds \SystemRoot\system32\DRIVERS\NNSIds.sys
5d : fffff88003e00000 fffff88003e18000 mpsdrv \SystemRoot\System32\drivers\mpsdrv.sys
5e : fffff88003e36000 fffff88003e62000 PSINAflt \SystemRoot\system32\DRIVERS\PSINAflt.sys
5f : fffff88003e62000 fffff88003e85000 PSINProt \SystemRoot\system32\DRIVERS\PSINProt.sys
60 : fffff88003e85000 fffff88003ea5000 PSINFile \SystemRoot\system32\DRIVERS\PSINFile.sys
61 : fffff88003ea5000 fffff88003ec7000 PSINProc \SystemRoot\system32\DRIVERS\PSINProc.sys
62 : fffff88003ec7000 fffff88003ee8000 WudfPf \SystemRoot\system32\drivers\WudfPf.sys
63 : fffff88003ee8000 fffff88003efd000 lltdio \SystemRoot\system32\DRIVERS\lltdio.sys
64 : fffff88003efd000 fffff88003f15000 rspndr \SystemRoot\system32\DRIVERS\rspndr.sys
65 : fffff88003f15000 fffff88003fde000 HTTP \SystemRoot\system32\drivers\HTTP.sys
66 : fffff88003fde000 fffff88003ffc000 bowser \SystemRoot\system32\DRIVERS\bowser.sys
67 : fffff88004200000 fffff88004261000 atikmpag \SystemRoot\system32\DRIVERS\atikmpag.sys
68 : fffff88004261000 fffff8800427b000 rassstp \SystemRoot\system32\DRIVERS\rassstp.sys
69 : fffff8800427b000 fffff88004286000 VKbms \SystemRoot\system32\DRIVERS\VKbms.sys
6a : fffff88004286000 fffff8800429f000 HIDCLASS \SystemRoot\System32\drivers\HIDCLASS.SYS
6b : fffff8800429f000 fffff880042a7080 HIDPARSE \SystemRoot\System32\drivers\HIDPARSE.SYS
6c : fffff880042a8000 fffff880042b3000 rdpbus \SystemRoot\system32\DRIVERS\rdpbus.sys
6d : fffff880042b3000 fffff880042c2000 kbdclass \SystemRoot\system32\DRIVERS\kbdclass.sys
6e : fffff880042c8000 fffff8800434b000 csc \SystemRoot\system32\drivers\csc.sys
6f : fffff8800434b000 fffff88004369000 dfsc \SystemRoot\System32\Drivers\dfsc.sys
70 : fffff88004369000 fffff8800437a000 blbdrive \SystemRoot\system32\DRIVERS\blbdrive.sys
71 : fffff8800437a000 fffff88004382000 AppleCharger \SystemRoot\system32\DRIVERS\AppleCharger.sys
72 : fffff88004382000 fffff880043a8000 tunnel \SystemRoot\system32\DRIVERS\tunnel.sys
73 : fffff880043a8000 fffff880043bd000 amdppm \SystemRoot\system32\DRIVERS\amdppm.sys
74 : fffff880043bd000 fffff880043c6000 wmiacpi \SystemRoot\system32\drivers\wmiacpi.sys
75 : fffff880043c6000 fffff880043d5000 mouclass \SystemRoot\system32\drivers\mouclass.sys
76 : fffff880043d5000 fffff880043e1000 dump_dumpata \SystemRoot\System32\Drivers\dump_dumpata.sys
77 : fffff880043e1000 fffff880043ec000 dump_msahci \SystemRoot\System32\Drivers\dump_msahci.sys
78 : fffff880043ec000 fffff880043ff000 dump_dumpfve \SystemRoot\System32\Drivers\dump_dumpfve.sys
79 : fffff88004400000 fffff88004456000 USBPORT \SystemRoot\system32\DRIVERS\USBPORT.SYS
7a : fffff88004456000 fffff88004467000 usbehci \SystemRoot\system32\DRIVERS\usbehci.sys
7b : fffff88004467000 fffff880044a5000 1394ohci \SystemRoot\system32\drivers\1394ohci.sys
7c : fffff880044a5000 fffff880044b1000 serenum \SystemRoot\system32\DRIVERS\serenum.sys
7d : fffff880044b1000 fffff880044c1000 CompositeBus \SystemRoot\system32\drivers\CompositeBus.sys
7e : fffff880044c1000 fffff880044d7000 AgileVpn \SystemRoot\system32\DRIVERS\AgileVpn.sys
7f : fffff880044d7000 fffff880044e3000 ndistapi \SystemRoot\system32\DRIVERS\ndistapi.sys
80 : fffff880044e5000 fffff88004594000 Rt64win7 \SystemRoot\system32\DRIVERS\Rt64win7.sys
81 : fffff88004594000 fffff880045ba000 AnyDVD \SystemRoot\System32\Drivers\AnyDVD.sys
82 : fffff880045ba000 fffff880045c7000 GEARAspiWDM \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
83 : fffff880045c7000 fffff880045d2000 usbohci \SystemRoot\system32\DRIVERS\usbohci.sys
84 : fffff880045d2000 fffff880045f6000 rasl2tp \SystemRoot\system32\DRIVERS\rasl2tp.sys
85 : fffff880045f6000 fffff880045fe000 mshidkmdf \SystemRoot\System32\drivers\mshidkmdf.sys
86 : fffff880045fe000 fffff880045ff480 swenum \SystemRoot\system32\drivers\swenum.sys
87 : fffff88004800000 fffff8800521b000 atikmdag \SystemRoot\system32\DRIVERS\atikmdag.sys
88 : fffff8800521b000 fffff8800530f000 dxgkrnl \SystemRoot\System32\drivers\dxgkrnl.sys
89 : fffff8800530f000 fffff88005355000 dxgmms1 \SystemRoot\System32\drivers\dxgmms1.sys
8a : fffff88005355000 fffff88005379000 HDAudBus \SystemRoot\system32\DRIVERS\HDAudBus.sys
8b : fffff88005379000 fffff8800538c500 EtronXHCI \SystemRoot\System32\Drivers\EtronXHCI.sys
8c : fffff8800538d000 fffff880053bc000 ndiswan \SystemRoot\system32\DRIVERS\ndiswan.sys
8d : fffff880053bc000 fffff880053d7000 raspppoe \SystemRoot\system32\DRIVERS\raspppoe.sys
8e : fffff880053d7000 fffff880053f8000 raspptp \SystemRoot\system32\DRIVERS\raspptp.sys
8f : fffff88005800000 fffff8800580e000 crashdmp \SystemRoot\System32\Drivers\crashdmp.sys
90 : fffff88005818000 fffff8800585b000 ks \SystemRoot\system32\drivers\ks.sys
91 : fffff8800585b000 fffff8800586f000 amdiox64 \SystemRoot\system32\DRIVERS\amdiox64.sys
92 : fffff8800586f000 fffff88005881000 umbus \SystemRoot\system32\DRIVERS\umbus.sys
93 : fffff88005881000 fffff8800588ee80 EtronHub3 \SystemRoot\System32\Drivers\EtronHub3.sys
94 : fffff8800588f000 fffff88005890f00 USBD \SystemRoot\System32\Drivers\USBD.SYS
95 : fffff88005891000 fffff880058eb000 usbhub \SystemRoot\system32\DRIVERS\usbhub.sys
96 : fffff880058eb000 fffff88005900000 NDProxy \SystemRoot\System32\Drivers\NDProxy.SYS
97 : fffff88005900000 fffff8800590d000 mouhid \SystemRoot\system32\DRIVERS\mouhid.sys
98 : fffff8800590d000 fffff8800591b000 kbdhid \SystemRoot\system32\DRIVERS\kbdhid.sys
99 : fffff8800591b000 fffff88005973300 RtHDMIVX \SystemRoot\system32\drivers\RtHDMIVX.sys
9a : fffff88005974000 fffff880059b1000 portcls \SystemRoot\system32\drivers\portcls.sys
9b : fffff880059b1000 fffff880059d3000 drmk \SystemRoot\system32\drivers\drmk.sys
9c : fffff880059d3000 fffff880059d8200 ksthunk \SystemRoot\system32\drivers\ksthunk.sys
9d : fffff880059d9000 fffff880059f6000 usbccgp \SystemRoot\system32\DRIVERS\usbccgp.sys
9e : fffff88006200000 fffff880062a6000 peauth \SystemRoot\system32\drivers\peauth.sys
9f : fffff880062a6000 fffff880062b1000 secdrv \SystemRoot\System32\Drivers\secdrv.SYS
a0 : fffff880062d9000 fffff88006306000 mrxsmb \SystemRoot\system32\DRIVERS\mrxsmb.sys
a1 : fffff88006306000 fffff88006354000 mrxsmb10 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
a2 : fffff88006354000 fffff88006378000 mrxsmb20 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
a3 : fffff88006378000 fffff880063a9000 AODDriver2 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
a4 : fffff880063a9000 fffff880063da000 srvnet \SystemRoot\System32\DRIVERS\srvnet.sys
a5 : fffff880063da000 fffff880063ec000 tcpipreg \SystemRoot\System32\drivers\tcpipreg.sys
a6 : fffff88007200000 fffff8800720e000 hidusb \SystemRoot\system32\drivers\hidusb.sys
a7 : fffff8800720e000 fffff88007215100 Lycosa \SystemRoot\system32\drivers\Lycosa.sys
a8 : fffff88007219000 fffff880075f7980 RTKVHD64 \SystemRoot\system32\drivers\RTKVHD64.sys
a9 : fffff880075f8000 fffff880075ff500 Lachesis \SystemRoot\system32\drivers\Lachesis.sys
aa : fffff88008a00000 fffff88008a0a000 mbam \??\C:\Windows\system32\drivers\mbam.sys
ab : fffff88008a52000 fffff88008abb000 srv2 \SystemRoot\System32\DRIVERS\srv2.sys
ac : fffff88008abb000 fffff88008b53000 srv \SystemRoot\System32\DRIVERS\srv.sys
ad : fffff88008b75000 fffff88008b7e000 gdrv \??\C:\Windows\gdrv.sys
ae : fffff88008b7e000 fffff88008bac000 rdpdr \SystemRoot\System32\drivers\rdpdr.sys
af : fffff8800b935000 fffff8800b940000 asyncmac \SystemRoot\system32\DRIVERS\asyncmac.sys
[COLOR="#FF0000"]b0 : fffff960000c0000 fffff960003d5000 win32k \SystemRoot\System32\win32k.sys  win32k.sys[/COLOR]
b1 : fffff96000520000 fffff9600052a000 TSDDD \SystemRoot\System32\TSDDD.dll
b2 : fffff96000600000 fffff96000627000 cdd \SystemRoot\System32\cdd.dll
b3 : fffff96000860000 fffff960008c1000 ATMFD \SystemRoot\System32\ATMFD.DLL

The Windbg log -
Read More:



https://www.sysnative.com/forums/showthread.php/3367-Computer-cashes-every-once-in-a-while
 
Interesting. The win32k.sys that has a time of 21:08:08 provides a pver. The 21:08:09 does not.

Here is what I was thinking for the win32k.sys check:
One of your modules may be corrupted or damaged. We should verify that it is intact. To do so:

  • Please download sigcheck.

  • Copy and paste sigcheck.exe to your desktop.

  • Open up a command prompt:
    1. Click Start Menu
    2. Click All Programs
    3. Click Accessories
    4. Click Command Prompt

  • In the command prompt, type the following:
    Code: 
    cd Desktop
sigcheck -i c:\windows\system32\win32k.sys > sigcheck.txt



    [*]Compress (zip) the sigcheck.txt file     and attach it to your next post.
Click to expand...
 
Last edited:
It will need Admin elevation.

EDIT: maybe not.. been a while since I ran it!



I think it looks good, Mike.

I'm going to PM a few others for their take on this whole wn32k thing.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top