I have a module with no name loaded in memory it is 98304 bytes and if i try to dump it with gmer my computer crashes. Seen anything like this?
Also I have a5gb8dtk.sys that hooks IAT ( I have a limited knowledge about this but doesn't IAT hooking mean that it has to hook every function in every executable with write process memory ? ) in ntoskrnl.exe and hal.dll ( this is one mean rootkit if it goes all the way down to the hardware abstractization layer, is it not? )
.Mentioning that a5gb8dtk.sys does not appear were gmer say it is so it hides from windows api and from gmer and darkspy, icesword etc.
I tempted to start the softice dinosaur to see what these are all about but I have a feeling that it will take a hell lot of time to RE them. Anyway it would be more practical to start in windows console recovery mode save on a disk and analyse them with IDA... What do you think?

Do you have Alcohol installed? It creates a randomly named driver that consists of 8 chars beginning with an "a". I'm quite sure that's what it is.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008