Windows 10 brings a new type of memory dump: Active Memory Dump. I love this feature, just what I’ve been waiting for.

To analyze the Windows 10 Technical Preview Dump files ensure you have the symbols from http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx

This memory dmp is much more compact that a complete memory dump, while containing “active memory” in kernel and user mode space.

We can now get both user + kernel space without having to dmp complete memory. After recently having to deal with several 32 GB dmp files on slow networks…I really welcome this feature…

Here are 3 dmp files created just after logging on with different settings. The default is “automatic memory” dump.

Loading Dump File [Z:\ACTIVE_MEMORY.DMP]

Kernel Bitmap Dump File: Full address space is available

************* Symbol Path validation summary **************

Response Time (ms) Location

OK C:\programdata\red gate\.NET Reflector\DevPath

Deferred SRV*C:

etsymbols* http://referencesource.microsoft.com/symbols

Deferred SRV*C:\symbols\* http://msdl.microsoft.com/download/symbols

Symbol search path is: C:\programdata\red gate\.NET Reflector\DevPath;SRV*C:

etsymbols* http://referencesource.microsoft.com/symbols;SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows 8 Kernel Version 9841 UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 9841.0.x86fre.fbl_release.140912-1613

Machine Name:

Kernel base = 0x80c04000 PsLoadedModuleList = 0x80e1b6d8

Debug session time: Thu Oct 2 18:39:22.554 2014 (UTC + 10:00)

System Uptime: 0 days 0:02:36.160

Loading Kernel Symbols

……………………………………………………..Page 330e not present in the dump file. Type “.hh dbgerr004” for details

.

……Page c40 not present in the dump file. Type “.hh dbgerr004” for details

………………………………………………….

………………………

Loading User Symbols

……………………..

Loading unloaded module list

…….

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {a7601550, 2, 0, 8a1b05ab}

*** ERROR: Module load completed but symbols could not be loaded for myfault.sys

*** ERROR: Module load completed but symbols could not be loaded for NotMyfault.exe

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Analysis in progress… Time Elapsed: [39.59s] Current Phase: [Check Image Analysis], to halt analysis, press CTRL-C twice within 2 seconds.

Probably caused by : myfault.sys ( myfault+5ab )

Followup: MachineOwner

———

kd> !process 0 0

**** NT ACTIVE PROCESS DUMP ****

PROCESS 83b55c80 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000

DirBase: 001a8000 ObjectTable: 81403000 HandleCount: <Data Not Accessible>

Image: System

PROCESS 887cdc80 SessionId: none Cid: 010c Peb: 7fe17000 ParentCid: 0004

DirBase: 3ffe3020 ObjectTable: 8853b100 HandleCount: <Data Not Accessible>

Image: smss.exe

PROCESS 8874b480 SessionId: 0 Cid: 016c Peb: 7fa5d000 ParentCid: 0160

DirBase: 3ffe3060 ObjectTable: 814f1780 HandleCount: <Data Not Accessible>

Image: csrss.exe

PROCESS 83bb22c0 SessionId: 0 Cid: 01b8 Peb: 7fb1b000 ParentCid: 0160

DirBase: 3ffe30a0 ObjectTable: 8c24c040 HandleCount: <Data Not Accessible>

Image: wininit.exe

PROCESS 83bc1040 SessionId: 1 Cid: 01c0 Peb: 7f239000 ParentCid: 01ac

DirBase: 3ffe30c0 ObjectTable: 8c24e100 HandleCount: <Data Not Accessible>

Image: csrss.exe

PROCESS 83bd65c0 SessionId: 1 Cid: 01e0 Peb: 7fc3f000 ParentCid: 01ac

DirBase: 3ffe3040 ObjectTable: 814caf80 HandleCount: <Data Not Accessible>

Image: winlogon.exe

PROCESS a04fe040 SessionId: 0 Cid: 022c Peb: 7ff5f000 ParentCid: 01b8

DirBase: 3ffe3080 ObjectTable: 80178840 HandleCount: <Data Not Accessible>

Image: services.exe

PROCESS a0517040 SessionId: 0 Cid: 0234 Peb: 7fb2f000 ParentCid: 01b8

DirBase: 3ffe30e0 ObjectTable: 8017f040 HandleCount: <Data Not Accessible>

Image: lsass.exe

PROCESS a0556040 SessionId: 0 Cid: 0274 Peb: 7f35a000 ParentCid: 022c

DirBase: 3ffe3100 ObjectTable: 801ea540 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a055f640 SessionId: 0 Cid: 0294 Peb: 7fa8f000 ParentCid: 022c

DirBase: 3ffe3120 ObjectTable: a3053640 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a0596cc0 SessionId: 1 Cid: 030c Peb: 7f086000 ParentCid: 01e0

DirBase: 3ffe3160 ObjectTable: a3113e00 HandleCount: <Data Not Accessible>

Image: dwm.exe

PROCESS a05e8300 SessionId: 0 Cid: 0350 Peb: 7f12a000 ParentCid: 022c

DirBase: 3ffe3180 ObjectTable: a3189e40 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a05f5040 SessionId: 0 Cid: 0370 Peb: 7f447000 ParentCid: 022c

DirBase: 3ffe31a0 ObjectTable: a584eec0 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a05fe040 SessionId: 0 Cid: 038c Peb: 7fbc6000 ParentCid: 022c

DirBase: 3ffe31c0 ObjectTable: a5857900 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a5628cc0 SessionId: 0 Cid: 03a8 Peb: 7f61b000 ParentCid: 022c

DirBase: 3ffe31e0 ObjectTable: a58c0380 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a56679c0 SessionId: 0 Cid: 0490 Peb: 7f47d000 ParentCid: 022c

DirBase: 3ffe3220 ObjectTable: a593d440 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a56dc180 SessionId: 0 Cid: 0544 Peb: 7f4ef000 ParentCid: 022c

DirBase: 3ffe3260 ObjectTable: a59ea980 HandleCount: <Data Not Accessible>

Image: spoolsv.exe

PROCESS a56ecac0 SessionId: 0 Cid: 056c Peb: 7f43f000 ParentCid: 022c

DirBase: 3ffe3280 ObjectTable: a59f1e00 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a57885c0 SessionId: 0 Cid: 060c Peb: 7f89d000 ParentCid: 022c

DirBase: 3ffe3240 ObjectTable: a7044480 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a57e8140 SessionId: 0 Cid: 06ac Peb: 7fc1f000 ParentCid: 022c

DirBase: 3ffe32a0 ObjectTable: a71821c0 HandleCount: <Data Not Accessible>

Image: svchost.exe

PROCESS a9e02100 SessionId: 0 Cid: 06e8 Peb: 7f24c000 ParentCid: 03a8

DirBase: 3ffe32c0 ObjectTable: a71a13c0 HandleCount: <Data Not Accessible>

Image: dasHost.exe

PROCESS a9e54040 SessionId: 0 Cid: 0790 Peb: 7fd1d000 ParentCid: 022c

DirBase: 3ffe32e0 ObjectTable: aa2ec240 HandleCount: <Data Not Accessible>

Image: prl_tools_service.exe

PROCESS a9f05200 SessionId: 0 Cid: 07e0 Peb: 7ff2f000 ParentCid: 022c

DirBase: 3ffe3300 ObjectTable: aa32ff80 HandleCount: <Data Not Accessible>

Image: coherence.exe

PROCESS a9f0d280 SessionId: 1 Cid: 07f0 Peb: 7faac000 ParentCid: 0790

DirBase: 3ffe3320 ObjectTable: aa3a7b00 HandleCount: <Data Not Accessible>

Image: prl_tools.exe

PROCESS a9f43040 SessionId: 0 Cid: 0138 Peb: 7f6fe000 ParentCid: 022c

DirBase: 3ffe3340 ObjectTable: aa3b4ec0 HandleCount: <Data Not Accessible>

Image: dllhost.exe

PROCESS a9fb0040 SessionId: 1 Cid: 06e4 Peb: 7fa8c000 ParentCid: 07e0

DirBase: 3ffe33c0 ObjectTable: aaa22540 HandleCount: <Data Not Accessible>

Image: coherence.exe

PROCESS a9fbf640 SessionId: 0 Cid: 0420 Peb: 7f6cf000 ParentCid: 022c

DirBase: 3ffe33e0 ObjectTable: aaa7d040 HandleCount: <Data Not Accessible>

Image: MsMpEng.exe

PROCESS ab23d800 SessionId: 0 Cid: 08bc Peb: 7f19f000 ParentCid: 022c

DirBase: 3ffe33a0 ObjectTable: aaa94e80 HandleCount: <Data Not Accessible>

Image: VSSVC.exe

PROCESS ab26d040 SessionId: 0 Cid: 0914 Peb: 7fb4f000 ParentCid: 022c

DirBase: 3ffe3360 ObjectTable: a5972f80 HandleCount: <Data Not Accessible>

Image: dllhost.exe

PROCESS ab2dfcc0 SessionId: 1 Cid: 09f4 Peb: 7fb16000 ParentCid: 09e0

DirBase: 3ffe3420 ObjectTable: ad06c700 HandleCount: <Data Not Accessible>

Image: explorer.exe

PROCESS a9f78040 SessionId: 1 Cid: 0a00 Peb: 7f408000 ParentCid: 0350

DirBase: 3ffe3440 ObjectTable: abd06bc0 HandleCount: <Data Not Accessible>

Image: taskhostex.exe

PROCESS ab37ecc0 SessionId: 1 Cid: 0a88 Peb: 7f809000 ParentCid: 0274

DirBase: 3ffe3460 ObjectTable: ad6bd940 HandleCount: <Data Not Accessible>

Image: ChsIME.exe

PROCESS ab3d4580 SessionId: 0 Cid: 0bc4 Peb: 7f4e3000 ParentCid: 022c

DirBase: 3ffe3480 ObjectTable: ad724b80 HandleCount: <Data Not Accessible>

Image: msdtc.exe

PROCESS ab3f1040 SessionId: 0 Cid: 0c74 Peb: 7f5b6000 ParentCid: 0274

DirBase: 3ffe3380 ObjectTable: 8c246240 HandleCount: <Data Not Accessible>

Image: WmiPrvSE.exe

PROCESS a9fab940 SessionId: 0 Cid: 0ce8 Peb: 7f076000 ParentCid: 022c

DirBase: 3ffe34a0 ObjectTable: ad7a6340 HandleCount: <Data Not Accessible>

Image: SearchIndexer.exe

PROCESS 81e4d940 SessionId: 1 Cid: 0dd8 Peb: 7fd6c000 ParentCid: 0274

DirBase: 3ffe3200 ObjectTable: b09ac040 HandleCount: <Data Not Accessible>

Image: SkyDrive.exe

PROCESS ab367cc0 SessionId: 0 Cid: 0df0 Peb: 7f9b8000 ParentCid: 0ce8

DirBase: 3ffe3140 ObjectTable: b2e3ebc0 HandleCount: <Data Not Accessible>

Image: SearchProtocolHost.exe

PROCESS b5787cc0 SessionId: 0 Cid: 0e90 Peb: 7f144000 ParentCid: 0ce8

DirBase: 3ffe34c0 ObjectTable: b09c25c0 HandleCount: <Data Not Accessible>

Image: SearchFilterHost.exe

PROCESS afb04240 SessionId: 1 Cid: 0f18 Peb: 7f72f000 ParentCid: 09f4

DirBase: 3ffe3500 ObjectTable: b09d3b80 HandleCount: <Data Not Accessible>

Image: prl_cc.exe

PROCESS ab3e5580 SessionId: 1 Cid: 0fa4 Peb: 7f8df000 ParentCid: 0274

DirBase: 3ffe3520 ObjectTable: b2f211c0 HandleCount: <Data Not Accessible>

Image: SettingSyncHost.exe

PROCESS a2a549c0 SessionId: 1 Cid: 08d8 Peb: 7ff3c000 ParentCid: 09f4

DirBase: 3ffe3540 ObjectTable: ad64fe40 HandleCount: <Data Not Accessible>

Image: iexplore.exe

PROCESS 81f2dcc0 SessionId: 1 Cid: 09a0 Peb: 7f95d000 ParentCid: 08d8

DirBase: 3ffe3560 ObjectTable: a5901b40 HandleCount: <Data Not Accessible>

Image: iexplore.exe

PROCESS ab28fbc0 SessionId: 1 Cid: 005c Peb: 7fdcf000 ParentCid: 0274

DeepFreeze

DirBase: 3ffe35a0 ObjectTable: 8ae5d600 HandleCount: <Data Not Accessible>

Image: livecomm.exe

PROCESS ab2ddcc0 SessionId: 1 Cid: 0c40 Peb: 7fc37000 ParentCid: 0274

DirBase: 3ffe3400 ObjectTable: b88d1240 HandleCount: <Data Not Accessible>

Image: RuntimeBroker.exe

PROCESS afb61280 SessionId: 1 Cid: 0ec0 Peb: 7f9ef000 ParentCid: 0ce8

DirBase: 3ffe3580 ObjectTable: b083e4c0 HandleCount: <Data Not Accessible>

Image: SearchProtocolHost.exe

PROCESS 89cbec40 SessionId: 0 Cid: 0808 Peb: 7fdff000 ParentCid: 022c

DirBase: 3ffe3600 ObjectTable: a1897880 HandleCount: <Data Not Accessible>

Image: sppsvc.exe

PROCESS a2b83040 SessionId: 0 Cid: 0518 Peb: 7f3fe000 ParentCid: 022c

DirBase: 3ffe35c0 ObjectTable: a1891d80 HandleCount: <Data Not Accessible>

Image: wmpnetwk.exe

PROCESS a9fac040 SessionId: 1 Cid: 0414 Peb: 7f6e6000 ParentCid: 0350

DirBase: 3ffe34e0 ObjectTable: 00000000 HandleCount: 0.

Image: consent.exe

PROCESS a2bbf040 SessionId: 0 Cid: 03f0 Peb: 7fa74000 ParentCid: 038c

DirBase: 3ffe3620 ObjectTable: ad005440 HandleCount: <Data Not Accessible>

Image: audiodg.exe

PROCESS a9f1b840 SessionId: 1 Cid: 0630 Peb: 7f51d000 ParentCid: 0274

DirBase: 3ffe3640 ObjectTable: b89fac40 HandleCount: <Data Not Accessible>

Image: dllhost.exe

PROCESS a9f73040 SessionId: 0 Cid: 0140 Peb: 7f248000 ParentCid: 0274

DirBase: 3ffe3660 ObjectTable: b888cf80 HandleCount: <Data Not Accessible>

Image: dllhost.exe

PROCESS a9f89cc0 SessionId: 1 Cid: 0758 Peb: 7fb9f000 ParentCid: 09f4

DirBase: 3ffe3680 ObjectTable: 80155540 HandleCount: <Data Not Accessible>

Image: NotMyfault.exe

kd> lmv

start end module name

00ed0000 00ee8000 NotMyfault (no symbols)

Loaded symbol image file: NotMyfault.exe

Image path: C:\Users\Malcolm\Downloads\NotMyFault\x86\NotMyfault.exe

Image name: NotMyfault.exe

Timestamp: Sun Apr 08 02:34:41 2012 (4F806CA1)

CheckSum: 00022E54

ImageSize: 00018000

File version: 4.0.0.0

Product version: 4.0.0.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Sysinternals – http://www.sysinternals.com

ProductName: Sysinternals NotMyfault

InternalName: Sysinternals NotMyfault

OriginalFilename: NotMyfault.exe

ProductVersion: 4.0

FileVersion: 4.0

FileDescription: Driver Bug Test Program

LegalCopyright: Copyright © 2002-2012 Mark Russinovich

734f0000 736f1000 COMCTL32 (pdb symbols) c:\symbols\comctl32.pdb\C8FBB1ECACEF4FB48365E9A5B3E4EEE01\comctl32.pdb

Loaded symbol image file: COMCTL32.dll

Image path: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9841.0_none_38d154a85935aa0a\COMCTL32.dll

Image name: COMCTL32.dll

Timestamp: Sat Sep 13 13:16:10 2014 (5413B6FA)

CheckSum: 00205CDE

ImageSize: 00201000

File version: 6.10.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: comctl32

OriginalFilename: comctl32.DLL

ProductVersion: 6.4.9841.0

FileVersion: 6.10 (fbl_release.140912-1613)

FileDescription: User Experience Controls Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

73700000 73796000 apphelp (deferred)

Image path: C:\Windows\system32\apphelp.dll

Image name: apphelp.dll

Timestamp: Sat Sep 13 13:14:24 2014 (5413B690)

CheckSum: 000A1D75

ImageSize: 00096000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: Apphelp

OriginalFilename: Apphelp

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Application Compatibility Client Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

737a0000 737b9000 dwmapi (deferred)

Image path: C:\Windows\system32\dwmapi.dll

Image name: dwmapi.dll

Timestamp: Sat Sep 13 11:53:47 2014 (5413A3AB)

CheckSum: 0001EB15

ImageSize: 00019000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: dwmapi.dll

OriginalFilename: dwmapi.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Microsoft Desktop Window Manager API

LegalCopyright: © Microsoft Corporation. All rights reserved.

73c30000 73cce000 uxtheme (deferred)

Image path: C:\Windows\system32\uxtheme.dll

Image name: uxtheme.dll

Timestamp: Sat Sep 13 13:15:38 2014 (5413B6DA)

CheckSum: 0009EA4C

ImageSize: 0009E000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: UxTheme.dll

OriginalFilename: UxTheme.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Microsoft UxTheme Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

73cf0000 73cfa000 kernel_appcore (deferred)

Image path: C:\Windows\SYSTEM32\kernel.appcore.dll

Image name: kernel.appcore.dll

Timestamp: Sat Sep 13 12:39:12 2014 (5413AE50)

CheckSum: 00007FB8

ImageSize: 0000A000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: kernel.appcore.dll

OriginalFilename: kernel.appcore.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: AppModel API Host

LegalCopyright: © Microsoft Corporation. All rights reserved.

74200000 74227000 ntmarta (deferred)

Image path: C:\Windows\SYSTEM32

tmarta.dll

Image name: ntmarta.dll

Timestamp: Sat Sep 13 12:02:47 2014 (5413A5C7)

CheckSum: 00030C75

ImageSize: 00027000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: ntmarta.dll

OriginalFilename: ntmarta.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Windows NT MARTA provider

LegalCopyright: © Microsoft Corporation. All rights reserved.

749f0000 74a43000 bcryptPrimitives (deferred)

Image path: C:\Windows\SYSTEM32\bcryptPrimitives.dll

Image name: bcryptPrimitives.dll

Timestamp: Sat Sep 13 12:43:03 2014 (5413AF37)

CheckSum: 000530A3

ImageSize: 00053000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: bcryptprimitives.dll

OriginalFilename: bcryptprimitives.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Windows Cryptographic Primitives Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

74b20000 74b29000 CRYPTBASE (deferred)

Image path: C:\Windows\SYSTEM32\CRYPTBASE.dll

Image name: CRYPTBASE.dll

Timestamp: Sat Sep 13 12:19:58 2014 (5413A9CE)

CheckSum: 0000D9FF

ImageSize: 00009000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: cryptbase.dll

OriginalFilename: cryptbase.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Base cryptographic API DLL

LegalCopyright: © Microsoft Corporation. All rights reserved.

74b40000 74b5f000 bcrypt (deferred)

Image path: C:\Windows\SYSTEM32\bcrypt.dll

Image name: bcrypt.dll

Timestamp: Sat Sep 13 12:45:34 2014 (5413AFCE)

CheckSum: 0002DA71

ImageSize: 0001F000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: bcrypt.dll

OriginalFilename: bcrypt.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Windows Cryptographic Primitives Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

74ee0000 7503f000 KERNELBASE (pdb symbols) c:\symbols\kernelbase.pdb\F83BAE59DD40463DAA4D1FD37820C8BC1\kernelbase.pdb

Loaded symbol image file: KERNELBASE.dll

Image path: C:\Windows\system32\KERNELBASE.dll

Image name: KERNELBASE.dll

Timestamp: Sat Sep 13 12:19:04 2014 (5413A998)

CheckSum: 001632C8

ImageSize: 0015F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

75040000 75197000 USER32 (pdb symbols) c:\symbols\user32.pdb\88592CFA9DB54056BC655C02CC98AB791\user32.pdb

Loaded symbol image file: USER32.dll

Image path: C:\Windows\system32\USER32.dll

Image name: USER32.dll

Timestamp: Sat Sep 13 11:59:36 2014 (5413A508)

CheckSum: 00159B76

ImageSize: 00157000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: user32

OriginalFilename: user32

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Multi-User Windows USER API Client DLL

LegalCopyright: © Microsoft Corporation. All rights reserved.

751a0000 75219000 ADVAPI32 (deferred)

Image path: C:\Windows\system32\ADVAPI32.dll

Image name: ADVAPI32.dll

Timestamp: Sat Sep 13 12:15:16 2014 (5413A8B4)

CheckSum: 000833A7

ImageSize: 00079000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: advapi32.dll

OriginalFilename: advapi32.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Advanced Windows 32 Base API

LegalCopyright: © Microsoft Corporation. All rights reserved.

75220000 752a1000 SHCORE (deferred)

Image path: C:\Windows\system32\SHCORE.DLL

Image name: SHCORE.DLL

Timestamp: Sat Sep 13 11:51:50 2014 (5413A336)

CheckSum: 0008CE8B

ImageSize: 00081000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: SHCORE

OriginalFilename: SHCORE.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: SHCORE

LegalCopyright: © Microsoft Corporation. All rights reserved.

752b0000 75436000 combase (deferred)

Image path: C:\Windows\system32\combase.dll

Image name: combase.dll

Timestamp: Sat Sep 13 11:54:25 2014 (5413A3D1)

CheckSum: 00189DFA

ImageSize: 00186000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: COMBASE.DLL

OriginalFilename: COMBASE.DLL

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Microsoft COM for Windows

LegalCopyright: © Microsoft Corporation. All rights reserved.

75440000 7546e000 IMM32 (deferred)

Image path: C:\Windows\system32\IMM32.DLL

Image name: IMM32.DLL

Timestamp: Sat Sep 13 11:59:17 2014 (5413A4F5)

CheckSum: 0003A5FA

ImageSize: 0002E000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: imm32

OriginalFilename: imm32

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Multi-User Windows IMM32 API Client DLL

LegalCopyright: © Microsoft Corporation. All rights reserved.

75610000 75652000 SHLWAPI (deferred)

Image path: C:\Windows\system32\SHLWAPI.dll

Image name: SHLWAPI.dll

Timestamp: Sat Sep 13 11:33:08 2014 (54139ED4)

CheckSum: 0004F30D

ImageSize: 00042000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: SHLWAPI

OriginalFilename: SHLWAPI.DLL

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Shell Light-weight Utility Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

756e0000 75833000 GDI32 (deferred)

Image path: C:\Windows\system32\GDI32.dll

Image name: GDI32.dll

Timestamp: Sat Sep 13 12:44:46 2014 (5413AF9E)

CheckSum: 001575A7

ImageSize: 00153000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: gdi32

OriginalFilename: gdi32

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: GDI Client DLL

LegalCopyright: © Microsoft Corporation. All rights reserved.

75890000 7594e000 msvcrt (deferred)

Image path: C:\Windows\system32\msvcrt.dll

Image name: msvcrt.dll

Timestamp: Sat Sep 13 13:18:46 2014 (5413B796)

CheckSum: 000C23C9

ImageSize: 000BE000

File version: 7.0.9841.0

Product version: 6.1.8638.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: msvcrt.dll

OriginalFilename: msvcrt.dll

ProductVersion: 7.0.9841.0

FileVersion: 7.0.9841.0 (fbl_release.140912-1613)

FileDescription: Windows NT CRT DLL

LegalCopyright: © Microsoft Corporation. All rights reserved.

75950000 75992000 sechost (deferred)

Image path: C:\Windows\system32\sechost.dll

Image name: sechost.dll

Timestamp: Sat Sep 13 12:19:01 2014 (5413A995)

CheckSum: 0004EFD3

ImageSize: 00042000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 1.0 App

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: sechost.dll

OriginalFilename: sechost.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Host for SCM/SDDL/LSA Lookup APIs

LegalCopyright: © Microsoft Corporation. All rights reserved.

759b0000 76cba000 SHELL32 (deferred)

Image path: C:\Windows\system32\SHELL32.dll

Image name: SHELL32.dll

Timestamp: Sat Sep 13 11:37:28 2014 (54139FD8)

CheckSum: 0133360E

ImageSize: 0130A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

76e30000 76ec0000 KERNEL32 (pdb symbols) c:\symbols\kernel32.pdb\CC55D9DB2B87455DB0696749DD510C6C1\kernel32.pdb

Loaded symbol image file: KERNEL32.DLL

Image path: C:\Windows\system32\KERNEL32.DLL

Image name: KERNEL32.DLL

Timestamp: Sat Sep 13 13:13:34 2014 (5413B65E)

CheckSum: 000A0A9F

ImageSize: 00090000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

77060000 77174000 MSCTF (deferred)

Image path: C:\Windows\system32\MSCTF.dll

Image name: MSCTF.dll

Timestamp: Sat Sep 13 11:52:46 2014 (5413A36E)

CheckSum: 0011E8BF

ImageSize: 00114000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

77180000 7721a000 comdlg32 (deferred)

Image path: C:\Windows\system32\comdlg32.dll

Image name: comdlg32.dll

Timestamp: Sat Sep 13 12:00:04 2014 (5413A524)

CheckSum: 000A3373

ImageSize: 0009A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

77220000 772ed000 RPCRT4 (deferred)

Image path: C:\Windows\system32\RPCRT4.dll

Image name: RPCRT4.dll

Timestamp: Sat Sep 13 12:09:53 2014 (5413A771)

CheckSum: 000DC2F8

ImageSize: 000CD000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: rpcrt4.dll

OriginalFilename: rpcrt4.dll

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Remote Procedure Call Runtime

LegalCopyright: © Microsoft Corporation. All rights reserved.

77430000 775a4000 ntdll (pdb symbols) c:\symbols

tdll.pdb\70FD0887B4CC4B48AA65FA136E9F7F0F1

tdll.pdb

Loaded symbol image file: ntdll.dll

Image path: C:\Windows\SYSTEM32

tdll.dll

Image name: ntdll.dll

Timestamp: Sat Sep 13 13:19:21 2014 (5413B7B9)

CheckSum: 0017F7B4

ImageSize: 00174000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

803d6000 803de000 kd (deferred)

Image path: \SystemRoot\system32\kd.dll

Image name: kd.dll

Timestamp: Sat Sep 13 13:18:46 2014 (5413B796)

CheckSum: 0000AE4F

ImageSize: 00008000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

80c04000 811f9000 nt (pdb symbols) c:\symbols

tkrpamp.pdb\D6A45AA28E89439FAD70BF52349C306E1

tkrpamp.pdb

Loaded symbol image file: ntkrpamp.exe

Image path: ntkrpamp.exe

Image name: ntkrpamp.exe

Timestamp: Sat Sep 13 13:20:53 2014 (5413B815)

CheckSum: 00590F17

ImageSize: 005F5000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

811f9000 81254000 hal (deferred)

Image path: halmacpi.dll

Image name: halmacpi.dll

Timestamp: Sat Sep 13 11:21:39 2014 (54139C23)

CheckSum: 00056107

ImageSize: 0005B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

81800000 81823000 pacer (deferred)

Image path: \SystemRoot\system32\DRIVERS\pacer.sys

Image name: pacer.sys

Timestamp: Sat Sep 13 13:14:38 2014 (5413B69E)

CheckSum: 0002D03D

ImageSize: 00023000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

81830000 8186b000 WdFilter (deferred)

Image path: \SystemRoot\system32\drivers\WdFilter.sys

Image name: WdFilter.sys

Timestamp: Sat Sep 13 13:17:45 2014 (5413B759)

CheckSum: 0003E03F

ImageSize: 0003B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

81870000 819dc000 dxgkrnl (deferred)

Image path: \SystemRoot\System32\drivers\dxgkrnl.sys

Image name: dxgkrnl.sys

Timestamp: Sat Sep 13 13:16:54 2014 (5413B726)

CheckSum: 0016831F

ImageSize: 0016C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84600000 8460a000 BOOTVID (deferred)

Image path: \SystemRoot\system32\BOOTVID.dll

Image name: BOOTVID.dll

Timestamp: Sat Sep 13 13:18:40 2014 (5413B790)

CheckSum: 0000FFA5

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84610000 8461a000 cmimcext (deferred)

Image path: \SystemRoot\System32\drivers\cmimcext.sys

Image name: cmimcext.sys

Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)

CheckSum: 00008D90

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84620000 84629000 ntosext (deferred)

Image path: \SystemRoot\System32\drivers

tosext.sys

Image name: ntosext.sys

Timestamp: Sat Sep 13 11:21:29 2014 (54139C19)

CheckSum: 00009AE1

ImageSize: 00009000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84630000 846b3000 CI (deferred)

Image path: \SystemRoot\system32\CI.dll

Image name: CI.dll

Timestamp: Sat Sep 13 13:16:55 2014 (5413B727)

CheckSum: 0008A6D1

ImageSize: 00083000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

846c0000 846e3e00 prl_fs (deferred)

Image path: \SystemRoot\system32\DRIVERS\prl_fs.sys

Image name: prl_fs.sys

Timestamp: Thu Jul 03 02:21:36 2014 (53B43190)

CheckSum: 00035671

ImageSize: 00023E00

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

846f0000 8475e000 mcupdate_GenuineIntel (deferred)

Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll

Image name: mcupdate_GenuineIntel.dll

Timestamp: Sat Sep 13 13:18:34 2014 (5413B78A)

CheckSum: 0006EFEF

ImageSize: 0006E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84760000 8476c000 werkernel (deferred)

Image path: \SystemRoot\System32\drivers\werkernel.sys

Image name: werkernel.sys

Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)

CheckSum: 000179C8

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84770000 847ba000 CLFS (deferred)

Image path: \SystemRoot\System32\drivers\CLFS.SYS

Image name: CLFS.SYS

Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)

CheckSum: 0004B528

ImageSize: 0004A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

847c0000 847db000 tm (deferred)

Image path: \SystemRoot\System32\drivers\tm.sys

Image name: tm.sys

Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)

CheckSum: 00024269

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

847e0000 847f3000 PSHED (deferred)

Image path: \SystemRoot\system32\PSHED.dll

Image name: PSHED.dll

Timestamp: Sat Sep 13 14:23:33 2014 (5413C6C5)

CheckSum: 0001671C

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84a00000 84a17000 acpiex (deferred)

Image path: \SystemRoot\System32\Drivers\acpiex.sys

Image name: acpiex.sys

Timestamp: Sat Sep 13 13:16:44 2014 (5413B71C)

CheckSum: 00019C5B

ImageSize: 00017000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84a20000 84a2a000 WppRecorder (deferred)

Image path: \SystemRoot\System32\Drivers\WppRecorder.sys

Image name: WppRecorder.sys

Timestamp: Sat Sep 13 13:18:10 2014 (5413B772)

CheckSum: 0000CE16

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84a30000 84a65000 Wof (deferred)

Image path: \SystemRoot\System32\Drivers\Wof.sys

Image name: Wof.sys

Timestamp: Sat Sep 13 13:16:28 2014 (5413B70C)

CheckSum: 0003EB32

ImageSize: 00035000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84a80000 84ab2000 msrpc (deferred)

Image path: \SystemRoot\System32\drivers\msrpc.sys

Image name: msrpc.sys

Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)

CheckSum: 0002E989

ImageSize: 00032000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84ac0000 84b06000 FLTMGR (deferred)

Image path: \SystemRoot\System32\drivers\FLTMGR.SYS

Image name: FLTMGR.SYS

Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)

CheckSum: 0004BF00

ImageSize: 00046000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84b10000 84b2b000 ksecdd (deferred)

Image path: \SystemRoot\System32\drivers\ksecdd.sys

Image name: ksecdd.sys

Timestamp: Sat Sep 13 13:17:46 2014 (5413B75A)

CheckSum: 0001AE81

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84b30000 84b41000 clipsp (deferred)

Image path: \SystemRoot\System32\drivers\clipsp.sys

Image name: clipsp.sys

Timestamp: Sat Sep 13 13:17:41 2014 (5413B755)

CheckSum: 0001072D

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84b50000 84bef000 Wdf01000 (deferred)

Image path: \SystemRoot\system32\drivers\Wdf01000.sys

Image name: Wdf01000.sys

Timestamp: Sat Sep 13 13:16:24 2014 (5413B708)

CheckSum: 000A4A57

ImageSize: 0009F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84bf0000 84bfe000 WDFLDR (deferred)

Image path: \SystemRoot\system32\drivers\WDFLDR.SYS

Image name: WDFLDR.SYS

Timestamp: Sat Sep 13 13:17:39 2014 (5413B753)

CheckSum: 0000F4AC

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84c00000 84c09000 WMILIB (deferred)

Image path: \SystemRoot\System32\drivers\WMILIB.SYS

Image name: WMILIB.SYS

Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)

CheckSum: 0000F42E

ImageSize: 00009000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84c10000 84c87000 cng (deferred)

Image path: \SystemRoot\System32\Drivers\cng.sys

Image name: cng.sys

Timestamp: Sat Sep 13 13:16:43 2014 (5413B71B)

CheckSum: 00084215

ImageSize: 00077000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84ca0000 84cae000 pcw (deferred)

Image path: \SystemRoot\System32\drivers\pcw.sys

Image name: pcw.sys

Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)

CheckSum: 000185A7

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84cb0000 84cb8000 msisadrv (deferred)

Image path: \SystemRoot\System32\drivers\msisadrv.sys

Image name: msisadrv.sys

Timestamp: Sat Sep 13 13:17:43 2014 (5413B757)

CheckSum: 00012FAB

ImageSize: 00008000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84cc0000 84cfa000 pci (deferred)

Image path: \SystemRoot\System32\drivers\pci.sys

Image name: pci.sys

Timestamp: Sat Sep 13 13:17:07 2014 (5413B733)

CheckSum: 0003AC58

ImageSize: 0003A000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: pci.sys

OriginalFilename: pci.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: NT Plug and Play PCI Enumerator

LegalCopyright: © Microsoft Corporation. All rights reserved.

84d00000 84d0b000 vdrvroot (deferred)

Image path: \SystemRoot\System32\drivers\vdrvroot.sys

Image name: vdrvroot.sys

Timestamp: Sat Sep 13 13:17:37 2014 (5413B751)

CheckSum: 0000C2FA

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84d10000 84d14300 prl_tg (deferred)

Image path: \SystemRoot\System32\drivers\prl_tg.sys

Image name: prl_tg.sys

Timestamp: Thu Jul 03 02:20:11 2014 (53B4313B)

CheckSum: 00009D61

ImageSize: 00004300

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84d20000 84d34000 pdc (deferred)

Image path: \SystemRoot\system32\drivers\pdc.sys

Image name: pdc.sys

Timestamp: Sat Sep 13 11:21:31 2014 (54139C1B)

CheckSum: 0001A36E

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84d40000 84d50000 CEA (deferred)

Image path: \SystemRoot\system32\drivers\CEA.sys

Image name: CEA.sys

Timestamp: Sat Sep 13 13:17:25 2014 (5413B745)

CheckSum: 000106D5

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84d50000 84d68000 partmgr (deferred)

Image path: \SystemRoot\System32\drivers\partmgr.sys

Image name: partmgr.sys

Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)

CheckSum: 0001D3BB

ImageSize: 00018000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84d70000 84dcf000 spaceport (deferred)

Image path: \SystemRoot\System32\drivers\spaceport.sys

Image name: spaceport.sys

Timestamp: Sat Sep 13 13:16:35 2014 (5413B713)

CheckSum: 0005E557

ImageSize: 0005F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84dd0000 84de3000 volmgr (deferred)

Image path: \SystemRoot\System32\drivers\volmgr.sys

Image name: volmgr.sys

Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)

CheckSum: 00012A26

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84df0000 84e3e000 volmgrx (deferred)

Image path: \SystemRoot\System32\drivers\volmgrx.sys

Image name: volmgrx.sys

Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)

CheckSum: 0005A2C8

ImageSize: 0004E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84e40000 84e47000 intelide (deferred)

Image path: \SystemRoot\System32\drivers\intelide.sys

Image name: intelide.sys

Timestamp: Sat Sep 13 13:18:22 2014 (5413B77E)

CheckSum: 0000DCF0

ImageSize: 00007000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: intelide.sys

OriginalFilename: intelide.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Intel PCI IDE Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

84e50000 84e5e000 PCIIDEX (deferred)

Image path: \SystemRoot\System32\drivers\PCIIDEX.SYS

Image name: PCIIDEX.SYS

Timestamp: Sat Sep 13 13:18:03 2014 (5413B76B)

CheckSum: 000180E5

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84e60000 84e76000 mountmgr (deferred)

Image path: \SystemRoot\System32\drivers\mountmgr.sys

Image name: mountmgr.sys

Timestamp: Sat Sep 13 13:18:17 2014 (5413B779)

CheckSum: 0002342E

ImageSize: 00016000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84e80000 84e89000 atapi (deferred)

Image path: \SystemRoot\System32\drivers\atapi.sys

Image name: atapi.sys

Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)

CheckSum: 0000B802

ImageSize: 00009000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84e90000 84eba000 ataport (deferred)

Image path: \SystemRoot\System32\drivers\ataport.SYS

Image name: ataport.SYS

Timestamp: Sat Sep 13 13:18:05 2014 (5413B76D)

CheckSum: 000284D0

ImageSize: 0002A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84ec0000 84edb000 storahci (deferred)

Image path: \SystemRoot\System32\drivers\storahci.sys

Image name: storahci.sys

Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)

CheckSum: 000225B4

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84ee0000 84f37000 storport (deferred)

Image path: \SystemRoot\System32\drivers\storport.sys

Image name: storport.sys

Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)

CheckSum: 00060BC0

ImageSize: 00057000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84f40000 84f56000 EhStorClass (deferred)

Image path: \SystemRoot\System32\drivers\EhStorClass.sys

Image name: EhStorClass.sys

Timestamp: Sat Sep 13 13:17:14 2014 (5413B73A)

CheckSum: 0002079C

ImageSize: 00016000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84f60000 84f72000 fileinfo (deferred)

Image path: \SystemRoot\System32\drivers\fileinfo.sys

Image name: fileinfo.sys

Timestamp: Sat Sep 13 13:17:28 2014 (5413B748)

CheckSum: 0001D915

ImageSize: 00012000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

84f80000 84ff5000 ACPI (deferred)

Image path: \SystemRoot\System32\drivers\ACPI.sys

Image name: ACPI.sys

Timestamp: Sat Sep 13 11:21:39 2014 (54139C23)

CheckSum: 00072E09

ImageSize: 00075000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85000000 85025000 ksecpkg (deferred)

Image path: \SystemRoot\System32\Drivers\ksecpkg.sys

Image name: ksecpkg.sys

Timestamp: Sat Sep 13 13:16:29 2014 (5413B70D)

CheckSum: 00029D3B

ImageSize: 00025000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85030000 8506a000 netbt (deferred)

Image path: \SystemRoot\System32\DRIVERS

etbt.sys

Image name: netbt.sys

Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)

CheckSum: 000450BC

ImageSize: 0003A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85070000 850e7000 afd (deferred)

Image path: \SystemRoot\system32\drivers\afd.sys

Image name: afd.sys

Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)

CheckSum: 0007E9F1

ImageSize: 00077000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

850f0000 8529b000 Ntfs (deferred)

Image path: \SystemRoot\System32\Drivers\Ntfs.sys

Image name: Ntfs.sys

Timestamp: Sat Sep 13 11:21:50 2014 (54139C2E)

CheckSum: 001AFEFF

ImageSize: 001AB000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: ntfs.sys

OriginalFilename: ntfs.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: NT File System Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

852a0000 852aa000 Fs_Rec (deferred)

Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys

Image name: Fs_Rec.sys

Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)

CheckSum: 00007E47

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

852b0000 8538f000 ndis (deferred)

Image path: \SystemRoot\system32\drivers

dis.sys

Image name: ndis.sys

Timestamp: Sat Sep 13 13:16:10 2014 (5413B6FA)

CheckSum: 000E3445

ImageSize: 000DF000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85390000 853e1000 NETIO (deferred)

Image path: \SystemRoot\system32\drivers\NETIO.SYS

Image name: NETIO.SYS

Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)

CheckSum: 0004F60D

ImageSize: 00051000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

853f0000 853fe000 netbios (deferred)

Image path: \SystemRoot\system32\DRIVERS

etbios.sys

Image name: netbios.sys

Timestamp: Sat Sep 13 13:17:12 2014 (5413B738)

CheckSum: 00016CD1

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85400000 85411000 mup (deferred)

Image path: \SystemRoot\System32\Drivers\mup.sys

Image name: mup.sys

Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)

CheckSum: 00011905

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85420000 8542c000 intelpep (deferred)

Image path: \SystemRoot\System32\drivers\intelpep.sys

Image name: intelpep.sys

Timestamp: Sat Sep 13 13:17:34 2014 (5413B74E)

CheckSum: 0000E8F5

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85430000 8543c000 TDI (deferred)

Image path: \SystemRoot\system32\DRIVERS\TDI.SYS

Image name: TDI.SYS

Timestamp: Sat Sep 13 13:17:14 2014 (5413B73A)

CheckSum: 00010CD6

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85440000 85457000 disk (deferred)

Image path: \SystemRoot\System32\drivers\disk.sys

Image name: disk.sys

Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)

CheckSum: 0002141C

ImageSize: 00017000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85460000 854b4000 CLASSPNP (deferred)

Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS

Image name: CLASSPNP.SYS

Timestamp: Sat Sep 13 11:21:37 2014 (54139C21)

CheckSum: 0005C140

ImageSize: 00054000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

854e0000 854f1000 crashdmp (deferred)

Image path: \SystemRoot\System32\Drivers\crashdmp.sys

Image name: crashdmp.sys

Timestamp: Sat Sep 13 13:18:21 2014 (5413B77D)

CheckSum: 000108DB

ImageSize: 00011000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: crashdmp.sys

OriginalFilename: crashdmp.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Crash Dump Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

85500000 85556000 srv (deferred)

Image path: \SystemRoot\System32\DRIVERS\srv.sys

Image name: srv.sys

Timestamp: Sat Sep 13 13:16:19 2014 (5413B703)

CheckSum: 0005FF11

ImageSize: 00056000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

855a0000 855c3000 cdrom (deferred)

Image path: \SystemRoot\System32\drivers\cdrom.sys

Image name: cdrom.sys

Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)

CheckSum: 0002248C

ImageSize: 00023000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

855d0000 855d7000 Null (deferred)

Image path: \SystemRoot\System32\Drivers\Null.SYS

Image name: Null.SYS

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Timestamp: unavailable (FFFFFFFE)

CheckSum: missing

ImageSize: 00007000

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

Page 330e not present in the dump file. Type “.hh dbgerr004” for details

855e0000 855e7000 Beep (deferred)

Image path: \SystemRoot\System32\Drivers\Beep.SYS

Image name: Beep.SYS

Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)

CheckSum: 00001CB3

ImageSize: 00007000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

855f0000 85600000 BasicDisplay (deferred)

Image path: \SystemRoot\System32\drivers\BasicDisplay.sys

Image name: BasicDisplay.sys

Timestamp: Sat Sep 13 13:17:59 2014 (5413B767)

CheckSum: 0000E606

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85600000 8560e000 watchdog (deferred)

Image path: \SystemRoot\System32\drivers\watchdog.sys

Image name: watchdog.sys

Timestamp: Sat Sep 13 13:18:06 2014 (5413B76E)

CheckSum: 0000FDE5

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85610000 8561c000 BasicRender (deferred)

Image path: \SystemRoot\System32\drivers\BasicRender.sys

Image name: BasicRender.sys

Timestamp: Sat Sep 13 13:17:50 2014 (5413B75E)

CheckSum: 0001534B

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85620000 85630000 Npfs (deferred)

Image path: \SystemRoot\System32\Drivers\Npfs.SYS

Image name: Npfs.SYS

Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)

CheckSum: 0000C537

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

85630000 8563b000 Msfs (deferred)

Image path: \SystemRoot\System32\Drivers\Msfs.SYS

Image name: Msfs.SYS

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Timestamp: unavailable (FFFFFFFE)

CheckSum: missing

ImageSize: 0000B000

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

Page c40 not present in the dump file. Type “.hh dbgerr004” for details

85640000 85647b00 prl_boot (deferred)

Image path: \SystemRoot\System32\Drivers\prl_boot.sys

Image name: prl_boot.sys

Timestamp: Thu Jul 03 02:22:26 2014 (53B431C2)

CheckSum: 00011884

ImageSize: 00007B00

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85650000 8566a000 tdx (deferred)

Image path: \SystemRoot\system32\DRIVERS\tdx.sys

Image name: tdx.sys

Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)

CheckSum: 000176A3

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85670000 8584c000 tcpip (deferred)

Image path: \SystemRoot\System32\drivers\tcpip.sys

Image name: tcpip.sys

Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)

CheckSum: 001DBE8F

ImageSize: 001DC000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85850000 85898000 fwpkclnt (deferred)

Image path: \SystemRoot\System32\drivers\fwpkclnt.sys

Image name: fwpkclnt.sys

Timestamp: Sat Sep 13 13:16:06 2014 (5413B6F6)

CheckSum: 00045D66

ImageSize: 00048000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

858a0000 858b3000 wfplwfs (deferred)

Image path: \SystemRoot\system32\DRIVERS\wfplwfs.sys

Image name: wfplwfs.sys

Timestamp: Sat Sep 13 13:15:58 2014 (5413B6EE)

CheckSum: 000173D9

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

858c0000 85944000 fvevol (deferred)

Image path: \SystemRoot\System32\DRIVERS\fvevol.sys

Image name: fvevol.sys

Timestamp: Sat Sep 13 13:16:38 2014 (5413B716)

CheckSum: 0008E9C8

ImageSize: 00084000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

85950000 859a8000 volsnap (deferred)

Image path: \SystemRoot\System32\drivers\volsnap.sys

Image name: volsnap.sys

Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)

CheckSum: 00056D8A

ImageSize: 00058000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

859b0000 859e5000 rdyboost (deferred)

Image path: \SystemRoot\System32\drivers\rdyboost.sys

Image name: rdyboost.sys

Timestamp: Sat Sep 13 13:17:24 2014 (5413B744)

CheckSum: 0003DE68

ImageSize: 00035000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

859f0000 859fb000 prl_strg (deferred)

Image path: \SystemRoot\system32\DRIVERS\prl_strg.sys

Image name: prl_strg.sys

Timestamp: Thu Jul 03 02:27:00 2014 (53B432D4)

CheckSum: 00011D25

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89600000 8960b000 mssmbios (deferred)

Image path: \SystemRoot\System32\drivers\mssmbios.sys

Image name: mssmbios.sys

Timestamp: Sat Sep 13 13:18:04 2014 (5413B76C)

CheckSum: 000096F0

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89610000 8962e000 dfsc (deferred)

Image path: \SystemRoot\System32\Drivers\dfsc.sys

Image name: dfsc.sys

Timestamp: Sat Sep 13 13:17:00 2014 (5413B72C)

CheckSum: 0001A13D

ImageSize: 0001E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89640000 89664000 ahcache (deferred)

Image path: \SystemRoot\system32\DRIVERS\ahcache.sys

Image name: ahcache.sys

Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)

CheckSum: 0002F792

ImageSize: 00024000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89670000 8967d000 CompositeBus (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_52685d853a5f64f3\CompositeBus.sys

Image name: CompositeBus.sys

Timestamp: Sat Sep 13 13:17:32 2014 (5413B74C)

CheckSum: 00011F50

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89680000 8968a000 kdnic (deferred)

Image path: \SystemRoot\system32\DRIVERS\kdnic.sys

Image name: kdnic.sys

Timestamp: Sat Sep 13 13:17:04 2014 (5413B730)

CheckSum: 0000F9A2

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89690000 8969e000 umbus (deferred)

Image path: \SystemRoot\System32\drivers\umbus.sys

Image name: umbus.sys

Timestamp: Sat Sep 13 13:17:42 2014 (5413B756)

CheckSum: 00011CE7

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

896a0000 896be000 intelppm (deferred)

Image path: \SystemRoot\System32\drivers\intelppm.sys

Image name: intelppm.sys

Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)

CheckSum: 00025E04

ImageSize: 0001E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

896c0000 896e5000 prl_kmdd (deferred)

Image path: \SystemRoot\system32\DRIVERS\prl_kmdd.sys

Image name: prl_kmdd.sys

Timestamp: Thu Jul 03 02:21:17 2014 (53B4317D)

CheckSum: 00028C23

ImageSize: 00025000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

896f0000 8970d200 E1G60I32 (deferred)

Image path: \SystemRoot\system32\DRIVERS\E1G60I32.sys

Image name: E1G60I32.sys

Timestamp: Wed Mar 24 08:07:51 2010 (4BA92DA7)

CheckSum: 000282C0

ImageSize: 0001D200

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89710000 89717000 prl_memdev (deferred)

Image path: \SystemRoot\System32\drivers\prl_memdev.sys

Image name: prl_memdev.sys

Timestamp: Thu Jul 03 02:20:09 2014 (53B43139)

CheckSum: 0000F8AB

ImageSize: 00007000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89720000 8972b000 usbuhci (deferred)

Image path: \SystemRoot\System32\drivers\usbuhci.sys

Image name: usbuhci.sys

Timestamp: Sat Sep 13 13:17:57 2014 (5413B765)

CheckSum: 00013A07

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89730000 89790000 USBPORT (deferred)

Image path: \SystemRoot\System32\drivers\USBPORT.SYS

Image name: USBPORT.SYS

Timestamp: Sat Sep 13 13:18:05 2014 (5413B76D)

CheckSum: 0005FEAD

ImageSize: 00060000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89790000 897d5000 USBXHCI (deferred)

Image path: \SystemRoot\System32\drivers\USBXHCI.SYS

Image name: USBXHCI.SYS

Timestamp: Sat Sep 13 13:16:34 2014 (5413B712)

CheckSum: 0004EBE2

ImageSize: 00045000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbxhci.sys

OriginalFilename: usbxhci.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: USB XHCI Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

897e0000 8980b000 ucx01000 (deferred)

Image path: \SystemRoot\System32\drivers\ucx01000.sys

Image name: ucx01000.sys

Timestamp: Sat Sep 13 13:16:41 2014 (5413B719)

CheckSum: 0002F0FB

ImageSize: 0002B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89810000 89824000 usbehci (deferred)

Image path: \SystemRoot\System32\drivers\usbehci.sys

Image name: usbehci.sys

Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)

CheckSum: 0001BDBB

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89830000 89849000 i8042prt (deferred)

Image path: \SystemRoot\System32\drivers\i8042prt.sys

Image name: i8042prt.sys

Timestamp: Sat Sep 13 13:17:47 2014 (5413B75B)

CheckSum: 00018714

ImageSize: 00019000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89850000 8985e000 kbdclass (deferred)

Image path: \SystemRoot\System32\drivers\kbdclass.sys

Image name: kbdclass.sys

Timestamp: Sat Sep 13 13:17:52 2014 (5413B760)

CheckSum: 00015CDA

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89860000 89862700 prl_mouf (deferred)

Image path: \SystemRoot\System32\drivers\prl_mouf.sys

Image name: prl_mouf.sys

Timestamp: Thu Jul 03 02:20:39 2014 (53B43157)

CheckSum: 00004B94

ImageSize: 00002700

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89870000 8987c000 mouclass (deferred)

Image path: \SystemRoot\System32\drivers\mouclass.sys

Image name: mouclass.sys

Timestamp: Sat Sep 13 13:17:50 2014 (5413B75E)

CheckSum: 0000B120

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89880000 8988f000 prl_sound (deferred)

Image path: \SystemRoot\system32\DRIVERS\prl_sound.sys

Image name: prl_sound.sys

Timestamp: Thu Jul 03 02:26:55 2014 (53B432CF)

CheckSum: 0000C1CF

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89890000 898cb000 portcls (deferred)

Image path: \SystemRoot\system32\DRIVERS\portcls.sys

Image name: portcls.sys

Timestamp: Sat Sep 13 13:16:29 2014 (5413B70D)

CheckSum: 00040388

ImageSize: 0003B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

898d0000 898e5000 drmk (deferred)

Image path: \SystemRoot\system32\DRIVERS\drmk.sys

Image name: drmk.sys

Timestamp: Sat Sep 13 13:17:53 2014 (5413B761)

CheckSum: 0001BB7E

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

898f0000 898f5d00 MpKsld125cf3e (deferred)

Image path: \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56A75674-70B6-4061-BCD6-254E1D99F288}\MpKsld125cf3e.sys

Image name: MpKsld125cf3e.sys

Timestamp: Thu Aug 22 08:32:05 2013 (52153FE5)

CheckSum: 00012C3C

ImageSize: 00005D00

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89910000 89967000 rdbss (deferred)

Image path: \SystemRoot\system32\DRIVERS\rdbss.sys

Image name: rdbss.sys

Timestamp: Sat Sep 13 13:16:32 2014 (5413B710)

CheckSum: 0005527E

ImageSize: 00057000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

89970000 899de000 csc (deferred)

Image path: \SystemRoot\system32\drivers\csc.sys

Image name: csc.sys

Timestamp: Sat Sep 13 13:17:06 2014 (5413B732)

CheckSum: 00070E21

ImageSize: 0006E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

899e0000 899ec000 nsiproxy (deferred)

Image path: \SystemRoot\system32\drivers

siproxy.sys

Image name: nsiproxy.sys

Timestamp: Sat Sep 13 13:16:15 2014 (5413B6FF)

CheckSum: 0000B7FA

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

899f0000 899fb000 npsvctrig (deferred)

Image path: \SystemRoot\System32\drivers

psvctrig.sys

Image name: npsvctrig.sys

Timestamp: Sat Sep 13 13:17:25 2014 (5413B745)

CheckSum: 00005D85

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a000000 8a01a000 HIDCLASS (deferred)

Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS

Image name: HIDCLASS.SYS

Timestamp: Sat Sep 13 13:17:46 2014 (5413B75A)

CheckSum: 0001CBB5

ImageSize: 0001A000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: hidclass.sys

OriginalFilename: hidclass.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Hid Class Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a020000 8a02a000 mouhid (deferred)

Image path: \SystemRoot\System32\drivers\mouhid.sys

Image name: mouhid.sys

Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)

CheckSum: 0000D25A

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a030000 8a03b000 kbdhid (deferred)

Image path: \SystemRoot\System32\drivers\kbdhid.sys

Image name: kbdhid.sys

Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)

CheckSum: 0000EE04

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a040000 8a05d000 luafv (deferred)

Image path: \SystemRoot\system32\drivers\luafv.sys

Image name: luafv.sys

Timestamp: Sat Sep 13 13:18:06 2014 (5413B76E)

CheckSum: 0001EF10

ImageSize: 0001D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a060000 8a070000 lltdio (deferred)

Image path: \SystemRoot\system32\DRIVERS\lltdio.sys

Image name: lltdio.sys

Timestamp: Sat Sep 13 13:16:03 2014 (5413B6F3)

CheckSum: 0001524A

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a070000 8a084000 rspndr (deferred)

Image path: \SystemRoot\system32\DRIVERS\rspndr.sys

Image name: rspndr.sys

Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)

CheckSum: 0001C001

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a090000 8a09b000 usbprint (deferred)

Image path: \SystemRoot\System32\drivers\usbprint.sys

Image name: usbprint.sys

Timestamp: Sat Sep 13 13:16:13 2014 (5413B6FD)

CheckSum: 0000EBDA

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a0b0000 8a0bb000 dump_diskdump (deferred)

Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys

Image name: dump_diskdump.sys

Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)

CheckSum: 0001241F

ImageSize: 0000B000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: diskdump.sys

OriginalFilename: diskdump.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Crash Dump Disk Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a0e0000 8a0fb000 dump_storahci (deferred)

Image path: \SystemRoot\System32\Drivers\dump_storahci.sys

Image name: dump_storahci.sys

Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)

CheckSum: 000225B4

ImageSize: 0001B000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: storahci.sys

OriginalFilename: storahci.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: MS AHCI Storport Miniport Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a120000 8a133000 dump_dumpfve (deferred)

Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys

Image name: dump_dumpfve.sys

Timestamp: Sat Sep 13 13:18:16 2014 (5413B778)

CheckSum: 00015A17

ImageSize: 00013000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0000.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: dumpfve.sys

OriginalFilename: dumpfve.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Bitlocker Drive Encryption Crashdump Filter

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a140000 8a193000 dxgmms1 (deferred)

Image path: \SystemRoot\System32\drivers\dxgmms1.sys

Image name: dxgmms1.sys

Timestamp: Sat Sep 13 13:16:36 2014 (5413B714)

CheckSum: 00054E15

ImageSize: 00053000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: dxgmms1.sys

OriginalFilename: dxgmms1.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: DirectX Graphics MMS

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a1a0000 8a1ab000 monitor (deferred)

Image path: \SystemRoot\System32\drivers\monitor.sys

Image name: monitor.sys

Timestamp: Sat Sep 13 13:16:14 2014 (5413B6FE)

CheckSum: 0000D3D8

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a1b0000 8a1b1880 myfault (no symbols)

Loaded symbol image file: myfault.sys

Image path: \??\C:\Windows\system32\drivers\myfault.sys

Image name: myfault.sys

Timestamp: Sun Apr 08 02:34:40 2012 (4F806CA0)

CheckSum: 00003871

ImageSize: 00001880

File version: 4.0.0.0

Product version: 4.0.0.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Sysinternals

ProductName: Sysinternals Myfault

InternalName: myfault.sys

OriginalFilename: myfault.sys

ProductVersion: 4.0

FileVersion: 4.0 (sysinternals.com)

FileDescription: Crash Test Driver

LegalCopyright: Copyright © 2002-2012 Mark Russinovich

8a1c0000 8a205000 ks (deferred)

Image path: \SystemRoot\system32\DRIVERS\ks.sys

Image name: ks.sys

Timestamp: Sat Sep 13 13:18:04 2014 (5413B76C)

CheckSum: 00040D56

ImageSize: 00045000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a210000 8a215080 CmBatt (deferred)

Image path: \SystemRoot\System32\drivers\CmBatt.sys

Image name: CmBatt.sys

Timestamp: Sat Sep 13 13:18:03 2014 (5413B76B)

CheckSum: 000065BF

ImageSize: 00005080

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a220000 8a22b000 BATTC (deferred)

Image path: \SystemRoot\System32\drivers\BATTC.SYS

Image name: BATTC.SYS

Timestamp: Sat Sep 13 13:18:23 2014 (5413B77F)

CheckSum: 0000B8DD

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a230000 8a238000 NdisVirtualBus (deferred)

Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys

Image name: NdisVirtualBus.sys

Timestamp: Sat Sep 13 13:16:11 2014 (5413B6FB)

CheckSum: 00007E21

ImageSize: 00008000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a240000 8a241400 swenum (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_x86_a44e7d5abb8c9783\swenum.sys

Image name: swenum.sys

Timestamp: Sat Sep 13 13:17:59 2014 (5413B767)

CheckSum: 000116B9

ImageSize: 00001400

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a250000 8a25a000 rdpbus (deferred)

Image path: \SystemRoot\System32\drivers\rdpbus.sys

Image name: rdpbus.sys

Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)

CheckSum: 0000B151

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a260000 8a2bc000 usbhub (deferred)

Image path: \SystemRoot\System32\drivers\usbhub.sys

Image name: usbhub.sys

Timestamp: Sat Sep 13 13:17:22 2014 (5413B742)

CheckSum: 0005DB85

ImageSize: 0005C000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbhub.sys

OriginalFilename: usbhub.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Default Hub Driver for USB

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a2c0000 8a2ca000 USBD (deferred)

Image path: \SystemRoot\System32\drivers\USBD.SYS

Image name: USBD.SYS

Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)

CheckSum: 00014686

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a2d0000 8a333000 UsbHub3 (deferred)

Image path: \SystemRoot\System32\drivers\UsbHub3.sys

Image name: UsbHub3.sys

Timestamp: Sat Sep 13 13:16:25 2014 (5413B709)

CheckSum: 0006120F

ImageSize: 00063000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbhub3.sys

OriginalFilename: usbhub3.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: USB3 HUB Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a340000 8a385000 udfs (deferred)

Image path: \SystemRoot\system32\DRIVERS\udfs.sys

Image name: udfs.sys

Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)

CheckSum: 00042F9C

ImageSize: 00045000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a390000 8a396900 HIDPARSE (deferred)

Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS

Image name: HIDPARSE.SYS

Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)

CheckSum: 000165B8

ImageSize: 00006900

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: hidparse.sys

OriginalFilename: hidparse.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Hid Parsing Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

8a3a0000 8a3bc000 usbccgp (deferred)

Image path: \SystemRoot\System32\drivers\usbccgp.sys

Image name: usbccgp.sys

Timestamp: Sat Sep 13 13:17:03 2014 (5413B72F)

CheckSum: 0001E745

ImageSize: 0001C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a3c0000 8a3eb200 usbvideo (deferred)

Image path: \SystemRoot\System32\Drivers\usbvideo.sys

Image name: usbvideo.sys

Timestamp: Sat Sep 13 13:16:59 2014 (5413B72B)

CheckSum: 0003A188

ImageSize: 0002B200

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8a3f0000 8a3fb000 hidusb (deferred)

Image path: \SystemRoot\System32\drivers\hidusb.sys

Image name: hidusb.sys

Timestamp: Sat Sep 13 13:17:36 2014 (5413B750)

CheckSum: 0001251F

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

8c660000 8c678000 win32k (deferred)

Image path: \SystemRoot\System32\win32k.sys

Image name: win32k.sys

Timestamp: Sat Sep 13 13:15:54 2014 (5413B6EA)

CheckSum: 0001774E

ImageSize: 00018000

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details

8c860000 8c8f8000 win32kbase (deferred)

Image path: \SystemRoot\System32\win32kbase.sys

Image name: win32kbase.sys

Timestamp: Sat Sep 13 13:16:09 2014 (5413B6F9)

CheckSum: 0008EB39

ImageSize: 00098000

File version: 6.4.9841.0

Product version: 6.4.9841.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: win32kbase.sys

OriginalFilename: win32kbase.sys

ProductVersion: 6.4.9841.0

FileVersion: 6.4.9841.0 (fbl_release.140912-1613)

FileDescription: Base Win32k Kernel Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

8fad0000 8fdaa000 win32kfull (deferred)

Image path: \SystemRoot\System32\win32kfull.sys

Image name: win32kfull.sys

Timestamp: Sat Sep 13 13:16:27 2014 (5413B70B)

CheckSum: 002CE747

ImageSize: 002DA000

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details

8fe10000 8fe18000 TSDDD (deferred)

Image path: \SystemRoot\System32\TSDDD.dll

Image name: TSDDD.dll

Timestamp: Sat Sep 13 13:16:02 2014 (5413B6F2)

CheckSum: 00010BB9

ImageSize: 00008000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a1bc0000 a1bef000 cdd (deferred)

Image path: \SystemRoot\System32\cdd.dll

Image name: cdd.dll

Timestamp: Sat Sep 13 14:25:21 2014 (5413C731)

CheckSum: 0003A1F6

ImageSize: 0002F000

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details

a6a00000 a6a34000 srvnet (deferred)

Image path: \SystemRoot\System32\DRIVERS\srvnet.sys

Image name: srvnet.sys

Timestamp: Sat Sep 13 13:14:33 2014 (5413B699)

CheckSum: 00031E1F

ImageSize: 00034000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6a40000 a6ad2000 srv2 (deferred)

Image path: \SystemRoot\System32\DRIVERS\srv2.sys

Image name: srv2.sys

Timestamp: Sat Sep 13 13:16:20 2014 (5413B704)

CheckSum: 0008CC9E

ImageSize: 00092000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6ae0000 a6aee000 mmcss (deferred)

Image path: \SystemRoot\system32\drivers\mmcss.sys

Image name: mmcss.sys

Timestamp: Sat Sep 13 13:17:42 2014 (5413B756)

CheckSum: 0001528D

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6af0000 a6b2d000 mrxsmb10 (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys

Image name: mrxsmb10.sys

Timestamp: Sat Sep 13 13:14:34 2014 (5413B69A)

CheckSum: 0003A6ED

ImageSize: 0003D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6b30000 a6b49000 Ndu (deferred)

Image path: \SystemRoot\system32\drivers\Ndu.sys

Image name: Ndu.sys

Timestamp: Sat Sep 13 13:14:41 2014 (5413B6A1)

CheckSum: 0001E797

ImageSize: 00019000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6b50000 a6bf2000 peauth (deferred)

Image path: \SystemRoot\system32\drivers\peauth.sys

Image name: peauth.sys

Timestamp: Sat Sep 13 13:16:08 2014 (5413B6F8)

CheckSum: 0009EA99

ImageSize: 000A2000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6c00000 a6c25000 tunnel (deferred)

Image path: \SystemRoot\system32\DRIVERS\tunnel.sys

Image name: tunnel.sys

Timestamp: Sat Sep 13 13:14:33 2014 (5413B699)

CheckSum: 0001F791

ImageSize: 00025000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6c30000 a6c3d000 condrv (deferred)

Image path: \SystemRoot\System32\drivers\condrv.sys

Image name: condrv.sys

Timestamp: Sat Sep 13 13:18:34 2014 (5413B78A)

CheckSum: 0000CB28

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6c40000 a6cf6000 HTTP (deferred)

Image path: \SystemRoot\system32\drivers\HTTP.sys

Image name: HTTP.sys

Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)

CheckSum: 000BD71C

ImageSize: 000B6000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6d00000 a6d1a000 bowser (deferred)

Image path: \SystemRoot\system32\DRIVERS\bowser.sys

Image name: bowser.sys

Timestamp: Sat Sep 13 13:17:08 2014 (5413B734)

CheckSum: 00019CA7

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6d20000 a6d79000 mrxsmb (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys

Image name: mrxsmb.sys

Timestamp: Sat Sep 13 13:14:35 2014 (5413B69B)

CheckSum: 000557E4

ImageSize: 00059000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6d80000 a6dae000 mrxsmb20 (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys

Image name: mrxsmb20.sys

Timestamp: Sat Sep 13 13:16:41 2014 (5413B719)

CheckSum: 0003549E

ImageSize: 0002E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6db0000 a6dc1000 mpsdrv (deferred)

Image path: \SystemRoot\System32\drivers\mpsdrv.sys

Image name: mpsdrv.sys

Timestamp: Sat Sep 13 13:14:51 2014 (5413B6AB)

CheckSum: 000111DE

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6dd0000 a6dd2300 prl_time (deferred)

Image path: \??\C:\Windows\system32\drivers\prl_time.sys

Image name: prl_time.sys

Timestamp: Thu Jul 03 02:21:29 2014 (53B43189)

CheckSum: 000070E8

ImageSize: 00002300

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6de0000 a6dea000 secdrv (deferred)

Image path: \SystemRoot\System32\Drivers\secdrv.SYS

Image name: secdrv.SYS

Timestamp: Wed Sep 13 23:18:32 2006 (45080528)

CheckSum: 0000EE69

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

a6df0000 a6dfe000 tcpipreg (deferred)

Image path: \SystemRoot\System32\drivers\tcpipreg.sys

Image name: tcpipreg.sys

Timestamp: Sat Sep 13 13:14:50 2014 (5413B6AA)

CheckSum: 00017C0E

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Unloaded modules:

a6dd0000 a6de8000 parport.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00018000

85510000 8551b000 dump_storport.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000B000

85540000 8555b000 dump_storahci.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001B000

85580000 85593000 dump_dumpfve.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00013000

89630000 8963f000 dam.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000F000

84c90000 84c9a000 WdBoot.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000A000

85430000 8543b000 hwpolicy.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000B000