Windows 10 brings a new type of memory dump: Active Memory Dump. I love this feature, just what I’ve been waiting for.
To analyze the Windows 10 Technical Preview Dump files ensure you have the symbols from http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx
This memory dmp is much more compact that a complete memory dump, while containing “active memory” in kernel and user mode space.
We can now get both user + kernel space without having to dmp complete memory. After recently having to deal with several 32 GB dmp files on slow networks…I really welcome this feature…
Here are 3 dmp files created just after logging on with different settings. The default is “automatic memory” dump.
Loading Dump File [Z:\ACTIVE_MEMORY.DMP]
Kernel Bitmap Dump File: Full address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
OK C:\programdata\red gate\.NET Reflector\DevPath
Deferred SRV*C:\netsymbols*http://referencesource.microsoft.com/symbols
Deferred SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols
Symbol search path is: C:\programdata\red gate\.NET Reflector\DevPath;SRV*C:\netsymbols*http://referencesource.microsoft.com/symbols;SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9841 UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9841.0.x86fre.fbl_release.140912-1613
Machine Name:
Kernel base = 0x80c04000 PsLoadedModuleList = 0x80e1b6d8
Debug session time: Thu Oct 2 18:39:22.554 2014 (UTC + 10:00)
System Uptime: 0 days 0:02:36.160
Loading Kernel Symbols
……………………………………………………..Page 330e not present in the dump file. Type “.hh dbgerr004” for details
.
……Page c40 not present in the dump file. Type “.hh dbgerr004” for details
………………………………………………….
………………………
Loading User Symbols
……………………..
Loading unloaded module list
…….
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {a7601550, 2, 0, 8a1b05ab}
*** ERROR: Module load completed but symbols could not be loaded for myfault.sys
*** ERROR: Module load completed but symbols could not be loaded for NotMyfault.exe
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Analysis in progress… Time Elapsed: [39.59s] Current Phase: [Check Image Analysis], to halt analysis, press CTRL-C twice within 2 seconds.
Probably caused by : myfault.sys ( myfault+5ab )
Followup: MachineOwner
———
kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
PROCESS 83b55c80 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001a8000 ObjectTable: 81403000 HandleCount: <Data Not Accessible>
Image: System
PROCESS 887cdc80 SessionId: none Cid: 010c Peb: 7fe17000 ParentCid: 0004
DirBase: 3ffe3020 ObjectTable: 8853b100 HandleCount: <Data Not Accessible>
Image: smss.exe
PROCESS 8874b480 SessionId: 0 Cid: 016c Peb: 7fa5d000 ParentCid: 0160
DirBase: 3ffe3060 ObjectTable: 814f1780 HandleCount: <Data Not Accessible>
Image: csrss.exe
PROCESS 83bb22c0 SessionId: 0 Cid: 01b8 Peb: 7fb1b000 ParentCid: 0160
DirBase: 3ffe30a0 ObjectTable: 8c24c040 HandleCount: <Data Not Accessible>
Image: wininit.exe
PROCESS 83bc1040 SessionId: 1 Cid: 01c0 Peb: 7f239000 ParentCid: 01ac
DirBase: 3ffe30c0 ObjectTable: 8c24e100 HandleCount: <Data Not Accessible>
Image: csrss.exe
PROCESS 83bd65c0 SessionId: 1 Cid: 01e0 Peb: 7fc3f000 ParentCid: 01ac
DirBase: 3ffe3040 ObjectTable: 814caf80 HandleCount: <Data Not Accessible>
Image: winlogon.exe
PROCESS a04fe040 SessionId: 0 Cid: 022c Peb: 7ff5f000 ParentCid: 01b8
DirBase: 3ffe3080 ObjectTable: 80178840 HandleCount: <Data Not Accessible>
Image: services.exe
PROCESS a0517040 SessionId: 0 Cid: 0234 Peb: 7fb2f000 ParentCid: 01b8
DirBase: 3ffe30e0 ObjectTable: 8017f040 HandleCount: <Data Not Accessible>
Image: lsass.exe
PROCESS a0556040 SessionId: 0 Cid: 0274 Peb: 7f35a000 ParentCid: 022c
DirBase: 3ffe3100 ObjectTable: 801ea540 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a055f640 SessionId: 0 Cid: 0294 Peb: 7fa8f000 ParentCid: 022c
DirBase: 3ffe3120 ObjectTable: a3053640 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a0596cc0 SessionId: 1 Cid: 030c Peb: 7f086000 ParentCid: 01e0
DirBase: 3ffe3160 ObjectTable: a3113e00 HandleCount: <Data Not Accessible>
Image: dwm.exe
PROCESS a05e8300 SessionId: 0 Cid: 0350 Peb: 7f12a000 ParentCid: 022c
DirBase: 3ffe3180 ObjectTable: a3189e40 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a05f5040 SessionId: 0 Cid: 0370 Peb: 7f447000 ParentCid: 022c
DirBase: 3ffe31a0 ObjectTable: a584eec0 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a05fe040 SessionId: 0 Cid: 038c Peb: 7fbc6000 ParentCid: 022c
DirBase: 3ffe31c0 ObjectTable: a5857900 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a5628cc0 SessionId: 0 Cid: 03a8 Peb: 7f61b000 ParentCid: 022c
DirBase: 3ffe31e0 ObjectTable: a58c0380 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a56679c0 SessionId: 0 Cid: 0490 Peb: 7f47d000 ParentCid: 022c
DirBase: 3ffe3220 ObjectTable: a593d440 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a56dc180 SessionId: 0 Cid: 0544 Peb: 7f4ef000 ParentCid: 022c
DirBase: 3ffe3260 ObjectTable: a59ea980 HandleCount: <Data Not Accessible>
Image: spoolsv.exe
PROCESS a56ecac0 SessionId: 0 Cid: 056c Peb: 7f43f000 ParentCid: 022c
DirBase: 3ffe3280 ObjectTable: a59f1e00 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a57885c0 SessionId: 0 Cid: 060c Peb: 7f89d000 ParentCid: 022c
DirBase: 3ffe3240 ObjectTable: a7044480 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a57e8140 SessionId: 0 Cid: 06ac Peb: 7fc1f000 ParentCid: 022c
DirBase: 3ffe32a0 ObjectTable: a71821c0 HandleCount: <Data Not Accessible>
Image: svchost.exe
PROCESS a9e02100 SessionId: 0 Cid: 06e8 Peb: 7f24c000 ParentCid: 03a8
DirBase: 3ffe32c0 ObjectTable: a71a13c0 HandleCount: <Data Not Accessible>
Image: dasHost.exe
PROCESS a9e54040 SessionId: 0 Cid: 0790 Peb: 7fd1d000 ParentCid: 022c
DirBase: 3ffe32e0 ObjectTable: aa2ec240 HandleCount: <Data Not Accessible>
Image: prl_tools_service.exe
PROCESS a9f05200 SessionId: 0 Cid: 07e0 Peb: 7ff2f000 ParentCid: 022c
DirBase: 3ffe3300 ObjectTable: aa32ff80 HandleCount: <Data Not Accessible>
Image: coherence.exe
PROCESS a9f0d280 SessionId: 1 Cid: 07f0 Peb: 7faac000 ParentCid: 0790
DirBase: 3ffe3320 ObjectTable: aa3a7b00 HandleCount: <Data Not Accessible>
Image: prl_tools.exe
PROCESS a9f43040 SessionId: 0 Cid: 0138 Peb: 7f6fe000 ParentCid: 022c
DirBase: 3ffe3340 ObjectTable: aa3b4ec0 HandleCount: <Data Not Accessible>
Image: dllhost.exe
PROCESS a9fb0040 SessionId: 1 Cid: 06e4 Peb: 7fa8c000 ParentCid: 07e0
DirBase: 3ffe33c0 ObjectTable: aaa22540 HandleCount: <Data Not Accessible>
Image: coherence.exe
PROCESS a9fbf640 SessionId: 0 Cid: 0420 Peb: 7f6cf000 ParentCid: 022c
DirBase: 3ffe33e0 ObjectTable: aaa7d040 HandleCount: <Data Not Accessible>
Image: MsMpEng.exe
PROCESS ab23d800 SessionId: 0 Cid: 08bc Peb: 7f19f000 ParentCid: 022c
DirBase: 3ffe33a0 ObjectTable: aaa94e80 HandleCount: <Data Not Accessible>
Image: VSSVC.exe
PROCESS ab26d040 SessionId: 0 Cid: 0914 Peb: 7fb4f000 ParentCid: 022c
DirBase: 3ffe3360 ObjectTable: a5972f80 HandleCount: <Data Not Accessible>
Image: dllhost.exe
PROCESS ab2dfcc0 SessionId: 1 Cid: 09f4 Peb: 7fb16000 ParentCid: 09e0
DirBase: 3ffe3420 ObjectTable: ad06c700 HandleCount: <Data Not Accessible>
Image: explorer.exe
PROCESS a9f78040 SessionId: 1 Cid: 0a00 Peb: 7f408000 ParentCid: 0350
DirBase: 3ffe3440 ObjectTable: abd06bc0 HandleCount: <Data Not Accessible>
Image: taskhostex.exe
PROCESS ab37ecc0 SessionId: 1 Cid: 0a88 Peb: 7f809000 ParentCid: 0274
DirBase: 3ffe3460 ObjectTable: ad6bd940 HandleCount: <Data Not Accessible>
Image: ChsIME.exe
PROCESS ab3d4580 SessionId: 0 Cid: 0bc4 Peb: 7f4e3000 ParentCid: 022c
DirBase: 3ffe3480 ObjectTable: ad724b80 HandleCount: <Data Not Accessible>
Image: msdtc.exe
PROCESS ab3f1040 SessionId: 0 Cid: 0c74 Peb: 7f5b6000 ParentCid: 0274
DirBase: 3ffe3380 ObjectTable: 8c246240 HandleCount: <Data Not Accessible>
Image: WmiPrvSE.exe
PROCESS a9fab940 SessionId: 0 Cid: 0ce8 Peb: 7f076000 ParentCid: 022c
DirBase: 3ffe34a0 ObjectTable: ad7a6340 HandleCount: <Data Not Accessible>
Image: SearchIndexer.exe
PROCESS 81e4d940 SessionId: 1 Cid: 0dd8 Peb: 7fd6c000 ParentCid: 0274
DirBase: 3ffe3200 ObjectTable: b09ac040 HandleCount: <Data Not Accessible>
Image: SkyDrive.exe
PROCESS ab367cc0 SessionId: 0 Cid: 0df0 Peb: 7f9b8000 ParentCid: 0ce8
DirBase: 3ffe3140 ObjectTable: b2e3ebc0 HandleCount: <Data Not Accessible>
Image: SearchProtocolHost.exe
PROCESS b5787cc0 SessionId: 0 Cid: 0e90 Peb: 7f144000 ParentCid: 0ce8
DirBase: 3ffe34c0 ObjectTable: b09c25c0 HandleCount: <Data Not Accessible>
Image: SearchFilterHost.exe
PROCESS afb04240 SessionId: 1 Cid: 0f18 Peb: 7f72f000 ParentCid: 09f4
DirBase: 3ffe3500 ObjectTable: b09d3b80 HandleCount: <Data Not Accessible>
Image: prl_cc.exe
PROCESS ab3e5580 SessionId: 1 Cid: 0fa4 Peb: 7f8df000 ParentCid: 0274
DirBase: 3ffe3520 ObjectTable: b2f211c0 HandleCount: <Data Not Accessible>
Image: SettingSyncHost.exe
PROCESS a2a549c0 SessionId: 1 Cid: 08d8 Peb: 7ff3c000 ParentCid: 09f4
DirBase: 3ffe3540 ObjectTable: ad64fe40 HandleCount: <Data Not Accessible>
Image: iexplore.exe
PROCESS 81f2dcc0 SessionId: 1 Cid: 09a0 Peb: 7f95d000 ParentCid: 08d8
DirBase: 3ffe3560 ObjectTable: a5901b40 HandleCount: <Data Not Accessible>
Image: iexplore.exe
PROCESS ab28fbc0 SessionId: 1 Cid: 005c Peb: 7fdcf000 ParentCid: 0274
DeepFreeze
DirBase: 3ffe35a0 ObjectTable: 8ae5d600 HandleCount: <Data Not Accessible>
Image: livecomm.exe
PROCESS ab2ddcc0 SessionId: 1 Cid: 0c40 Peb: 7fc37000 ParentCid: 0274
DirBase: 3ffe3400 ObjectTable: b88d1240 HandleCount: <Data Not Accessible>
Image: RuntimeBroker.exe
PROCESS afb61280 SessionId: 1 Cid: 0ec0 Peb: 7f9ef000 ParentCid: 0ce8
DirBase: 3ffe3580 ObjectTable: b083e4c0 HandleCount: <Data Not Accessible>
Image: SearchProtocolHost.exe
PROCESS 89cbec40 SessionId: 0 Cid: 0808 Peb: 7fdff000 ParentCid: 022c
DirBase: 3ffe3600 ObjectTable: a1897880 HandleCount: <Data Not Accessible>
Image: sppsvc.exe
PROCESS a2b83040 SessionId: 0 Cid: 0518 Peb: 7f3fe000 ParentCid: 022c
DirBase: 3ffe35c0 ObjectTable: a1891d80 HandleCount: <Data Not Accessible>
Image: wmpnetwk.exe
PROCESS a9fac040 SessionId: 1 Cid: 0414 Peb: 7f6e6000 ParentCid: 0350
DirBase: 3ffe34e0 ObjectTable: 00000000 HandleCount: 0.
Image: consent.exe
PROCESS a2bbf040 SessionId: 0 Cid: 03f0 Peb: 7fa74000 ParentCid: 038c
DirBase: 3ffe3620 ObjectTable: ad005440 HandleCount: <Data Not Accessible>
Image: audiodg.exe
PROCESS a9f1b840 SessionId: 1 Cid: 0630 Peb: 7f51d000 ParentCid: 0274
DirBase: 3ffe3640 ObjectTable: b89fac40 HandleCount: <Data Not Accessible>
Image: dllhost.exe
PROCESS a9f73040 SessionId: 0 Cid: 0140 Peb: 7f248000 ParentCid: 0274
DirBase: 3ffe3660 ObjectTable: b888cf80 HandleCount: <Data Not Accessible>
Image: dllhost.exe
PROCESS a9f89cc0 SessionId: 1 Cid: 0758 Peb: 7fb9f000 ParentCid: 09f4
DirBase: 3ffe3680 ObjectTable: 80155540 HandleCount: <Data Not Accessible>
Image: NotMyfault.exe
kd> lmv
start end module name
00ed0000 00ee8000 NotMyfault (no symbols)
Loaded symbol image file: NotMyfault.exe
Image path: C:\Users\Malcolm\Downloads\NotMyFault\x86\NotMyfault.exe
Image name: NotMyfault.exe
Timestamp: Sun Apr 08 02:34:41 2012 (4F806CA1)
CheckSum: 00022E54
ImageSize: 00018000
File version: 4.0.0.0
Product version: 4.0.0.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Sysinternals – http://www.sysinternals.com
ProductName: Sysinternals NotMyfault
InternalName: Sysinternals NotMyfault
OriginalFilename: NotMyfault.exe
ProductVersion: 4.0
FileVersion: 4.0
FileDescription: Driver Bug Test Program
LegalCopyright: Copyright © 2002-2012 Mark Russinovich
734f0000 736f1000 COMCTL32 (pdb symbols) c:\symbols\comctl32.pdb\C8FBB1ECACEF4FB48365E9A5B3E4EEE01\comctl32.pdb
Loaded symbol image file: COMCTL32.dll
Image path: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9841.0_none_38d154a85935aa0a\COMCTL32.dll
Image name: COMCTL32.dll
Timestamp: Sat Sep 13 13:16:10 2014 (5413B6FA)
CheckSum: 00205CDE
ImageSize: 00201000
File version: 6.10.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: comctl32
OriginalFilename: comctl32.DLL
ProductVersion: 6.4.9841.0
FileVersion: 6.10 (fbl_release.140912-1613)
FileDescription: User Experience Controls Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
73700000 73796000 apphelp (deferred)
Image path: C:\Windows\system32\apphelp.dll
Image name: apphelp.dll
Timestamp: Sat Sep 13 13:14:24 2014 (5413B690)
CheckSum: 000A1D75
ImageSize: 00096000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: Apphelp
OriginalFilename: Apphelp
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Application Compatibility Client Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
737a0000 737b9000 dwmapi (deferred)
Image path: C:\Windows\system32\dwmapi.dll
Image name: dwmapi.dll
Timestamp: Sat Sep 13 11:53:47 2014 (5413A3AB)
CheckSum: 0001EB15
ImageSize: 00019000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dwmapi.dll
OriginalFilename: dwmapi.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Microsoft Desktop Window Manager API
LegalCopyright: © Microsoft Corporation. All rights reserved.
73c30000 73cce000 uxtheme (deferred)
Image path: C:\Windows\system32\uxtheme.dll
Image name: uxtheme.dll
Timestamp: Sat Sep 13 13:15:38 2014 (5413B6DA)
CheckSum: 0009EA4C
ImageSize: 0009E000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: UxTheme.dll
OriginalFilename: UxTheme.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Microsoft UxTheme Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
73cf0000 73cfa000 kernel_appcore (deferred)
Image path: C:\Windows\SYSTEM32\kernel.appcore.dll
Image name: kernel.appcore.dll
Timestamp: Sat Sep 13 12:39:12 2014 (5413AE50)
CheckSum: 00007FB8
ImageSize: 0000A000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: kernel.appcore.dll
OriginalFilename: kernel.appcore.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: AppModel API Host
LegalCopyright: © Microsoft Corporation. All rights reserved.
74200000 74227000 ntmarta (deferred)
Image path: C:\Windows\SYSTEM32\ntmarta.dll
Image name: ntmarta.dll
Timestamp: Sat Sep 13 12:02:47 2014 (5413A5C7)
CheckSum: 00030C75
ImageSize: 00027000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntmarta.dll
OriginalFilename: ntmarta.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Windows NT MARTA provider
LegalCopyright: © Microsoft Corporation. All rights reserved.
749f0000 74a43000 bcryptPrimitives (deferred)
Image path: C:\Windows\SYSTEM32\bcryptPrimitives.dll
Image name: bcryptPrimitives.dll
Timestamp: Sat Sep 13 12:43:03 2014 (5413AF37)
CheckSum: 000530A3
ImageSize: 00053000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: bcryptprimitives.dll
OriginalFilename: bcryptprimitives.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Windows Cryptographic Primitives Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
74b20000 74b29000 CRYPTBASE (deferred)
Image path: C:\Windows\SYSTEM32\CRYPTBASE.dll
Image name: CRYPTBASE.dll
Timestamp: Sat Sep 13 12:19:58 2014 (5413A9CE)
CheckSum: 0000D9FF
ImageSize: 00009000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cryptbase.dll
OriginalFilename: cryptbase.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Base cryptographic API DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
74b40000 74b5f000 bcrypt (deferred)
Image path: C:\Windows\SYSTEM32\bcrypt.dll
Image name: bcrypt.dll
Timestamp: Sat Sep 13 12:45:34 2014 (5413AFCE)
CheckSum: 0002DA71
ImageSize: 0001F000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: bcrypt.dll
OriginalFilename: bcrypt.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Windows Cryptographic Primitives Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
74ee0000 7503f000 KERNELBASE (pdb symbols) c:\symbols\kernelbase.pdb\F83BAE59DD40463DAA4D1FD37820C8BC1\kernelbase.pdb
Loaded symbol image file: KERNELBASE.dll
Image path: C:\Windows\system32\KERNELBASE.dll
Image name: KERNELBASE.dll
Timestamp: Sat Sep 13 12:19:04 2014 (5413A998)
CheckSum: 001632C8
ImageSize: 0015F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
75040000 75197000 USER32 (pdb symbols) c:\symbols\user32.pdb\88592CFA9DB54056BC655C02CC98AB791\user32.pdb
Loaded symbol image file: USER32.dll
Image path: C:\Windows\system32\USER32.dll
Image name: USER32.dll
Timestamp: Sat Sep 13 11:59:36 2014 (5413A508)
CheckSum: 00159B76
ImageSize: 00157000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: user32
OriginalFilename: user32
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Multi-User Windows USER API Client DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
751a0000 75219000 ADVAPI32 (deferred)
Image path: C:\Windows\system32\ADVAPI32.dll
Image name: ADVAPI32.dll
Timestamp: Sat Sep 13 12:15:16 2014 (5413A8B4)
CheckSum: 000833A7
ImageSize: 00079000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: advapi32.dll
OriginalFilename: advapi32.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Advanced Windows 32 Base API
LegalCopyright: © Microsoft Corporation. All rights reserved.
75220000 752a1000 SHCORE (deferred)
Image path: C:\Windows\system32\SHCORE.DLL
Image name: SHCORE.DLL
Timestamp: Sat Sep 13 11:51:50 2014 (5413A336)
CheckSum: 0008CE8B
ImageSize: 00081000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SHCORE
OriginalFilename: SHCORE.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: SHCORE
LegalCopyright: © Microsoft Corporation. All rights reserved.
752b0000 75436000 combase (deferred)
Image path: C:\Windows\system32\combase.dll
Image name: combase.dll
Timestamp: Sat Sep 13 11:54:25 2014 (5413A3D1)
CheckSum: 00189DFA
ImageSize: 00186000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: COMBASE.DLL
OriginalFilename: COMBASE.DLL
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Microsoft COM for Windows
LegalCopyright: © Microsoft Corporation. All rights reserved.
75440000 7546e000 IMM32 (deferred)
Image path: C:\Windows\system32\IMM32.DLL
Image name: IMM32.DLL
Timestamp: Sat Sep 13 11:59:17 2014 (5413A4F5)
CheckSum: 0003A5FA
ImageSize: 0002E000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: imm32
OriginalFilename: imm32
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Multi-User Windows IMM32 API Client DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
75610000 75652000 SHLWAPI (deferred)
Image path: C:\Windows\system32\SHLWAPI.dll
Image name: SHLWAPI.dll
Timestamp: Sat Sep 13 11:33:08 2014 (54139ED4)
CheckSum: 0004F30D
ImageSize: 00042000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SHLWAPI
OriginalFilename: SHLWAPI.DLL
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Shell Light-weight Utility Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
756e0000 75833000 GDI32 (deferred)
Image path: C:\Windows\system32\GDI32.dll
Image name: GDI32.dll
Timestamp: Sat Sep 13 12:44:46 2014 (5413AF9E)
CheckSum: 001575A7
ImageSize: 00153000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: gdi32
OriginalFilename: gdi32
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: GDI Client DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
75890000 7594e000 msvcrt (deferred)
Image path: C:\Windows\system32\msvcrt.dll
Image name: msvcrt.dll
Timestamp: Sat Sep 13 13:18:46 2014 (5413B796)
CheckSum: 000C23C9
ImageSize: 000BE000
File version: 7.0.9841.0
Product version: 6.1.8638.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: msvcrt.dll
OriginalFilename: msvcrt.dll
ProductVersion: 7.0.9841.0
FileVersion: 7.0.9841.0 (fbl_release.140912-1613)
FileDescription: Windows NT CRT DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
75950000 75992000 sechost (deferred)
Image path: C:\Windows\system32\sechost.dll
Image name: sechost.dll
Timestamp: Sat Sep 13 12:19:01 2014 (5413A995)
CheckSum: 0004EFD3
ImageSize: 00042000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: sechost.dll
OriginalFilename: sechost.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Host for SCM/SDDL/LSA Lookup APIs
LegalCopyright: © Microsoft Corporation. All rights reserved.
759b0000 76cba000 SHELL32 (deferred)
Image path: C:\Windows\system32\SHELL32.dll
Image name: SHELL32.dll
Timestamp: Sat Sep 13 11:37:28 2014 (54139FD8)
CheckSum: 0133360E
ImageSize: 0130A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
76e30000 76ec0000 KERNEL32 (pdb symbols) c:\symbols\kernel32.pdb\CC55D9DB2B87455DB0696749DD510C6C1\kernel32.pdb
Loaded symbol image file: KERNEL32.DLL
Image path: C:\Windows\system32\KERNEL32.DLL
Image name: KERNEL32.DLL
Timestamp: Sat Sep 13 13:13:34 2014 (5413B65E)
CheckSum: 000A0A9F
ImageSize: 00090000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
77060000 77174000 MSCTF (deferred)
Image path: C:\Windows\system32\MSCTF.dll
Image name: MSCTF.dll
Timestamp: Sat Sep 13 11:52:46 2014 (5413A36E)
CheckSum: 0011E8BF
ImageSize: 00114000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
77180000 7721a000 comdlg32 (deferred)
Image path: C:\Windows\system32\comdlg32.dll
Image name: comdlg32.dll
Timestamp: Sat Sep 13 12:00:04 2014 (5413A524)
CheckSum: 000A3373
ImageSize: 0009A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
77220000 772ed000 RPCRT4 (deferred)
Image path: C:\Windows\system32\RPCRT4.dll
Image name: RPCRT4.dll
Timestamp: Sat Sep 13 12:09:53 2014 (5413A771)
CheckSum: 000DC2F8
ImageSize: 000CD000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rpcrt4.dll
OriginalFilename: rpcrt4.dll
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Remote Procedure Call Runtime
LegalCopyright: © Microsoft Corporation. All rights reserved.
77430000 775a4000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\70FD0887B4CC4B48AA65FA136E9F7F0F1\ntdll.pdb
Loaded symbol image file: ntdll.dll
Image path: C:\Windows\SYSTEM32\ntdll.dll
Image name: ntdll.dll
Timestamp: Sat Sep 13 13:19:21 2014 (5413B7B9)
CheckSum: 0017F7B4
ImageSize: 00174000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
803d6000 803de000 kd (deferred)
Image path: \SystemRoot\system32\kd.dll
Image name: kd.dll
Timestamp: Sat Sep 13 13:18:46 2014 (5413B796)
CheckSum: 0000AE4F
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
80c04000 811f9000 nt (pdb symbols) c:\symbols\ntkrpamp.pdb\D6A45AA28E89439FAD70BF52349C306E1\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Sat Sep 13 13:20:53 2014 (5413B815)
CheckSum: 00590F17
ImageSize: 005F5000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
811f9000 81254000 hal (deferred)
Image path: halmacpi.dll
Image name: halmacpi.dll
Timestamp: Sat Sep 13 11:21:39 2014 (54139C23)
CheckSum: 00056107
ImageSize: 0005B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
81800000 81823000 pacer (deferred)
Image path: \SystemRoot\system32\DRIVERS\pacer.sys
Image name: pacer.sys
Timestamp: Sat Sep 13 13:14:38 2014 (5413B69E)
CheckSum: 0002D03D
ImageSize: 00023000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
81830000 8186b000 WdFilter (deferred)
Image path: \SystemRoot\system32\drivers\WdFilter.sys
Image name: WdFilter.sys
Timestamp: Sat Sep 13 13:17:45 2014 (5413B759)
CheckSum: 0003E03F
ImageSize: 0003B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
81870000 819dc000 dxgkrnl (deferred)
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image name: dxgkrnl.sys
Timestamp: Sat Sep 13 13:16:54 2014 (5413B726)
CheckSum: 0016831F
ImageSize: 0016C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84600000 8460a000 BOOTVID (deferred)
Image path: \SystemRoot\system32\BOOTVID.dll
Image name: BOOTVID.dll
Timestamp: Sat Sep 13 13:18:40 2014 (5413B790)
CheckSum: 0000FFA5
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84610000 8461a000 cmimcext (deferred)
Image path: \SystemRoot\System32\drivers\cmimcext.sys
Image name: cmimcext.sys
Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)
CheckSum: 00008D90
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84620000 84629000 ntosext (deferred)
Image path: \SystemRoot\System32\drivers\ntosext.sys
Image name: ntosext.sys
Timestamp: Sat Sep 13 11:21:29 2014 (54139C19)
CheckSum: 00009AE1
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84630000 846b3000 CI (deferred)
Image path: \SystemRoot\system32\CI.dll
Image name: CI.dll
Timestamp: Sat Sep 13 13:16:55 2014 (5413B727)
CheckSum: 0008A6D1
ImageSize: 00083000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
846c0000 846e3e00 prl_fs (deferred)
Image path: \SystemRoot\system32\DRIVERS\prl_fs.sys
Image name: prl_fs.sys
Timestamp: Thu Jul 03 02:21:36 2014 (53B43190)
CheckSum: 00035671
ImageSize: 00023E00
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
846f0000 8475e000 mcupdate_GenuineIntel (deferred)
Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
Image name: mcupdate_GenuineIntel.dll
Timestamp: Sat Sep 13 13:18:34 2014 (5413B78A)
CheckSum: 0006EFEF
ImageSize: 0006E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84760000 8476c000 werkernel (deferred)
Image path: \SystemRoot\System32\drivers\werkernel.sys
Image name: werkernel.sys
Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)
CheckSum: 000179C8
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84770000 847ba000 CLFS (deferred)
Image path: \SystemRoot\System32\drivers\CLFS.SYS
Image name: CLFS.SYS
Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)
CheckSum: 0004B528
ImageSize: 0004A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
847c0000 847db000 tm (deferred)
Image path: \SystemRoot\System32\drivers\tm.sys
Image name: tm.sys
Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)
CheckSum: 00024269
ImageSize: 0001B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
847e0000 847f3000 PSHED (deferred)
Image path: \SystemRoot\system32\PSHED.dll
Image name: PSHED.dll
Timestamp: Sat Sep 13 14:23:33 2014 (5413C6C5)
CheckSum: 0001671C
ImageSize: 00013000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84a00000 84a17000 acpiex (deferred)
Image path: \SystemRoot\System32\Drivers\acpiex.sys
Image name: acpiex.sys
Timestamp: Sat Sep 13 13:16:44 2014 (5413B71C)
CheckSum: 00019C5B
ImageSize: 00017000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84a20000 84a2a000 WppRecorder (deferred)
Image path: \SystemRoot\System32\Drivers\WppRecorder.sys
Image name: WppRecorder.sys
Timestamp: Sat Sep 13 13:18:10 2014 (5413B772)
CheckSum: 0000CE16
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84a30000 84a65000 Wof (deferred)
Image path: \SystemRoot\System32\Drivers\Wof.sys
Image name: Wof.sys
Timestamp: Sat Sep 13 13:16:28 2014 (5413B70C)
CheckSum: 0003EB32
ImageSize: 00035000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84a80000 84ab2000 msrpc (deferred)
Image path: \SystemRoot\System32\drivers\msrpc.sys
Image name: msrpc.sys
Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)
CheckSum: 0002E989
ImageSize: 00032000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84ac0000 84b06000 FLTMGR (deferred)
Image path: \SystemRoot\System32\drivers\FLTMGR.SYS
Image name: FLTMGR.SYS
Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)
CheckSum: 0004BF00
ImageSize: 00046000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84b10000 84b2b000 ksecdd (deferred)
Image path: \SystemRoot\System32\drivers\ksecdd.sys
Image name: ksecdd.sys
Timestamp: Sat Sep 13 13:17:46 2014 (5413B75A)
CheckSum: 0001AE81
ImageSize: 0001B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84b30000 84b41000 clipsp (deferred)
Image path: \SystemRoot\System32\drivers\clipsp.sys
Image name: clipsp.sys
Timestamp: Sat Sep 13 13:17:41 2014 (5413B755)
CheckSum: 0001072D
ImageSize: 00011000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84b50000 84bef000 Wdf01000 (deferred)
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Timestamp: Sat Sep 13 13:16:24 2014 (5413B708)
CheckSum: 000A4A57
ImageSize: 0009F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84bf0000 84bfe000 WDFLDR (deferred)
Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
Image name: WDFLDR.SYS
Timestamp: Sat Sep 13 13:17:39 2014 (5413B753)
CheckSum: 0000F4AC
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84c00000 84c09000 WMILIB (deferred)
Image path: \SystemRoot\System32\drivers\WMILIB.SYS
Image name: WMILIB.SYS
Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)
CheckSum: 0000F42E
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84c10000 84c87000 cng (deferred)
Image path: \SystemRoot\System32\Drivers\cng.sys
Image name: cng.sys
Timestamp: Sat Sep 13 13:16:43 2014 (5413B71B)
CheckSum: 00084215
ImageSize: 00077000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84ca0000 84cae000 pcw (deferred)
Image path: \SystemRoot\System32\drivers\pcw.sys
Image name: pcw.sys
Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)
CheckSum: 000185A7
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84cb0000 84cb8000 msisadrv (deferred)
Image path: \SystemRoot\System32\drivers\msisadrv.sys
Image name: msisadrv.sys
Timestamp: Sat Sep 13 13:17:43 2014 (5413B757)
CheckSum: 00012FAB
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84cc0000 84cfa000 pci (deferred)
Image path: \SystemRoot\System32\drivers\pci.sys
Image name: pci.sys
Timestamp: Sat Sep 13 13:17:07 2014 (5413B733)
CheckSum: 0003AC58
ImageSize: 0003A000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pci.sys
OriginalFilename: pci.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: NT Plug and Play PCI Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
84d00000 84d0b000 vdrvroot (deferred)
Image path: \SystemRoot\System32\drivers\vdrvroot.sys
Image name: vdrvroot.sys
Timestamp: Sat Sep 13 13:17:37 2014 (5413B751)
CheckSum: 0000C2FA
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84d10000 84d14300 prl_tg (deferred)
Image path: \SystemRoot\System32\drivers\prl_tg.sys
Image name: prl_tg.sys
Timestamp: Thu Jul 03 02:20:11 2014 (53B4313B)
CheckSum: 00009D61
ImageSize: 00004300
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84d20000 84d34000 pdc (deferred)
Image path: \SystemRoot\system32\drivers\pdc.sys
Image name: pdc.sys
Timestamp: Sat Sep 13 11:21:31 2014 (54139C1B)
CheckSum: 0001A36E
ImageSize: 00014000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84d40000 84d50000 CEA (deferred)
Image path: \SystemRoot\system32\drivers\CEA.sys
Image name: CEA.sys
Timestamp: Sat Sep 13 13:17:25 2014 (5413B745)
CheckSum: 000106D5
ImageSize: 00010000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84d50000 84d68000 partmgr (deferred)
Image path: \SystemRoot\System32\drivers\partmgr.sys
Image name: partmgr.sys
Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)
CheckSum: 0001D3BB
ImageSize: 00018000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84d70000 84dcf000 spaceport (deferred)
Image path: \SystemRoot\System32\drivers\spaceport.sys
Image name: spaceport.sys
Timestamp: Sat Sep 13 13:16:35 2014 (5413B713)
CheckSum: 0005E557
ImageSize: 0005F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84dd0000 84de3000 volmgr (deferred)
Image path: \SystemRoot\System32\drivers\volmgr.sys
Image name: volmgr.sys
Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)
CheckSum: 00012A26
ImageSize: 00013000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84df0000 84e3e000 volmgrx (deferred)
Image path: \SystemRoot\System32\drivers\volmgrx.sys
Image name: volmgrx.sys
Timestamp: Sat Sep 13 13:18:19 2014 (5413B77B)
CheckSum: 0005A2C8
ImageSize: 0004E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84e40000 84e47000 intelide (deferred)
Image path: \SystemRoot\System32\drivers\intelide.sys
Image name: intelide.sys
Timestamp: Sat Sep 13 13:18:22 2014 (5413B77E)
CheckSum: 0000DCF0
ImageSize: 00007000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: intelide.sys
OriginalFilename: intelide.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Intel PCI IDE Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
84e50000 84e5e000 PCIIDEX (deferred)
Image path: \SystemRoot\System32\drivers\PCIIDEX.SYS
Image name: PCIIDEX.SYS
Timestamp: Sat Sep 13 13:18:03 2014 (5413B76B)
CheckSum: 000180E5
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84e60000 84e76000 mountmgr (deferred)
Image path: \SystemRoot\System32\drivers\mountmgr.sys
Image name: mountmgr.sys
Timestamp: Sat Sep 13 13:18:17 2014 (5413B779)
CheckSum: 0002342E
ImageSize: 00016000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84e80000 84e89000 atapi (deferred)
Image path: \SystemRoot\System32\drivers\atapi.sys
Image name: atapi.sys
Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)
CheckSum: 0000B802
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84e90000 84eba000 ataport (deferred)
Image path: \SystemRoot\System32\drivers\ataport.SYS
Image name: ataport.SYS
Timestamp: Sat Sep 13 13:18:05 2014 (5413B76D)
CheckSum: 000284D0
ImageSize: 0002A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84ec0000 84edb000 storahci (deferred)
Image path: \SystemRoot\System32\drivers\storahci.sys
Image name: storahci.sys
Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)
CheckSum: 000225B4
ImageSize: 0001B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84ee0000 84f37000 storport (deferred)
Image path: \SystemRoot\System32\drivers\storport.sys
Image name: storport.sys
Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)
CheckSum: 00060BC0
ImageSize: 00057000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84f40000 84f56000 EhStorClass (deferred)
Image path: \SystemRoot\System32\drivers\EhStorClass.sys
Image name: EhStorClass.sys
Timestamp: Sat Sep 13 13:17:14 2014 (5413B73A)
CheckSum: 0002079C
ImageSize: 00016000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84f60000 84f72000 fileinfo (deferred)
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Timestamp: Sat Sep 13 13:17:28 2014 (5413B748)
CheckSum: 0001D915
ImageSize: 00012000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
84f80000 84ff5000 ACPI (deferred)
Image path: \SystemRoot\System32\drivers\ACPI.sys
Image name: ACPI.sys
Timestamp: Sat Sep 13 11:21:39 2014 (54139C23)
CheckSum: 00072E09
ImageSize: 00075000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85000000 85025000 ksecpkg (deferred)
Image path: \SystemRoot\System32\Drivers\ksecpkg.sys
Image name: ksecpkg.sys
Timestamp: Sat Sep 13 13:16:29 2014 (5413B70D)
CheckSum: 00029D3B
ImageSize: 00025000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85030000 8506a000 netbt (deferred)
Image path: \SystemRoot\System32\DRIVERS\netbt.sys
Image name: netbt.sys
Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)
CheckSum: 000450BC
ImageSize: 0003A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85070000 850e7000 afd (deferred)
Image path: \SystemRoot\system32\drivers\afd.sys
Image name: afd.sys
Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)
CheckSum: 0007E9F1
ImageSize: 00077000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
850f0000 8529b000 Ntfs (deferred)
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Timestamp: Sat Sep 13 11:21:50 2014 (54139C2E)
CheckSum: 001AFEFF
ImageSize: 001AB000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
852a0000 852aa000 Fs_Rec (deferred)
Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys
Image name: Fs_Rec.sys
Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)
CheckSum: 00007E47
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
852b0000 8538f000 ndis (deferred)
Image path: \SystemRoot\system32\drivers\ndis.sys
Image name: ndis.sys
Timestamp: Sat Sep 13 13:16:10 2014 (5413B6FA)
CheckSum: 000E3445
ImageSize: 000DF000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85390000 853e1000 NETIO (deferred)
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)
CheckSum: 0004F60D
ImageSize: 00051000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
853f0000 853fe000 netbios (deferred)
Image path: \SystemRoot\system32\DRIVERS\netbios.sys
Image name: netbios.sys
Timestamp: Sat Sep 13 13:17:12 2014 (5413B738)
CheckSum: 00016CD1
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85400000 85411000 mup (deferred)
Image path: \SystemRoot\System32\Drivers\mup.sys
Image name: mup.sys
Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)
CheckSum: 00011905
ImageSize: 00011000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85420000 8542c000 intelpep (deferred)
Image path: \SystemRoot\System32\drivers\intelpep.sys
Image name: intelpep.sys
Timestamp: Sat Sep 13 13:17:34 2014 (5413B74E)
CheckSum: 0000E8F5
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85430000 8543c000 TDI (deferred)
Image path: \SystemRoot\system32\DRIVERS\TDI.SYS
Image name: TDI.SYS
Timestamp: Sat Sep 13 13:17:14 2014 (5413B73A)
CheckSum: 00010CD6
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85440000 85457000 disk (deferred)
Image path: \SystemRoot\System32\drivers\disk.sys
Image name: disk.sys
Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)
CheckSum: 0002141C
ImageSize: 00017000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85460000 854b4000 CLASSPNP (deferred)
Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS
Image name: CLASSPNP.SYS
Timestamp: Sat Sep 13 11:21:37 2014 (54139C21)
CheckSum: 0005C140
ImageSize: 00054000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
854e0000 854f1000 crashdmp (deferred)
Image path: \SystemRoot\System32\Drivers\crashdmp.sys
Image name: crashdmp.sys
Timestamp: Sat Sep 13 13:18:21 2014 (5413B77D)
CheckSum: 000108DB
ImageSize: 00011000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: crashdmp.sys
OriginalFilename: crashdmp.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Crash Dump Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
85500000 85556000 srv (deferred)
Image path: \SystemRoot\System32\DRIVERS\srv.sys
Image name: srv.sys
Timestamp: Sat Sep 13 13:16:19 2014 (5413B703)
CheckSum: 0005FF11
ImageSize: 00056000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
855a0000 855c3000 cdrom (deferred)
Image path: \SystemRoot\System32\drivers\cdrom.sys
Image name: cdrom.sys
Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)
CheckSum: 0002248C
ImageSize: 00023000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
855d0000 855d7000 Null (deferred)
Image path: \SystemRoot\System32\Drivers\Null.SYS
Image name: Null.SYS
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Timestamp: unavailable (FFFFFFFE)
CheckSum: missing
ImageSize: 00007000
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
Page 330e not present in the dump file. Type “.hh dbgerr004” for details
855e0000 855e7000 Beep (deferred)
Image path: \SystemRoot\System32\Drivers\Beep.SYS
Image name: Beep.SYS
Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)
CheckSum: 00001CB3
ImageSize: 00007000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
855f0000 85600000 BasicDisplay (deferred)
Image path: \SystemRoot\System32\drivers\BasicDisplay.sys
Image name: BasicDisplay.sys
Timestamp: Sat Sep 13 13:17:59 2014 (5413B767)
CheckSum: 0000E606
ImageSize: 00010000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85600000 8560e000 watchdog (deferred)
Image path: \SystemRoot\System32\drivers\watchdog.sys
Image name: watchdog.sys
Timestamp: Sat Sep 13 13:18:06 2014 (5413B76E)
CheckSum: 0000FDE5
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85610000 8561c000 BasicRender (deferred)
Image path: \SystemRoot\System32\drivers\BasicRender.sys
Image name: BasicRender.sys
Timestamp: Sat Sep 13 13:17:50 2014 (5413B75E)
CheckSum: 0001534B
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85620000 85630000 Npfs (deferred)
Image path: \SystemRoot\System32\Drivers\Npfs.SYS
Image name: Npfs.SYS
Timestamp: Sat Sep 13 13:18:38 2014 (5413B78E)
CheckSum: 0000C537
ImageSize: 00010000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
85630000 8563b000 Msfs (deferred)
Image path: \SystemRoot\System32\Drivers\Msfs.SYS
Image name: Msfs.SYS
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Timestamp: unavailable (FFFFFFFE)
CheckSum: missing
ImageSize: 0000B000
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
Page c40 not present in the dump file. Type “.hh dbgerr004” for details
85640000 85647b00 prl_boot (deferred)
Image path: \SystemRoot\System32\Drivers\prl_boot.sys
Image name: prl_boot.sys
Timestamp: Thu Jul 03 02:22:26 2014 (53B431C2)
CheckSum: 00011884
ImageSize: 00007B00
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85650000 8566a000 tdx (deferred)
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)
CheckSum: 000176A3
ImageSize: 0001A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85670000 8584c000 tcpip (deferred)
Image path: \SystemRoot\System32\drivers\tcpip.sys
Image name: tcpip.sys
Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)
CheckSum: 001DBE8F
ImageSize: 001DC000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85850000 85898000 fwpkclnt (deferred)
Image path: \SystemRoot\System32\drivers\fwpkclnt.sys
Image name: fwpkclnt.sys
Timestamp: Sat Sep 13 13:16:06 2014 (5413B6F6)
CheckSum: 00045D66
ImageSize: 00048000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
858a0000 858b3000 wfplwfs (deferred)
Image path: \SystemRoot\system32\DRIVERS\wfplwfs.sys
Image name: wfplwfs.sys
Timestamp: Sat Sep 13 13:15:58 2014 (5413B6EE)
CheckSum: 000173D9
ImageSize: 00013000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
858c0000 85944000 fvevol (deferred)
Image path: \SystemRoot\System32\DRIVERS\fvevol.sys
Image name: fvevol.sys
Timestamp: Sat Sep 13 13:16:38 2014 (5413B716)
CheckSum: 0008E9C8
ImageSize: 00084000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
85950000 859a8000 volsnap (deferred)
Image path: \SystemRoot\System32\drivers\volsnap.sys
Image name: volsnap.sys
Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)
CheckSum: 00056D8A
ImageSize: 00058000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
859b0000 859e5000 rdyboost (deferred)
Image path: \SystemRoot\System32\drivers\rdyboost.sys
Image name: rdyboost.sys
Timestamp: Sat Sep 13 13:17:24 2014 (5413B744)
CheckSum: 0003DE68
ImageSize: 00035000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
859f0000 859fb000 prl_strg (deferred)
Image path: \SystemRoot\system32\DRIVERS\prl_strg.sys
Image name: prl_strg.sys
Timestamp: Thu Jul 03 02:27:00 2014 (53B432D4)
CheckSum: 00011D25
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89600000 8960b000 mssmbios (deferred)
Image path: \SystemRoot\System32\drivers\mssmbios.sys
Image name: mssmbios.sys
Timestamp: Sat Sep 13 13:18:04 2014 (5413B76C)
CheckSum: 000096F0
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89610000 8962e000 dfsc (deferred)
Image path: \SystemRoot\System32\Drivers\dfsc.sys
Image name: dfsc.sys
Timestamp: Sat Sep 13 13:17:00 2014 (5413B72C)
CheckSum: 0001A13D
ImageSize: 0001E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89640000 89664000 ahcache (deferred)
Image path: \SystemRoot\system32\DRIVERS\ahcache.sys
Image name: ahcache.sys
Timestamp: Sat Sep 13 11:21:30 2014 (54139C1A)
CheckSum: 0002F792
ImageSize: 00024000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89670000 8967d000 CompositeBus (deferred)
Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_52685d853a5f64f3\CompositeBus.sys
Image name: CompositeBus.sys
Timestamp: Sat Sep 13 13:17:32 2014 (5413B74C)
CheckSum: 00011F50
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89680000 8968a000 kdnic (deferred)
Image path: \SystemRoot\system32\DRIVERS\kdnic.sys
Image name: kdnic.sys
Timestamp: Sat Sep 13 13:17:04 2014 (5413B730)
CheckSum: 0000F9A2
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89690000 8969e000 umbus (deferred)
Image path: \SystemRoot\System32\drivers\umbus.sys
Image name: umbus.sys
Timestamp: Sat Sep 13 13:17:42 2014 (5413B756)
CheckSum: 00011CE7
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
896a0000 896be000 intelppm (deferred)
Image path: \SystemRoot\System32\drivers\intelppm.sys
Image name: intelppm.sys
Timestamp: Sat Sep 13 11:21:33 2014 (54139C1D)
CheckSum: 00025E04
ImageSize: 0001E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
896c0000 896e5000 prl_kmdd (deferred)
Image path: \SystemRoot\system32\DRIVERS\prl_kmdd.sys
Image name: prl_kmdd.sys
Timestamp: Thu Jul 03 02:21:17 2014 (53B4317D)
CheckSum: 00028C23
ImageSize: 00025000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
896f0000 8970d200 E1G60I32 (deferred)
Image path: \SystemRoot\system32\DRIVERS\E1G60I32.sys
Image name: E1G60I32.sys
Timestamp: Wed Mar 24 08:07:51 2010 (4BA92DA7)
CheckSum: 000282C0
ImageSize: 0001D200
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89710000 89717000 prl_memdev (deferred)
Image path: \SystemRoot\System32\drivers\prl_memdev.sys
Image name: prl_memdev.sys
Timestamp: Thu Jul 03 02:20:09 2014 (53B43139)
CheckSum: 0000F8AB
ImageSize: 00007000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89720000 8972b000 usbuhci (deferred)
Image path: \SystemRoot\System32\drivers\usbuhci.sys
Image name: usbuhci.sys
Timestamp: Sat Sep 13 13:17:57 2014 (5413B765)
CheckSum: 00013A07
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89730000 89790000 USBPORT (deferred)
Image path: \SystemRoot\System32\drivers\USBPORT.SYS
Image name: USBPORT.SYS
Timestamp: Sat Sep 13 13:18:05 2014 (5413B76D)
CheckSum: 0005FEAD
ImageSize: 00060000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89790000 897d5000 USBXHCI (deferred)
Image path: \SystemRoot\System32\drivers\USBXHCI.SYS
Image name: USBXHCI.SYS
Timestamp: Sat Sep 13 13:16:34 2014 (5413B712)
CheckSum: 0004EBE2
ImageSize: 00045000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbxhci.sys
OriginalFilename: usbxhci.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: USB XHCI Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
897e0000 8980b000 ucx01000 (deferred)
Image path: \SystemRoot\System32\drivers\ucx01000.sys
Image name: ucx01000.sys
Timestamp: Sat Sep 13 13:16:41 2014 (5413B719)
CheckSum: 0002F0FB
ImageSize: 0002B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89810000 89824000 usbehci (deferred)
Image path: \SystemRoot\System32\drivers\usbehci.sys
Image name: usbehci.sys
Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)
CheckSum: 0001BDBB
ImageSize: 00014000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89830000 89849000 i8042prt (deferred)
Image path: \SystemRoot\System32\drivers\i8042prt.sys
Image name: i8042prt.sys
Timestamp: Sat Sep 13 13:17:47 2014 (5413B75B)
CheckSum: 00018714
ImageSize: 00019000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89850000 8985e000 kbdclass (deferred)
Image path: \SystemRoot\System32\drivers\kbdclass.sys
Image name: kbdclass.sys
Timestamp: Sat Sep 13 13:17:52 2014 (5413B760)
CheckSum: 00015CDA
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89860000 89862700 prl_mouf (deferred)
Image path: \SystemRoot\System32\drivers\prl_mouf.sys
Image name: prl_mouf.sys
Timestamp: Thu Jul 03 02:20:39 2014 (53B43157)
CheckSum: 00004B94
ImageSize: 00002700
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89870000 8987c000 mouclass (deferred)
Image path: \SystemRoot\System32\drivers\mouclass.sys
Image name: mouclass.sys
Timestamp: Sat Sep 13 13:17:50 2014 (5413B75E)
CheckSum: 0000B120
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89880000 8988f000 prl_sound (deferred)
Image path: \SystemRoot\system32\DRIVERS\prl_sound.sys
Image name: prl_sound.sys
Timestamp: Thu Jul 03 02:26:55 2014 (53B432CF)
CheckSum: 0000C1CF
ImageSize: 0000F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89890000 898cb000 portcls (deferred)
Image path: \SystemRoot\system32\DRIVERS\portcls.sys
Image name: portcls.sys
Timestamp: Sat Sep 13 13:16:29 2014 (5413B70D)
CheckSum: 00040388
ImageSize: 0003B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
898d0000 898e5000 drmk (deferred)
Image path: \SystemRoot\system32\DRIVERS\drmk.sys
Image name: drmk.sys
Timestamp: Sat Sep 13 13:17:53 2014 (5413B761)
CheckSum: 0001BB7E
ImageSize: 00015000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
898f0000 898f5d00 MpKsld125cf3e (deferred)
Image path: \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56A75674-70B6-4061-BCD6-254E1D99F288}\MpKsld125cf3e.sys
Image name: MpKsld125cf3e.sys
Timestamp: Thu Aug 22 08:32:05 2013 (52153FE5)
CheckSum: 00012C3C
ImageSize: 00005D00
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89910000 89967000 rdbss (deferred)
Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
Image name: rdbss.sys
Timestamp: Sat Sep 13 13:16:32 2014 (5413B710)
CheckSum: 0005527E
ImageSize: 00057000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
89970000 899de000 csc (deferred)
Image path: \SystemRoot\system32\drivers\csc.sys
Image name: csc.sys
Timestamp: Sat Sep 13 13:17:06 2014 (5413B732)
CheckSum: 00070E21
ImageSize: 0006E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
899e0000 899ec000 nsiproxy (deferred)
Image path: \SystemRoot\system32\drivers\nsiproxy.sys
Image name: nsiproxy.sys
Timestamp: Sat Sep 13 13:16:15 2014 (5413B6FF)
CheckSum: 0000B7FA
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
899f0000 899fb000 npsvctrig (deferred)
Image path: \SystemRoot\System32\drivers\npsvctrig.sys
Image name: npsvctrig.sys
Timestamp: Sat Sep 13 13:17:25 2014 (5413B745)
CheckSum: 00005D85
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a000000 8a01a000 HIDCLASS (deferred)
Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS
Image name: HIDCLASS.SYS
Timestamp: Sat Sep 13 13:17:46 2014 (5413B75A)
CheckSum: 0001CBB5
ImageSize: 0001A000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hidclass.sys
OriginalFilename: hidclass.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Hid Class Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a020000 8a02a000 mouhid (deferred)
Image path: \SystemRoot\System32\drivers\mouhid.sys
Image name: mouhid.sys
Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)
CheckSum: 0000D25A
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a030000 8a03b000 kbdhid (deferred)
Image path: \SystemRoot\System32\drivers\kbdhid.sys
Image name: kbdhid.sys
Timestamp: Sat Sep 13 13:17:51 2014 (5413B75F)
CheckSum: 0000EE04
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a040000 8a05d000 luafv (deferred)
Image path: \SystemRoot\system32\drivers\luafv.sys
Image name: luafv.sys
Timestamp: Sat Sep 13 13:18:06 2014 (5413B76E)
CheckSum: 0001EF10
ImageSize: 0001D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a060000 8a070000 lltdio (deferred)
Image path: \SystemRoot\system32\DRIVERS\lltdio.sys
Image name: lltdio.sys
Timestamp: Sat Sep 13 13:16:03 2014 (5413B6F3)
CheckSum: 0001524A
ImageSize: 00010000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a070000 8a084000 rspndr (deferred)
Image path: \SystemRoot\system32\DRIVERS\rspndr.sys
Image name: rspndr.sys
Timestamp: Sat Sep 13 13:16:05 2014 (5413B6F5)
CheckSum: 0001C001
ImageSize: 00014000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a090000 8a09b000 usbprint (deferred)
Image path: \SystemRoot\System32\drivers\usbprint.sys
Image name: usbprint.sys
Timestamp: Sat Sep 13 13:16:13 2014 (5413B6FD)
CheckSum: 0000EBDA
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a0b0000 8a0bb000 dump_diskdump (deferred)
Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys
Image name: dump_diskdump.sys
Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)
CheckSum: 0001241F
ImageSize: 0000B000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: diskdump.sys
OriginalFilename: diskdump.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Crash Dump Disk Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a0e0000 8a0fb000 dump_storahci (deferred)
Image path: \SystemRoot\System32\Drivers\dump_storahci.sys
Image name: dump_storahci.sys
Timestamp: Sat Sep 13 13:18:44 2014 (5413B794)
CheckSum: 000225B4
ImageSize: 0001B000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: storahci.sys
OriginalFilename: storahci.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: MS AHCI Storport Miniport Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a120000 8a133000 dump_dumpfve (deferred)
Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Image name: dump_dumpfve.sys
Timestamp: Sat Sep 13 13:18:16 2014 (5413B778)
CheckSum: 00015A17
ImageSize: 00013000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dumpfve.sys
OriginalFilename: dumpfve.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Bitlocker Drive Encryption Crashdump Filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a140000 8a193000 dxgmms1 (deferred)
Image path: \SystemRoot\System32\drivers\dxgmms1.sys
Image name: dxgmms1.sys
Timestamp: Sat Sep 13 13:16:36 2014 (5413B714)
CheckSum: 00054E15
ImageSize: 00053000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dxgmms1.sys
OriginalFilename: dxgmms1.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: DirectX Graphics MMS
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a1a0000 8a1ab000 monitor (deferred)
Image path: \SystemRoot\System32\drivers\monitor.sys
Image name: monitor.sys
Timestamp: Sat Sep 13 13:16:14 2014 (5413B6FE)
CheckSum: 0000D3D8
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a1b0000 8a1b1880 myfault (no symbols)
Loaded symbol image file: myfault.sys
Image path: \??\C:\Windows\system32\drivers\myfault.sys
Image name: myfault.sys
Timestamp: Sun Apr 08 02:34:40 2012 (4F806CA0)
CheckSum: 00003871
ImageSize: 00001880
File version: 4.0.0.0
Product version: 4.0.0.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Sysinternals
ProductName: Sysinternals Myfault
InternalName: myfault.sys
OriginalFilename: myfault.sys
ProductVersion: 4.0
FileVersion: 4.0 (sysinternals.com)
FileDescription: Crash Test Driver
LegalCopyright: Copyright © 2002-2012 Mark Russinovich
8a1c0000 8a205000 ks (deferred)
Image path: \SystemRoot\system32\DRIVERS\ks.sys
Image name: ks.sys
Timestamp: Sat Sep 13 13:18:04 2014 (5413B76C)
CheckSum: 00040D56
ImageSize: 00045000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a210000 8a215080 CmBatt (deferred)
Image path: \SystemRoot\System32\drivers\CmBatt.sys
Image name: CmBatt.sys
Timestamp: Sat Sep 13 13:18:03 2014 (5413B76B)
CheckSum: 000065BF
ImageSize: 00005080
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a220000 8a22b000 BATTC (deferred)
Image path: \SystemRoot\System32\drivers\BATTC.SYS
Image name: BATTC.SYS
Timestamp: Sat Sep 13 13:18:23 2014 (5413B77F)
CheckSum: 0000B8DD
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a230000 8a238000 NdisVirtualBus (deferred)
Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys
Image name: NdisVirtualBus.sys
Timestamp: Sat Sep 13 13:16:11 2014 (5413B6FB)
CheckSum: 00007E21
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a240000 8a241400 swenum (deferred)
Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_x86_a44e7d5abb8c9783\swenum.sys
Image name: swenum.sys
Timestamp: Sat Sep 13 13:17:59 2014 (5413B767)
CheckSum: 000116B9
ImageSize: 00001400
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a250000 8a25a000 rdpbus (deferred)
Image path: \SystemRoot\System32\drivers\rdpbus.sys
Image name: rdpbus.sys
Timestamp: Sat Sep 13 13:17:38 2014 (5413B752)
CheckSum: 0000B151
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a260000 8a2bc000 usbhub (deferred)
Image path: \SystemRoot\System32\drivers\usbhub.sys
Image name: usbhub.sys
Timestamp: Sat Sep 13 13:17:22 2014 (5413B742)
CheckSum: 0005DB85
ImageSize: 0005C000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbhub.sys
OriginalFilename: usbhub.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Default Hub Driver for USB
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a2c0000 8a2ca000 USBD (deferred)
Image path: \SystemRoot\System32\drivers\USBD.SYS
Image name: USBD.SYS
Timestamp: Sat Sep 13 13:18:37 2014 (5413B78D)
CheckSum: 00014686
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a2d0000 8a333000 UsbHub3 (deferred)
Image path: \SystemRoot\System32\drivers\UsbHub3.sys
Image name: UsbHub3.sys
Timestamp: Sat Sep 13 13:16:25 2014 (5413B709)
CheckSum: 0006120F
ImageSize: 00063000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbhub3.sys
OriginalFilename: usbhub3.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: USB3 HUB Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a340000 8a385000 udfs (deferred)
Image path: \SystemRoot\system32\DRIVERS\udfs.sys
Image name: udfs.sys
Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)
CheckSum: 00042F9C
ImageSize: 00045000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a390000 8a396900 HIDPARSE (deferred)
Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS
Image name: HIDPARSE.SYS
Timestamp: Sat Sep 13 13:18:36 2014 (5413B78C)
CheckSum: 000165B8
ImageSize: 00006900
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hidparse.sys
OriginalFilename: hidparse.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Hid Parsing Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
8a3a0000 8a3bc000 usbccgp (deferred)
Image path: \SystemRoot\System32\drivers\usbccgp.sys
Image name: usbccgp.sys
Timestamp: Sat Sep 13 13:17:03 2014 (5413B72F)
CheckSum: 0001E745
ImageSize: 0001C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a3c0000 8a3eb200 usbvideo (deferred)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image name: usbvideo.sys
Timestamp: Sat Sep 13 13:16:59 2014 (5413B72B)
CheckSum: 0003A188
ImageSize: 0002B200
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8a3f0000 8a3fb000 hidusb (deferred)
Image path: \SystemRoot\System32\drivers\hidusb.sys
Image name: hidusb.sys
Timestamp: Sat Sep 13 13:17:36 2014 (5413B750)
CheckSum: 0001251F
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
8c660000 8c678000 win32k (deferred)
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Sat Sep 13 13:15:54 2014 (5413B6EA)
CheckSum: 0001774E
ImageSize: 00018000
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
Page 3bf3c not present in the dump file. Type “.hh dbgerr004” for details
8c860000 8c8f8000 win32kbase (deferred)
Image path: \SystemRoot\System32\win32kbase.sys
Image name: win32kbase.sys
Timestamp: Sat Sep 13 13:16:09 2014 (5413B6F9)
CheckSum: 0008EB39
ImageSize: 00098000
File version: 6.4.9841.0
Product version: 6.4.9841.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32kbase.sys
OriginalFilename: win32kbase.sys
ProductVersion: 6.4.9841.0
FileVersion: 6.4.9841.0 (fbl_release.140912-1613)
FileDescription: Base Win32k Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
8fad0000 8fdaa000 win32kfull (deferred)
Image path: \SystemRoot\System32\win32kfull.sys
Image name: win32kfull.sys
Timestamp: Sat Sep 13 13:16:27 2014 (5413B70B)
CheckSum: 002CE747
ImageSize: 002DA000
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
Page 5ed8 not present in the dump file. Type “.hh dbgerr004” for details
8fe10000 8fe18000 TSDDD (deferred)
Image path: \SystemRoot\System32\TSDDD.dll
Image name: TSDDD.dll
Timestamp: Sat Sep 13 13:16:02 2014 (5413B6F2)
CheckSum: 00010BB9
ImageSize: 00008000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a1bc0000 a1bef000 cdd (deferred)
Image path: \SystemRoot\System32\cdd.dll
Image name: cdd.dll
Timestamp: Sat Sep 13 14:25:21 2014 (5413C731)
CheckSum: 0003A1F6
ImageSize: 0002F000
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
Page 3b282 not present in the dump file. Type “.hh dbgerr004” for details
a6a00000 a6a34000 srvnet (deferred)
Image path: \SystemRoot\System32\DRIVERS\srvnet.sys
Image name: srvnet.sys
Timestamp: Sat Sep 13 13:14:33 2014 (5413B699)
CheckSum: 00031E1F
ImageSize: 00034000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6a40000 a6ad2000 srv2 (deferred)
Image path: \SystemRoot\System32\DRIVERS\srv2.sys
Image name: srv2.sys
Timestamp: Sat Sep 13 13:16:20 2014 (5413B704)
CheckSum: 0008CC9E
ImageSize: 00092000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6ae0000 a6aee000 mmcss (deferred)
Image path: \SystemRoot\system32\drivers\mmcss.sys
Image name: mmcss.sys
Timestamp: Sat Sep 13 13:17:42 2014 (5413B756)
CheckSum: 0001528D
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6af0000 a6b2d000 mrxsmb10 (deferred)
Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Image name: mrxsmb10.sys
Timestamp: Sat Sep 13 13:14:34 2014 (5413B69A)
CheckSum: 0003A6ED
ImageSize: 0003D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6b30000 a6b49000 Ndu (deferred)
Image path: \SystemRoot\system32\drivers\Ndu.sys
Image name: Ndu.sys
Timestamp: Sat Sep 13 13:14:41 2014 (5413B6A1)
CheckSum: 0001E797
ImageSize: 00019000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6b50000 a6bf2000 peauth (deferred)
Image path: \SystemRoot\system32\drivers\peauth.sys
Image name: peauth.sys
Timestamp: Sat Sep 13 13:16:08 2014 (5413B6F8)
CheckSum: 0009EA99
ImageSize: 000A2000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6c00000 a6c25000 tunnel (deferred)
Image path: \SystemRoot\system32\DRIVERS\tunnel.sys
Image name: tunnel.sys
Timestamp: Sat Sep 13 13:14:33 2014 (5413B699)
CheckSum: 0001F791
ImageSize: 00025000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6c30000 a6c3d000 condrv (deferred)
Image path: \SystemRoot\System32\drivers\condrv.sys
Image name: condrv.sys
Timestamp: Sat Sep 13 13:18:34 2014 (5413B78A)
CheckSum: 0000CB28
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6c40000 a6cf6000 HTTP (deferred)
Image path: \SystemRoot\system32\drivers\HTTP.sys
Image name: HTTP.sys
Timestamp: Sat Sep 13 13:16:04 2014 (5413B6F4)
CheckSum: 000BD71C
ImageSize: 000B6000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6d00000 a6d1a000 bowser (deferred)
Image path: \SystemRoot\system32\DRIVERS\bowser.sys
Image name: bowser.sys
Timestamp: Sat Sep 13 13:17:08 2014 (5413B734)
CheckSum: 00019CA7
ImageSize: 0001A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6d20000 a6d79000 mrxsmb (deferred)
Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
Image name: mrxsmb.sys
Timestamp: Sat Sep 13 13:14:35 2014 (5413B69B)
CheckSum: 000557E4
ImageSize: 00059000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6d80000 a6dae000 mrxsmb20 (deferred)
Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Image name: mrxsmb20.sys
Timestamp: Sat Sep 13 13:16:41 2014 (5413B719)
CheckSum: 0003549E
ImageSize: 0002E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6db0000 a6dc1000 mpsdrv (deferred)
Image path: \SystemRoot\System32\drivers\mpsdrv.sys
Image name: mpsdrv.sys
Timestamp: Sat Sep 13 13:14:51 2014 (5413B6AB)
CheckSum: 000111DE
ImageSize: 00011000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6dd0000 a6dd2300 prl_time (deferred)
Image path: \??\C:\Windows\system32\drivers\prl_time.sys
Image name: prl_time.sys
Timestamp: Thu Jul 03 02:21:29 2014 (53B43189)
CheckSum: 000070E8
ImageSize: 00002300
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6de0000 a6dea000 secdrv (deferred)
Image path: \SystemRoot\System32\Drivers\secdrv.SYS
Image name: secdrv.SYS
Timestamp: Wed Sep 13 23:18:32 2006 (45080528)
CheckSum: 0000EE69
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
a6df0000 a6dfe000 tcpipreg (deferred)
Image path: \SystemRoot\System32\drivers\tcpipreg.sys
Image name: tcpipreg.sys
Timestamp: Sat Sep 13 13:14:50 2014 (5413B6AA)
CheckSum: 00017C0E
ImageSize: 0000E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Unloaded modules:
a6dd0000 a6de8000 parport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00018000
85510000 8551b000 dump_storport.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
85540000 8555b000 dump_storahci.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0001B000
85580000 85593000 dump_dumpfve.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00013000
89630000 8963f000 dam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000F000
84c90000 84c9a000 WdBoot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000A000
85430000 8543b000 hwpolicy.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
chentiangemalc 
My God man, what is the point of filling several pages of nonsense data that only a real programmer can relate to. My issue is trying to figur eout why I have no dump file on the root though the bloody system is configured to make one. Windows 10 by the way, the worst bloody OS yet. I have crashes twice or more often every bloody day. Have tried numerous solutions but nothing has ever worked. I even use WhoCrashed software but it never finds the dmp file I was hoping you would provide explanation but you have happy just to show you KNOW somethign but not very useful for consumers whom are users and not programmers..
There are several reasons dmp files are not generated after a crash. Some exampels: https://support.microsoft.com/en-us/kb/130536