Random 0x0000001A errors with ntkrnlmp.exe

#1
Hello!

One of my friends recently built a computer with the same hardware as myself (same part numbers and everything) with the exceptions of; the sound card, the storage device, and the operating system. Well, ever since we assembled it, he has been randomly getting 0x0000001A errors.

Initially he was using windows 10 and was getting these BSOD errors very frequently. I noticed these lines in the crash DMP files while using windbg;
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
IMAGE_NAME: ntkrnlmp.exe

I figured he had the wrong drivers installed, so I had him update all the drivers from the hardware manufacturers' website. The crashes still occurred at the same frequency with the same error codes.

So, since he had a license of windows 8 as well, he decided to try using windows 8. Well, the crashing initially disappeared for about a week. He got another 0x0000001A last night which is suspiciously close to the ones he was receiving on windows 10. On top of that he has started to get occasional black screen restarts with no DMP files. I am leaning a bit toward the hardware at this point. Hopefully someone here can help point us in the right direct.

His PC specifications:

OS: Windows 8.1
CPU: Intel Core i7 6700K
Motherboard: MSI Z170A M3
Memory: CORSAIR LPX 32GB Model CMK32GX4M4A2133C13
GPU: MSI Geforce GTX 980 TI Lightning LE
Harddrive: Samsung Pro 512GB


windbg output;

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PC\Downloads\072516-5281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18378.amd64fre.winblue_ltsb.160611-0600
Machine Name:
Kernel base = 0xfffff802`2cc7c000 PsLoadedModuleList = 0xfffff802`2cf4f630
Debug session time: Mon Jul 25 00:45:38.704 2016 (UTC - 4:00)
System Uptime: 0 days 11:57:18.372
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41201, fffff68000187cb8, 286040021a84c867, ffffe000e4fb39a0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+16f8c )

Followup: MachineOwner
---------

5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff68000187cb8
Arg3: 286040021a84c867
Arg4: ffffe000e4fb39a0

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9600.18378.amd64fre.winblue_ltsb.160611-0600

SYSTEM_MANUFACTURER: MSI

SYSTEM_PRODUCT_NAME: MS-7978

SYSTEM_SKU: Default string

SYSTEM_VERSION: 2.0

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: A.10

BIOS_DATE: 09/06/2015

BASEBOARD_MANUFACTURER: MSI

BASEBOARD_PRODUCT: Z170A GAMING M3 (MS-7978)

BASEBOARD_VERSION: 2.0

DUMP_TYPE: 2

BUGCHECK_P1: 41201

BUGCHECK_P2: fffff68000187cb8

BUGCHECK_P3: 286040021a84c867

BUGCHECK_P4: ffffe000e4fb39a0

BUGCHECK_STR: 0x1a_41201

CPU_COUNT: 8

CPU_MHZ: fa8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 33'00000000 (cache) 33'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: RimWorldWin.ex

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: COREREACTOR

ANALYSIS_SESSION_TIME: 07-25-2016 16:35:10.0616

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff8022cdf174c to fffff8022cdca2a0

STACK_TEXT:
ffffd000`253555f8 fffff802`2cdf174c : 00000000`0000001a 00000000`00041201 fffff680`00187cb8 28604002`1a84c867 : nt!KeBugCheckEx
ffffd000`25355600 fffff802`2cce67ff : 00000000`00000000 fffff802`2cd38e60 00000000`00000000 ffffe000`ed73f880 : nt! ?? ::FNODOBFM::`string'+0x16f8c
ffffd000`25355670 fffff802`2cce618d : e000e4ce`d050f353 00000007`000014d0 e000e4ce`d050f351 fffff802`2cd220fb : nt!MiQueryAddressState+0x34f
ffffd000`25355770 fffff802`2d072139 : 00000000`00000003 ffffd000`25355a80 ffffe000`e4fb39a0 00000000`00000001 : nt!MiQueryAddressSpan+0x10d
ffffd000`253557e0 fffff802`2d071e0a : ffffe000`ee65b768 ffffe000`e56ac6e0 00000000`00000000 00000000`00001000 : nt!MmQueryVirtualMemory+0x329
ffffd000`25355940 fffff802`2cdd5ab3 : 00000000`00000000 00000064`00ebe968 00000000`dc0019ff 00000000`00000130 : nt!NtQueryVirtualMemory+0x22
ffffd000`25355990 00007ffb`b29608ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000064`00ebe5d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`b29608ea


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: e04af0401ee17939845926712ce52fb813bd5c89

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 459b885d701aef4e810a13e9ed8e28c1f5fa1723

THREAD_SHA1_HASH_MOD: 30a3e915496deaace47137d5b90c3ecc03746bf6

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+16f8c
fffff802`2cdf174c cc int 3

FAULT_INSTR_CODE: d58b48cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+16f8c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 575c3237

IMAGE_VERSION: 6.3.9600.18378

BUCKET_ID_FUNC_OFFSET: 16f8c

FAILURE_BUCKET_ID: 0x1a_41201_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41201_nt!_??_::FNODOBFM::_string_

PRIMARY_PROBLEM_CLASS: 0x1a_41201_nt!_??_::FNODOBFM::_string_

TARGET_TIME: 2016-07-25T04:45:38.000Z

OSBUILD: 9600

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 8.1

OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-06-11 11:45:59

BUILDDATESTAMP_STR: 160611-0600

BUILDLAB_STR: winblue_ltsb

BUILDOSVER_STR: 6.3.9600.18378.amd64fre.winblue_ltsb.160611-0600

ANALYSIS_SESSION_ELAPSED_TIME: 2c6

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41201_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {48c83227-3944-10a1-bf0f-11b43dc9c13b}

Followup: MachineOwner
---------
 


Attachments

Last edited by a moderator:
#2
5: kd> lmv
start end module name
fffff801`b7c00000 fffff801`b7c0a000 BOOTVID (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\BOOTVID.dll\5215F8AAa000\BOOTVID.dll
Image path: \SystemRoot\system32\BOOTVID.dll
Image name: BOOTVID.dll
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:26 2013 (5215F8AA)
CheckSum: 000143A5
ImageSize: 0000A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: bootvid.dll
OriginalFilename: bootvid.dll
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: VGA Boot Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7c0a000 fffff801`b7c92000 CI (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\CI.dll\548276B088000\CI.dll
Image path: \SystemRoot\system32\CI.dll
Image name: CI.dll
Browse all global symbols functions data
Timestamp: Fri Dec 05 22:23:28 2014 (548276B0)
CheckSum: 0008E279
ImageSize: 00088000
File version: 6.3.9600.17550
Product version: 6.3.9600.17550
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ci.dll
OriginalFilename: ci.dll
ProductVersion: 6.3.9600.17550
FileVersion: 6.3.9600.17550 (winblue_r6.141205-1500)
FileDescription: Code Integrity Module
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7cd5000 fffff801`b7d52000 mcupdate_GenuineIntel (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mcupdate_GenuineIntel.dll\53B6A5387d000\mcupdate_GenuineIntel.dll
Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
Image name: mcupdate_GenuineIntel.dll
Browse all global symbols functions data
Timestamp: Fri Jul 04 08:59:36 2014 (53B6A538)
CheckSum: 00081BB2
ImageSize: 0007D000
File version: 6.3.9600.17227
Product version: 6.3.9600.17227
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.A Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mcupdate.dll
OriginalFilename: mcupdate_GenuineIntel.dll
ProductVersion: 6.3.9600.17227
FileVersion: 6.3.9600.17227 (winblue_gdr.140703-2146)
FileDescription: Intel Microcode Update Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7d52000 fffff801`b7d60000 werkernel (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\werkernel.sys\5215F8A8e000\werkernel.sys
Image path: \SystemRoot\System32\drivers\werkernel.sys
Image name: werkernel.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:24 2013 (5215F8A8)
CheckSum: 0000D30A
ImageSize: 0000E000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: werkernel.sys
OriginalFilename: werkernel.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Windows Error Reporting Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7d60000 fffff801`b7dc2000 CLFS (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\CLFS.SYS\54F656F962000\CLFS.SYS
Image path: \SystemRoot\System32\drivers\CLFS.SYS
Image name: CLFS.SYS
Browse all global symbols functions data
Timestamp: Tue Mar 03 19:51:05 2015 (54F656F9)
CheckSum: 0005FCDA
ImageSize: 00062000
File version: 6.3.9600.17719
Product version: 6.3.9600.17719
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: clfs.sys
OriginalFilename: Clfs.Sys
ProductVersion: 6.3.9600.17719
FileVersion: 6.3.9600.17719 (winblue_r9.150303-1500)
FileDescription: Common Log File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7dc2000 fffff801`b7de4000 tm (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\tm.sys\5215F87522000\tm.sys
Image path: \SystemRoot\System32\drivers\tm.sys
Image name: tm.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:33 2013 (5215F875)
CheckSum: 00027299
ImageSize: 00022000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tm.sys
OriginalFilename: tm.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Kernel Transaction Manager Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7de4000 fffff801`b7df9000 PSHED (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\PSHED.dll\52346B3F15000\PSHED.dll
Image path: \SystemRoot\system32\PSHED.dll
Image name: PSHED.dll
Browse all global symbols functions data
Timestamp: Sat Sep 14 09:57:19 2013 (52346B3F)
CheckSum: 00014F05
ImageSize: 00015000
File version: 6.3.9600.16404
Product version: 6.3.9600.16404
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pshed.dll
OriginalFilename: pshed.dll
ProductVersion: 6.3.9600.16404
FileVersion: 6.3.9600.16404 (winblue_gdr.130913-2141)
FileDescription: Platform Specific Hardware Error Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7e00000 fffff801`b7e88000 ACPI (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ACPI.sys\54335E2E88000\ACPI.sys
Image path: \SystemRoot\System32\drivers\ACPI.sys
Image name: ACPI.sys
Browse all global symbols functions data
Timestamp: Mon Oct 06 23:29:50 2014 (54335E2E)
CheckSum: 0008D868
ImageSize: 00088000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ACPI.sys
OriginalFilename: ACPI.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: ACPI Driver for NT
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7e88000 fffff801`b7e92000 WMILIB (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\WMILIB.SYS\5215F8A7a000\WMILIB.SYS
Image path: \SystemRoot\System32\drivers\WMILIB.SYS
Image name: WMILIB.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:23 2013 (5215F8A7)
CheckSum: 00005EF7
ImageSize: 0000A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WmiLib.sys
OriginalFilename: WmiLib.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: WMILIB WMI support library Dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7e9c000 fffff801`b7ef9000 msrpc (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\msrpc.sys\5215F86A5d000\msrpc.sys
Image path: \SystemRoot\System32\drivers\msrpc.sys
Image name: msrpc.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:22 2013 (5215F86A)
CheckSum: 0005E90A
ImageSize: 0005D000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: krpcdd.sys
OriginalFilename: krpcdd.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Kernel Remote Procedure Call Provider
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7ef9000 fffff801`b7fc8000 Wdf01000 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Wdf01000.sys\5215F850cf000\Wdf01000.sys
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:56 2013 (5215F850)
CheckSum: 000DAC61
ImageSize: 000CF000
File version: 1.13.9600.16384
Product version: 1.13.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdf01000.sys
OriginalFilename: wdf01000.sys
ProductVersion: 1.13.9600.16384
FileVersion: 1.13.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Kernel Mode Driver Framework Runtime
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7fc8000 fffff801`b7fd9000 WDFLDR (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\WDFLDR.SYS\5215F85711000\WDFLDR.SYS
Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
Image name: WDFLDR.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:03 2013 (5215F857)
CheckSum: 00018D2B
ImageSize: 00011000
File version: 1.13.9600.16384
Product version: 1.13.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdfldr.sys
OriginalFilename: wdfldr.sys
ProductVersion: 1.13.9600.16384
FileVersion: 1.13.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Kernel Mode Driver Framework Loader
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7fd9000 fffff801`b7ff1000 acpiex (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\acpiex.sys\5215F80B18000\acpiex.sys
Image path: \SystemRoot\System32\Drivers\acpiex.sys
Image name: acpiex.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:37:47 2013 (5215F80B)
CheckSum: 0001AB70
ImageSize: 00018000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: acpiex.sys
OriginalFilename: acpiex.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: ACPIEx Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b7ff1000 fffff801`b7ffc000 WppRecorder (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\WppRecorder.sys\5215F87Cb000\WppRecorder.sys
Image path: \SystemRoot\System32\Drivers\WppRecorder.sys
Image name: WppRecorder.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:40 2013 (5215F87C)
CheckSum: 000115DC
ImageSize: 0000B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WppRecorder.sys
OriginalFilename: WppRecorder.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: WPP Trace Recorder
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8000000 fffff801`b801c000 pdc (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\pdc.sys\5434C9F71c000\pdc.sys
Image path: \SystemRoot\system32\drivers\pdc.sys
Image name: pdc.sys
Browse all global symbols functions data
Timestamp: Wed Oct 08 01:21:59 2014 (5434C9F7)
CheckSum: 0001BA89
ImageSize: 0001C000
File version: 6.3.9600.17396
Product version: 6.3.9600.17396
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pdc.sys
OriginalFilename: pdc.sys
ProductVersion: 6.3.9600.17396
FileVersion: 6.3.9600.17396 (winblue_r4.141007-2030)
FileDescription: Power Dependency Coordinator Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b801c000 fffff801`b8034000 partmgr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\partmgr.sys\5434E91218000\partmgr.sys
Image path: \SystemRoot\System32\drivers\partmgr.sys
Image name: partmgr.sys
Browse all global symbols functions data
Timestamp: Wed Oct 08 03:34:42 2014 (5434E912)
CheckSum: 00018769
ImageSize: 00018000
File version: 6.3.9600.17396
Product version: 6.3.9600.17396
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: partmgr.sys
OriginalFilename: partmgr.sys
ProductVersion: 6.3.9600.17396
FileVersion: 6.3.9600.17396 (winblue_r4.141007-2030)
FileDescription: Partition Management Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8034000 fffff801`b809d000 spaceport (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\spaceport.sys\5450552769000\spaceport.sys
Image path: \SystemRoot\System32\drivers\spaceport.sys
Image name: spaceport.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:03 2014 (54505527)
CheckSum: 00072C4C
ImageSize: 00069000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: spaceport.sys
OriginalFilename: spaceport.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Storage Spaces Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b809d000 fffff801`b80b3000 volmgr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\volmgr.sys\570974B216000\volmgr.sys
Image path: \SystemRoot\System32\drivers\volmgr.sys
Image name: volmgr.sys
Browse all global symbols functions data
Timestamp: Sat Apr 09 17:31:30 2016 (570974B2)
CheckSum: 00020B66
ImageSize: 00016000
File version: 6.3.9600.18302
Product version: 6.3.9600.18302
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: volmgr.sys
OriginalFilename: volmgr.sys
ProductVersion: 6.3.9600.18302
FileVersion: 6.3.9600.18302 (winblue_ltsb.160409-0600)
FileDescription: Volume Manager Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b80fc000 fffff801`b8188000 cng (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\cng.sys\57365E458c000\cng.sys
Image path: \SystemRoot\System32\Drivers\cng.sys
Image name: cng.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:07:49 2016 (57365E45)
CheckSum: 00096468
ImageSize: 0008C000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cng.sys
OriginalFilename: cng.sys
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: Kernel Cryptography, Next Generation
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8196000 fffff801`b81a0000 msisadrv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\msisadrv.sys\5215F857a000\msisadrv.sys
Image path: \SystemRoot\System32\drivers\msisadrv.sys
Image name: msisadrv.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:03 2013 (5215F857)
CheckSum: 0000A48E
ImageSize: 0000A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: msisadrv.sys
OriginalFilename: msisadrv.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: ISA Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b81a0000 fffff801`b81e8000 pci (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\pci.sys\53D0F1D448000\pci.sys
Image path: \SystemRoot\System32\drivers\pci.sys
Image name: pci.sys
Browse all global symbols functions data
Timestamp: Thu Jul 24 07:45:24 2014 (53D0F1D4)
CheckSum: 000516FC
ImageSize: 00048000
File version: 6.3.9600.17238
Product version: 6.3.9600.17238
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pci.sys
OriginalFilename: pci.sys
ProductVersion: 6.3.9600.17238
FileVersion: 6.3.9600.17238 (winblue_gdr.140723-2018)
FileDescription: NT Plug and Play PCI Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b81e8000 fffff801`b81f5000 vdrvroot (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\vdrvroot.sys\5215F849d000\vdrvroot.sys
Image path: \SystemRoot\System32\drivers\vdrvroot.sys
Image name: vdrvroot.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:49 2013 (5215F849)
CheckSum: 000167D2
ImageSize: 0000D000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: vdrvroot.sys
OriginalFilename: vdrvroot.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Virtual Drive Root Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8200000 fffff801`b8234000 nvhda64v (deferred)
Image path: \SystemRoot\system32\drivers\nvhda64v.sys
Image name: nvhda64v.sys
Browse all global symbols functions data
Timestamp: Tue May 10 04:59:01 2016 (5731A2D5)
CheckSum: 00040417
ImageSize: 00034000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`b825e000 fffff801`b82bd000 volmgrx (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\volmgrx.sys\5215F8A75f000\volmgrx.sys
Image path: \SystemRoot\System32\drivers\volmgrx.sys
Image name: volmgrx.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:23 2013 (5215F8A7)
CheckSum: 000675F8
ImageSize: 0005F000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: volmgrx.sys
OriginalFilename: volmgrx.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Volume Manager Extension Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b82bd000 fffff801`b82d8000 mountmgr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mountmgr.sys\559FFC5B1b000\mountmgr.sys
Image path: \SystemRoot\System32\drivers\mountmgr.sys
Image name: mountmgr.sys
Browse all global symbols functions data
Timestamp: Fri Jul 10 13:09:47 2015 (559FFC5B)
CheckSum: 0001F4D7
ImageSize: 0001B000
File version: 6.3.9600.17931
Product version: 6.3.9600.17931
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mountmgr.sys
OriginalFilename: mountmgr.sys
ProductVersion: 6.3.9600.17931
FileVersion: 6.3.9600.17931 (winblue_ltsb.150710-0600)
FileDescription: Mount Point Manager
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b82d8000 fffff801`b833b000 dxgmms1 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\dxgmms1.sys\5450550663000\dxgmms1.sys
Image path: \SystemRoot\System32\drivers\dxgmms1.sys
Image name: dxgmms1.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:46:30 2014 (54505506)
CheckSum: 0006F228
ImageSize: 00063000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dxgmms1.sys
OriginalFilename: dxgmms1.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: DirectX Graphics MMS
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b833b000 fffff801`b8385000 netbt (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\netbt.sys\57365E264a000\netbt.sys
Image path: \SystemRoot\System32\DRIVERS\netbt.sys
Image name: netbt.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:07:18 2016 (57365E26)
CheckSum: 00048A12
ImageSize: 0004A000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netbt.sys
OriginalFilename: netbt.sys
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: MBT Transport driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8385000 fffff801`b83d3000 ks (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ks.sys\53B6A5134e000\ks.sys
Image path: \SystemRoot\system32\drivers\ks.sys
Image name: ks.sys
Browse all global symbols functions data
Timestamp: Fri Jul 04 08:58:59 2014 (53B6A513)
CheckSum: 000519EA
ImageSize: 0004E000
File version: 6.3.9600.17227
Product version: 6.3.9600.17227
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ks.sys
OriginalFilename: ks.sys
ProductVersion: 6.3.9600.17227
FileVersion: 6.3.9600.17227 (winblue_gdr.140703-2146)
FileDescription: Kernel CSA Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8400000 fffff801`b8446000 rdyboost (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\rdyboost.sys\5308947446000\rdyboost.sys
Image path: \SystemRoot\System32\drivers\rdyboost.sys
Image name: rdyboost.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:13:40 2014 (53089474)
CheckSum: 00040054
ImageSize: 00046000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rdyboost.sys
OriginalFilename: rdyboost.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: ReadyBoost Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8446000 fffff801`b8462000 disk (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\disk.sys\5215F8831c000\disk.sys
Image path: \SystemRoot\System32\drivers\disk.sys
Image name: disk.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:47 2013 (5215F883)
CheckSum: 0001FEF4
ImageSize: 0001C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: disk.sys
OriginalFilename: disk.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: PnP Disk Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8462000 fffff801`b84b8000 CLASSPNP (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\CLASSPNP.SYS\5434C9FF56000\CLASSPNP.SYS
Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS
Image name: CLASSPNP.SYS
Browse all global symbols functions data
Timestamp: Wed Oct 08 01:22:07 2014 (5434C9FF)
CheckSum: 00057493
ImageSize: 00056000
File version: 6.3.9600.17396
Product version: 6.3.9600.17396
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: Classpnp.sys
OriginalFilename: Classpnp.sys
ProductVersion: 6.3.9600.17396
FileVersion: 6.3.9600.17396 (winblue_r4.141007-2030)
FileDescription: SCSI Class System Dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b84b8000 fffff801`b84f1000 fastfat (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\fastfat.SYS\5215F8A239000\fastfat.SYS
Image path: \SystemRoot\System32\Drivers\fastfat.SYS
Image name: fastfat.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:18 2013 (5215F8A2)
CheckSum: 0003780B
ImageSize: 00039000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fastfat.sys
OriginalFilename: FastFAT.Sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Fast FAT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b84f1000 fffff801`b8a65000 iaStorA (deferred)
Image path: \SystemRoot\System32\drivers\iaStorA.sys
Image name: iaStorA.sys
Browse all global symbols functions data
Timestamp: Wed Nov 04 05:27:49 2015 (5639DDA5)
CheckSum: 00168F4C
ImageSize: 00574000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`b8a65000 fffff801`b8ac3000 storport (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\storport.sys\5423822B5e000\storport.sys
Image path: \SystemRoot\System32\drivers\storport.sys
Image name: storport.sys
Browse all global symbols functions data
Timestamp: Wed Sep 24 22:47:07 2014 (5423822B)
CheckSum: 00060B50
ImageSize: 0005E000
File version: 6.3.9600.17383
Product version: 6.3.9600.17383
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: storport.sys
OriginalFilename: storport.sys
ProductVersion: 6.3.9600.17383
FileVersion: 6.3.9600.17383 (winblue_r4.140924-1541)
FileDescription: Microsoft Storage Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ac3000 fffff801`b8add000 EhStorClass (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\EhStorClass.sys\5215F8271a000\EhStorClass.sys
Image path: \SystemRoot\System32\drivers\EhStorClass.sys
Image name: EhStorClass.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:15 2013 (5215F827)
CheckSum: 0002292E
ImageSize: 0001A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: EhStorClass.sys
OriginalFilename: EhStorClass.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Enhanced Storage Class driver for IEEE 1667 devices
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8add000 fffff801`b8b39000 fltmgr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\fltmgr.sys\53FBF00C5c000\fltmgr.sys
Image path: \SystemRoot\system32\drivers\fltmgr.sys
Image name: fltmgr.sys
Browse all global symbols functions data
Timestamp: Mon Aug 25 22:25:16 2014 (53FBF00C)
CheckSum: 0005F90F
ImageSize: 0005C000
File version: 6.3.9600.17326
Product version: 6.3.9600.17326
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fltMgr.sys
OriginalFilename: fltMgr.sys
ProductVersion: 6.3.9600.17326
FileVersion: 6.3.9600.17326 (winblue_r3.140825-1335)
FileDescription: Microsoft Filesystem Filter Manager
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8b39000 fffff801`b8b4f000 fileinfo (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\fileinfo.sys\5308945616000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:13:10 2014 (53089456)
CheckSum: 00023040
ImageSize: 00016000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8b4f000 fffff801`b8b7a000 Wof (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Wof.sys\53216BF12b000\Wof.sys
Image path: \SystemRoot\System32\Drivers\Wof.sys
Image name: Wof.sys
Browse all global symbols functions data
Timestamp: Thu Mar 13 04:27:29 2014 (53216BF1)
CheckSum: 0002D93B
ImageSize: 0002B000
File version: 6.3.9600.17050
Product version: 6.3.9600.17050
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wof.sys
OriginalFilename: wof.sys
ProductVersion: 6.3.9600.17050
FileVersion: 6.3.9600.17050 (winblue_gdr.140312-1703)
FileDescription: Windows Overlay Filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8b7a000 fffff801`b8bbe000 WdFilter (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\WdFilter.sys\55933D7C44000\WdFilter.sys
Image path: \SystemRoot\system32\drivers\WdFilter.sys
Image name: WdFilter.sys
Browse all global symbols functions data
Timestamp: Tue Jun 30 21:08:12 2015 (55933D7C)
CheckSum: 00046F0A
ImageSize: 00044000
File version: 4.8.207.0
Product version: 4.8.207.0
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Malware Protection
InternalName: MpFilter
OriginalFilename: MpFilter.sys
ProductVersion: 4.8.0207.0
FileVersion: 4.8.0207.0
FileDescription: Microsoft antimalware file system filter driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8bbe000 fffff801`b8bef000 ksecpkg (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ksecpkg.sys\57365E2A31000\ksecpkg.sys
Image path: \SystemRoot\System32\Drivers\ksecpkg.sys
Image name: ksecpkg.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:07:22 2016 (57365E2A)
CheckSum: 00034100
ImageSize: 00031000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksecpkg.sys
OriginalFilename: ksecpkg.sys
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: Kernel Security Support Provider Interface Packages
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8c00000 fffff801`b8c78000 NETIO (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\NETIO.SYS\540EBBE678000\NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Browse all global symbols functions data
Timestamp: Tue Sep 09 04:35:50 2014 (540EBBE6)
CheckSum: 0007D1B9
ImageSize: 00078000
File version: 6.3.9600.17337
Product version: 6.3.9600.17337
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 6.3.9600.17337
FileVersion: 6.3.9600.17337 (winblue_r3.140908-1537)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8c78000 fffff801`b8c8f000 mup (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mup.sys\5215F8AC17000\mup.sys
Image path: \SystemRoot\System32\Drivers\mup.sys
Image name: mup.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:28 2013 (5215F8AC)
CheckSum: 0002066D
ImageSize: 00017000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MUP.SYS
OriginalFilename: MUP.SYS
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Multiple UNC Provider Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8c8f000 fffff801`b8ca4000 crashdmp (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\crashdmp.sys\5215F89315000\crashdmp.sys
Image path: \SystemRoot\System32\Drivers\crashdmp.sys
Image name: crashdmp.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:03 2013 (5215F893)
CheckSum: 00015F7C
ImageSize: 00015000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: crashdmp.sys
OriginalFilename: crashdmp.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Crash Dump Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ca6000 fffff801`b8ea0000 Ntfs (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Ntfs.sys\54387B6B1fa000\Ntfs.sys
Image path: \SystemRoot\System32\Drivers\Ntfs.sys
Image name: Ntfs.sys
Browse all global symbols functions data
Timestamp: Fri Oct 10 20:35:55 2014 (54387B6B)
CheckSum: 001FCA7B
ImageSize: 001FA000
File version: 6.3.9600.17399
Product version: 6.3.9600.17399
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 6.3.9600.17399
FileVersion: 6.3.9600.17399 (winblue_r4.141010-1702)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ea0000 fffff801`b8ebc000 ksecdd (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ksecdd.sys\545055481c000\ksecdd.sys
Image path: \SystemRoot\System32\Drivers\ksecdd.sys
Image name: ksecdd.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:36 2014 (54505548)
CheckSum: 00025AA3
ImageSize: 0001C000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksecdd.sys
OriginalFilename: ksecdd.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Kernel Security Support Provider Interface
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ebc000 fffff801`b8ecc000 pcw (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\pcw.sys\5215CFEA10000\pcw.sys
Image path: \SystemRoot\System32\drivers\pcw.sys
Image name: pcw.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 04:46:34 2013 (5215CFEA)
CheckSum: 00011373
ImageSize: 00010000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.8 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pcw.sys
OriginalFilename: pcw.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Performance Counters for Windows Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ecc000 fffff801`b8ed7000 Fs_Rec (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Fs_Rec.sys\5215CFE9b000\Fs_Rec.sys
Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys
Image name: Fs_Rec.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 04:46:33 2013 (5215CFE9)
CheckSum: 0000C6BA
ImageSize: 0000B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fs_rec.sys
OriginalFilename: fs_rec.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: File System Recognizer Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b8ed7000 fffff801`b8fee000 ndis (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ndis.sys\54387B62117000\ndis.sys
Image path: \SystemRoot\system32\drivers\ndis.sys
Image name: ndis.sys
Browse all global symbols functions data
Timestamp: Fri Oct 10 20:35:46 2014 (54387B62)
CheckSum: 00110E4F
ImageSize: 00117000
File version: 6.3.9600.17399
Product version: 6.3.9600.17399
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NDIS.SYS
OriginalFilename: NDIS.SYS
ProductVersion: 6.3.9600.17399
FileVersion: 6.3.9600.17399 (winblue_r4.141010-1702)
FileDescription: Network Driver Interface Specification (NDIS)
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b900a000 fffff801`b9276000 tcpip (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\tcpip.sys\5450554226c000\tcpip.sys
Image path: \SystemRoot\System32\drivers\tcpip.sys
Image name: tcpip.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:30 2014 (54505542)
CheckSum: 00265F85
ImageSize: 0026C000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tcpip.sys
OriginalFilename: tcpip.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: TCP/IP Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9276000 fffff801`b92e2000 fwpkclnt (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\fwpkclnt.sys\545054F36c000\fwpkclnt.sys
Image path: \SystemRoot\System32\drivers\fwpkclnt.sys
Image name: fwpkclnt.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:46:11 2014 (545054F3)
CheckSum: 000782AA
ImageSize: 0006C000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fwpkclnt.sys
OriginalFilename: fwpkclnt.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: FWP/IPsec Kernel-Mode API
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b92e2000 fffff801`b9307000 wfplwfs (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\wfplwfs.sys\5460299825000\wfplwfs.sys
Image path: \SystemRoot\system32\DRIVERS\wfplwfs.sys
Image name: wfplwfs.sys
Browse all global symbols functions data
Timestamp: Sun Nov 09 21:57:28 2014 (54602998)
CheckSum: 000226BE
ImageSize: 00025000
File version: 6.3.9600.17485
Product version: 6.3.9600.17485
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WFPLWFS.SYS
OriginalFilename: WFPLWFS.SYS
ProductVersion: 6.3.9600.17485
FileVersion: 6.3.9600.17485 (winblue_r5.141109-1500)
FileDescription: WFP NDIS 6.30 Lightweight Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9307000 fffff801`b939c000 fvevol (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\fvevol.sys\534325DB95000\fvevol.sys
Image path: \SystemRoot\System32\DRIVERS\fvevol.sys
Image name: fvevol.sys
Browse all global symbols functions data
Timestamp: Mon Apr 07 18:25:31 2014 (534325DB)
CheckSum: 0009F4EB
ImageSize: 00095000
File version: 6.3.9600.17091
Product version: 6.3.9600.17091
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FVEVOL.SYS
OriginalFilename: FVEVOL.SYS
ProductVersion: 6.3.9600.17091
FileVersion: 6.3.9600.17091 (winblue_gdr.140407-1503)
FileDescription: BitLocker Drive Encryption Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b939c000 fffff801`b93eb000 volsnap (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\volsnap.sys\53A215984f000\volsnap.sys
Image path: \SystemRoot\System32\drivers\volsnap.sys
Image name: volsnap.sys
Browse all global symbols functions data
Timestamp: Wed Jun 18 18:41:28 2014 (53A21598)
CheckSum: 00056AD7
ImageSize: 0004F000
File version: 6.3.9600.17215
Product version: 6.3.9600.17215
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: volsnap.sys
OriginalFilename: volsnap.sys
ProductVersion: 6.3.9600.17215
FileVersion: 6.3.9600.17215 (winblue_gdr.140618-1515)
FileDescription: Volume Shadow Copy Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b93eb000 fffff801`b93fa000 intelpep (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\intelpep.sys\5434E8D8f000\intelpep.sys
Image path: \SystemRoot\System32\drivers\intelpep.sys
Image name: intelpep.sys
Browse all global symbols functions data
Timestamp: Wed Oct 08 03:33:44 2014 (5434E8D8)
CheckSum: 00014398
ImageSize: 0000F000
File version: 6.3.9600.17396
Product version: 6.3.9600.17396
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.A Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: intelpep.sys
OriginalFilename: intelpep.sys
ProductVersion: 6.3.9600.17396
FileVersion: 6.3.9600.17396 (winblue_r4.141007-2030)
FileDescription: Intel Power Engine Plugin
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9616000 fffff801`b9644000 cdrom (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\cdrom.sys\5215CFEB2e000\cdrom.sys
Image path: \SystemRoot\System32\drivers\cdrom.sys
Image name: cdrom.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 04:46:35 2013 (5215CFEB)
CheckSum: 00032799
ImageSize: 0002E000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cdrom.sys
OriginalFilename: cdrom.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: SCSI CD-ROM Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9644000 fffff801`b964d000 Null (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Null.SYS\5215F8A89000\Null.SYS
Image path: \SystemRoot\System32\Drivers\Null.SYS
Image name: Null.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:24 2013 (5215F8A8)
CheckSum: 0000EAA8
ImageSize: 00009000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: null.sys
OriginalFilename: null.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: NULL Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b964d000 fffff801`b9655000 Beep (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Beep.SYS\5215F8A88000\Beep.SYS
Image path: \SystemRoot\System32\Drivers\Beep.SYS
Image name: Beep.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:24 2013 (5215F8A8)
CheckSum: 00009735
ImageSize: 00008000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: beep.sys
OriginalFilename: beep.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: BEEP Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9655000 fffff801`b9663000 BasicRender (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\BasicRender.sys\5308948Ae000\BasicRender.sys
Image path: \SystemRoot\System32\drivers\BasicRender.sys
Image name: BasicRender.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:14:02 2014 (5308948A)
CheckSum: 0000EC13
ImageSize: 0000E000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: BasicRender.sys
OriginalFilename: BasicRender.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: Microsoft Basic Render Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9663000 fffff801`b9bd7000 dump_iaStorA (deferred)
Image path: \SystemRoot\System32\Drivers\dump_iaStorA.sys
Image name: dump_iaStorA.sys
Browse all global symbols functions data
Timestamp: Wed Nov 04 05:27:49 2015 (5639DDA5)
CheckSum: 00168F4C
ImageSize: 00574000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`b9c00000 fffff801`b9c0c000 Msfs (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Msfs.SYS\5215F8A8c000\Msfs.SYS
Image path: \SystemRoot\System32\Drivers\Msfs.SYS
Image name: Msfs.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:24 2013 (5215F8A8)
CheckSum: 0000EF55
ImageSize: 0000C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MSFS.SYS
OriginalFilename: MSFS.SYS
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Mailslot driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9c0c000 fffff801`b9c2c000 tdx (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\tdx.sys\561D3B1320000\tdx.sys
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Browse all global symbols functions data
Timestamp: Tue Oct 13 13:10:43 2015 (561D3B13)
CheckSum: 0001F187
ImageSize: 00020000
File version: 6.3.9600.18089
Product version: 6.3.9600.18089
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdx.sys
OriginalFilename: tdx.sys
ProductVersion: 6.3.9600.18089
FileVersion: 6.3.9600.18089 (winblue_ltsb.151013-0600)
FileDescription: TDI Translation Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9c2c000 fffff801`b9c3a000 TDI (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\TDI.SYS\5215F855e000\TDI.SYS
Image path: \SystemRoot\system32\DRIVERS\TDI.SYS
Image name: TDI.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:01 2013 (5215F855)
CheckSum: 0000D2C0
ImageSize: 0000E000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdi.sys
OriginalFilename: tdi.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: TDI Wrapper
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9c46000 fffff801`b9dc5000 dxgkrnl (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\dxgkrnl.sys\57098FF917f000\dxgkrnl.sys
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image name: dxgkrnl.sys
Browse all global symbols functions data
Timestamp: Sat Apr 09 19:27:53 2016 (57098FF9)
CheckSum: 0017DCF0
ImageSize: 0017F000
File version: 6.3.9600.18302
Product version: 6.3.9600.18302
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dxgkrnl.sys
OriginalFilename: dxgkrnl.sys
ProductVersion: 6.3.9600.18302
FileVersion: 6.3.9600.18302 (winblue_ltsb.160409-0600)
FileDescription: DirectX Graphics Kernel
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9dc5000 fffff801`b9dd7000 watchdog (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\watchdog.sys\530894AF12000\watchdog.sys
Image path: \SystemRoot\System32\drivers\watchdog.sys
Image name: watchdog.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:14:39 2014 (530894AF)
CheckSum: 0001346F
ImageSize: 00012000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: watchdog.sys
OriginalFilename: watchdog.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: Watchdog Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9dd7000 fffff801`b9de9000 BasicDisplay (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\BasicDisplay.sys\5215F87312000\BasicDisplay.sys
Image path: \SystemRoot\System32\drivers\BasicDisplay.sys
Image name: BasicDisplay.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:31 2013 (5215F873)
CheckSum: 00016E0C
ImageSize: 00012000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: BasicDisplay.sys
OriginalFilename: BasicDisplay.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Microsoft Basic Display Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9de9000 fffff801`b9dfd000 Npfs (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\Npfs.SYS\5215F8A914000\Npfs.SYS
Image path: \SystemRoot\System32\Drivers\Npfs.SYS
Image name: Npfs.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:25 2013 (5215F8A9)
CheckSum: 000163DC
ImageSize: 00014000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: npfs.sys
OriginalFilename: npfs.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: NPFS Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9e00000 fffff801`b9e1c000 drmk (deferred)
Image path: \SystemRoot\system32\drivers\drmk.sys
Image name: drmk.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:38 2014 (5450554A)
CheckSum: 0001A332
ImageSize: 0001C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`b9e20000 fffff801`b9eb0000 afd (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\afd.sys\561D3B1590000\afd.sys
Image path: \SystemRoot\system32\drivers\afd.sys
Image name: afd.sys
Browse all global symbols functions data
Timestamp: Tue Oct 13 13:10:45 2015 (561D3B15)
CheckSum: 0008EDFC
ImageSize: 00090000
File version: 6.3.9600.18089
Product version: 6.3.9600.18089
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: afd.sys
OriginalFilename: afd.sys
ProductVersion: 6.3.9600.18089
FileVersion: 6.3.9600.18089 (winblue_ltsb.151013-0600)
FileDescription: Ancillary Function Driver for WinSock
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9eb0000 fffff801`b9eda000 pacer (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\pacer.sys\545054CA2a000\pacer.sys
Image path: \SystemRoot\system32\DRIVERS\pacer.sys
Image name: pacer.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:45:30 2014 (545054CA)
CheckSum: 0002E62C
ImageSize: 0002A000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pacer.sys
OriginalFilename: pacer.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: QoS Packet Scheduler
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9eda000 fffff801`b9ee6000 npsvctrig (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\npsvctrig.sys\5215F82Ec000\npsvctrig.sys
Image path: \SystemRoot\System32\drivers\npsvctrig.sys
Image name: npsvctrig.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:22 2013 (5215F82E)
CheckSum: 000117AA
ImageSize: 0000C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: npsvctrig.sys
OriginalFilename: npsvctrig.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Named pipe service triggers
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9ee6000 fffff801`b9ef2000 mssmbios (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mssmbios.sys\5215F87Dc000\mssmbios.sys
Image path: \SystemRoot\System32\drivers\mssmbios.sys
Image name: mssmbios.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:41 2013 (5215F87D)
CheckSum: 00018399
ImageSize: 0000C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: smbios.sys
OriginalFilename: smbios.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: System Management BIOS Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9ef2000 fffff801`b9f18000 dfsc (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\dfsc.sys\53183E6A26000\dfsc.sys
Image path: \SystemRoot\System32\Drivers\dfsc.sys
Image name: dfsc.sys
Browse all global symbols functions data
Timestamp: Thu Mar 06 04:22:50 2014 (53183E6A)
CheckSum: 00029A11
ImageSize: 00026000
File version: 6.3.9600.17041
Product version: 6.3.9600.17041
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dfsclient.sys
OriginalFilename: dfsclient.sys
ProductVersion: 6.3.9600.17041
FileVersion: 6.3.9600.17041 (winblue_gdr.140305-1710)
FileDescription: DFS Namespace Client Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f18000 fffff801`b9f23000 NdisVirtualBus (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\NdisVirtualBus.sys\5215F7B9b000\NdisVirtualBus.sys
Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys
Image name: NdisVirtualBus.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:36:25 2013 (5215F7B9)
CheckSum: 0000E724
ImageSize: 0000B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NdisVirtualBus.sys
OriginalFilename: NdisVirtualBus.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Microsoft Virtual Network Adapter Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f28000 fffff801`b9f3f000 ahcache (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ahcache.sys\548A3C0817000\ahcache.sys
Image path: \SystemRoot\system32\DRIVERS\ahcache.sys
Image name: ahcache.sys
Browse all global symbols functions data
Timestamp: Thu Dec 11 19:51:20 2014 (548A3C08)
CheckSum: 00021131
ImageSize: 00017000
File version: 6.3.9600.17555
Product version: 6.3.9600.17555
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ahcache.sys
OriginalFilename: ahcache.sys
ProductVersion: 6.3.9600.17555
FileVersion: 6.3.9600.17555 (winblue_r6.141211-1500)
FileDescription: Application Compatibility Cache
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f3f000 fffff801`b9f4e000 CompositeBus (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\CompositeBus.sys\5215F848f000\CompositeBus.sys
Image path: \SystemRoot\System32\drivers\CompositeBus.sys
Image name: CompositeBus.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:48 2013 (5215F848)
CheckSum: 00009752
ImageSize: 0000F000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: compositebus.sys
OriginalFilename: compositebus.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Multi-Transport Composite Bus Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f4e000 fffff801`b9f5f000 umbus (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\umbus.sys\5215F85311000\umbus.sys
Image path: \SystemRoot\System32\drivers\umbus.sys
Image name: umbus.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:59 2013 (5215F853)
CheckSum: 0000FBC2
ImageSize: 00011000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: umbus.sys
OriginalFilename: umbus.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: User-Mode Bus Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f5f000 fffff801`b9f7d000 intelppm (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\intelppm.sys\5215CFEB1e000\intelppm.sys
Image path: \SystemRoot\System32\drivers\intelppm.sys
Image name: intelppm.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 04:46:35 2013 (5215CFEB)
CheckSum: 00026EA5
ImageSize: 0001E000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: intelppm.sys
OriginalFilename: intelppm.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Processor Device Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f7d000 fffff801`b9f87000 acpipagr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\acpipagr.sys\5215F848a000\acpipagr.sys
Image path: \SystemRoot\System32\drivers\acpipagr.sys
Image name: acpipagr.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:48 2013 (5215F848)
CheckSum: 000127F2
ImageSize: 0000A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: acpipagr.sys
OriginalFilename: acpipagr.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: ACPI Processor Aggregator Device Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f87000 fffff801`b9f92000 UEFI (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\UEFI.sys\5215F893b000\UEFI.sys
Image path: \SystemRoot\System32\drivers\UEFI.sys
Image name: UEFI.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:03 2013 (5215F893)
CheckSum: 0000F92C
ImageSize: 0000B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: UEFI.sys
OriginalFilename: UEFI.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: UEFI Driver for NT
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9f92000 fffff801`b9f9f000 nvvad64v (deferred)
Image path: \SystemRoot\system32\drivers\nvvad64v.sys
Image name: nvvad64v.sys
Browse all global symbols functions data
Timestamp: Tue Apr 12 04:46:52 2016 (570CB5FC)
CheckSum: 0001329B
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`b9f9f000 fffff801`b9fe6000 portcls (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\portcls.sys\5450550B47000\portcls.sys
Image path: \SystemRoot\system32\drivers\portcls.sys
Image name: portcls.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:46:35 2014 (5450550B)
CheckSum: 0004749E
ImageSize: 00047000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.9 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: portcls.sys
OriginalFilename: portcls.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Port Class (Class Driver for Port/Miniport Devices)
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`b9fe6000 fffff801`b9ff1000 rdpbus (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\rdpbus.sys\5215F84Cb000\rdpbus.sys
Image path: \SystemRoot\System32\drivers\rdpbus.sys
Image name: rdpbus.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:52 2013 (5215F84C)
CheckSum: 00010298
ImageSize: 0000B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: RDPBUS.SYS
OriginalFilename: RDPBUS.SYS
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Microsoft RDP Bus Device driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba000000 fffff801`ba070000 rdbss (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\rdbss.sys\52AFFB7270000\rdbss.sys
Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
Image name: rdbss.sys
Browse all global symbols functions data
Timestamp: Tue Dec 17 02:21:22 2013 (52AFFB72)
CheckSum: 0006BFA7
ImageSize: 00070000
File version: 6.3.9600.16493
Product version: 6.3.9600.16493
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rdbss.sys
OriginalFilename: RDBSS.Sys
ProductVersion: 6.3.9600.16493
FileVersion: 6.3.9600.16493 (winblue_gdr.131216-1506)
FileDescription: Redirected Drive Buffering SubSystem Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba070000 fffff801`ba3d6000 bwcW8x64 (deferred)
Image path: \SystemRoot\system32\DRIVERS\bwcW8x64.sys
Image name: bwcW8x64.sys
Browse all global symbols functions data
Timestamp: Fri Jan 22 17:07:20 2016 (56A2A818)
CheckSum: 000260AE
ImageSize: 00366000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`ba3d6000 fffff801`ba3e7000 netbios (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\netbios.sys\5450553B11000\netbios.sys
Image path: \SystemRoot\system32\DRIVERS\netbios.sys
Image name: netbios.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:23 2014 (5450553B)
CheckSum: 0000E593
ImageSize: 00011000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NETBIOS.SYS
OriginalFilename: NETBIOS.SYS
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: NetBIOS interface driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba3e7000 fffff801`ba3f5000 nsiproxy (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\nsiproxy.sys\545054EBe000\nsiproxy.sys
Image path: \SystemRoot\system32\drivers\nsiproxy.sys
Image name: nsiproxy.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:46:03 2014 (545054EB)
CheckSum: 000147DD
ImageSize: 0000E000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: nsiproxy.sys
OriginalFilename: nsiproxy.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: NSI Proxy
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba3f5000 fffff801`ba400000 kdnic (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\kdnic.sys\5215F832b000\kdnic.sys
Image path: \SystemRoot\system32\DRIVERS\kdnic.sys
Image name: kdnic.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:26 2013 (5215F832)
CheckSum: 00009E90
ImageSize: 0000B000
File version: 6.1.0.0
Product version: 6.1.0.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Kernel Debugger Network Adapter (NDIS 6.20 Miniport)
InternalName: kdnic.sys
OriginalFilename: kdnic.sys
ProductVersion: 6.01.00.0000
FileVersion: 6.01.00.0000 (winblue_rtm.130821-1623)
FileDescription: Microsoft Kernel Debugger Network Miniport
LegalCopyright: Copyright (C) Microsoft Corporation. All rights reserved.
fffff801`ba400000 fffff801`ba446000 iaLPSS2_UART2 (deferred)
Image path: \SystemRoot\system32\DRIVERS\iaLPSS2_UART2.sys
Image name: iaLPSS2_UART2.sys
Browse all global symbols functions data
Timestamp: Mon May 04 08:41:32 2015 (554768FC)
CheckSum: 0005111B
ImageSize: 00046000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`ba446000 fffff801`ba46e000 SerCx2 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\SerCx2.sys\526AD46C28000\SerCx2.sys
Image path: \SystemRoot\system32\drivers\SerCx2.sys
Image name: SerCx2.sys
Browse all global symbols functions data
Timestamp: Fri Oct 25 16:28:28 2013 (526AD46C)
CheckSum: 000286E7
ImageSize: 00028000
File version: 6.3.9600.16444
Product version: 6.3.9600.16444
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SerCx2.sys
OriginalFilename: SerCx2.sys
ProductVersion: 6.3.9600.16444
FileVersion: 6.3.9600.16444 (winblue_gdr.131024-2344)
FileDescription: Serial Class Extension V2
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba46e000 fffff801`ba48a000 parport (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\parport.sys\5215F8921c000\parport.sys
Image path: \SystemRoot\System32\drivers\parport.sys
Image name: parport.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:02 2013 (5215F892)
CheckSum: 0001FF8E
ImageSize: 0001C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: parport.sys
OriginalFilename: parport.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Parallel Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba48a000 fffff801`ba4a4000 serial (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\serial.sys\5215F8981a000\serial.sys
Image path: \SystemRoot\System32\drivers\serial.sys
Image name: serial.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:08 2013 (5215F898)
CheckSum: 00021394
ImageSize: 0001A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: serial.sys
OriginalFilename: serial.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Serial Device Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba4a4000 fffff801`ba4b1000 serenum (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\serenum.sys\5215F8A1d000\serenum.sys
Image path: \SystemRoot\System32\drivers\serenum.sys
Image name: serenum.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:17 2013 (5215F8A1)
CheckSum: 0000F7B3
ImageSize: 0000D000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: serenum.sys
OriginalFilename: serenum.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Serial Port Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba4b1000 fffff801`ba4c8000 iaLPSS2_GPIO2 (deferred)
Image path: \SystemRoot\system32\DRIVERS\iaLPSS2_GPIO2.sys
Image name: iaLPSS2_GPIO2.sys
Browse all global symbols functions data
Timestamp: Mon May 04 08:41:36 2015 (55476900)
CheckSum: 0001EBF1
ImageSize: 00017000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`ba4c8000 fffff801`ba4ef000 msgpioclx (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\msgpioclx.sys\53ED373127000\msgpioclx.sys
Image path: \SystemRoot\System32\Drivers\msgpioclx.sys
Image name: msgpioclx.sys
Browse all global symbols functions data
Timestamp: Thu Aug 14 18:24:49 2014 (53ED3731)
CheckSum: 00025A53
ImageSize: 00027000
File version: 6.3.9600.17253
Product version: 6.3.9600.17253
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: msgpioclx.sys
OriginalFilename: msgpioclx.sys
ProductVersion: 6.3.9600.17253
FileVersion: 6.3.9600.17253 (winblue_gdr.140814-1502)
FileDescription: GPIO Class Extension Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba4ef000 fffff801`ba4f0600 swenum (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\swenum.sys\5450554D1600\swenum.sys
Image path: \SystemRoot\System32\drivers\swenum.sys
Image name: swenum.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:41 2014 (5450554D)
CheckSum: 00004B12
ImageSize: 00001600
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: swenum.sys
OriginalFilename: swenum.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Plug and Play Software Device Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`ba4f3000 fffff801`bb23b000 nvlddmkm (deferred)
Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Image name: nvlddmkm.sys
Browse all global symbols functions data
Timestamp: Sun Jul 10 18:14:18 2016 (5782C8BA)
CheckSum: 00CF4FE8
ImageSize: 00D48000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb23b000 fffff801`bb254000 HDAudBus (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\HDAudBus.sys\53D0F1E319000\HDAudBus.sys
Image path: \SystemRoot\System32\drivers\HDAudBus.sys
Image name: HDAudBus.sys
Browse all global symbols functions data
Timestamp: Thu Jul 24 07:45:39 2014 (53D0F1E3)
CheckSum: 0001AA15
ImageSize: 00019000
File version: 6.3.9600.17238
Product version: 6.3.9600.17238
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.9 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hdaudbus.sys
OriginalFilename: hdaudbus.sys
ProductVersion: 6.3.9600.17238
FileVersion: 6.3.9600.17238 (winblue_gdr.140723-2018)
FileDescription: High Definition Audio Bus Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb254000 fffff801`bb260000 iusb3adp (deferred)
Image path: \SystemRoot\System32\drivers\iusb3adp.sys
Image name: iusb3adp.sys
Browse all global symbols functions data
Timestamp: Wed Jul 15 10:49:44 2015 (55A67308)
CheckSum: 0000A895
ImageSize: 0000C000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb260000 fffff801`bb2b5000 USBXHCI (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\USBXHCI.SYS\5433738855000\USBXHCI.SYS
Image path: \SystemRoot\System32\drivers\USBXHCI.SYS
Image name: USBXHCI.SYS
Browse all global symbols functions data
Timestamp: Tue Oct 07 01:00:56 2014 (54337388)
CheckSum: 0005D281
ImageSize: 00055000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbxhci.sys
OriginalFilename: usbxhci.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: USB XHCI Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb2b5000 fffff801`bb2e7000 ucx01000 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ucx01000.sys\5433738732000\ucx01000.sys
Image path: \SystemRoot\System32\drivers\ucx01000.sys
Image name: ucx01000.sys
Browse all global symbols functions data
Timestamp: Tue Oct 07 01:00:55 2014 (54337387)
CheckSum: 0003701C
ImageSize: 00032000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ucx01000.sys
OriginalFilename: ucx01000.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: USB Controller Extension
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb2e7000 fffff801`bb316000 iaLPSS2_I2C (deferred)
Image path: \SystemRoot\system32\DRIVERS\iaLPSS2_I2C.sys
Image name: iaLPSS2_I2C.sys
Browse all global symbols functions data
Timestamp: Mon May 04 08:41:19 2015 (554768EF)
CheckSum: 0002F2DA
ImageSize: 0002F000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb316000 fffff801`bb32b000 SpbCx (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\SpbCx.sys\5215F81815000\SpbCx.sys
Image path: \SystemRoot\system32\drivers\SpbCx.sys
Image name: SpbCx.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:00 2013 (5215F818)
CheckSum: 000127AD
ImageSize: 00015000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SPBCx.sys
OriginalFilename: SPBCx.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: SPB Class Extension
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb32b000 fffff801`bb35b000 TeeDriverW8x64 (deferred)
Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
Image name: TeeDriverW8x64.sys
Browse all global symbols functions data
Timestamp: Mon Mar 28 14:59:41 2016 (56F97F1D)
CheckSum: 000327C3
ImageSize: 00030000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb35b000 fffff801`bb3c9000 asmtxhci (deferred)
Image path: \SystemRoot\System32\drivers\asmtxhci.sys
Image name: asmtxhci.sys
Browse all global symbols functions data
Timestamp: Thu Feb 04 02:04:13 2016 (56B2F7ED)
CheckSum: 00072AAC
ImageSize: 0006E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb3c9000 fffff801`bb3f0000 e24w8x64 (deferred)
Image path: \SystemRoot\system32\DRIVERS\e24w8x64.sys
Image name: e24w8x64.sys
Browse all global symbols functions data
Timestamp: Sat Aug 29 22:41:21 2015 (55E26D51)
CheckSum: 0002E647
ImageSize: 00027000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb3f0000 fffff801`bb3fa000 wmiacpi (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\wmiacpi.sys\5215F894a000\wmiacpi.sys
Image path: \SystemRoot\System32\drivers\wmiacpi.sys
Image name: wmiacpi.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:04 2013 (5215F894)
CheckSum: 000113E8
ImageSize: 0000A000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wmiacpi.sys
OriginalFilename: wmiacpi.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Windows Management Interface for ACPI
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb3fa000 fffff801`bb3ff300 ksthunk (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\ksthunk.sys\5215F8735300\ksthunk.sys
Image path: \SystemRoot\system32\drivers\ksthunk.sys
Image name: ksthunk.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:39:31 2013 (5215F873)
CheckSum: 0000B8D5
ImageSize: 00005300
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksthunk.sys
OriginalFilename: ksthunk.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Kernel Streaming WOW Thunk Service
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb439000 fffff801`bb4b1000 UsbHub3 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\UsbHub3.sys\5434E8A278000\UsbHub3.sys
Image path: \SystemRoot\System32\drivers\UsbHub3.sys
Image name: UsbHub3.sys
Browse all global symbols functions data
Timestamp: Wed Oct 08 03:32:50 2014 (5434E8A2)
CheckSum: 00075E4E
ImageSize: 00078000
File version: 6.3.9600.17396
Product version: 6.3.9600.17396
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbhub3.sys
OriginalFilename: usbhub3.sys
ProductVersion: 6.3.9600.17396
FileVersion: 6.3.9600.17396 (winblue_r4.141007-2030)
FileDescription: USB3 HUB Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb4b1000 fffff801`bb4bd000 USBD (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\USBD.SYS\53897735c000\USBD.SYS
Image path: \SystemRoot\System32\drivers\USBD.SYS
Image name: USBD.SYS
Browse all global symbols functions data
Timestamp: Sat May 31 02:31:17 2014 (53897735)
CheckSum: 000114BE
ImageSize: 0000C000
File version: 6.3.9600.17195
Product version: 6.3.9600.17195
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbd.sys
OriginalFilename: usbd.sys
ProductVersion: 6.3.9600.17195
FileVersion: 6.3.9600.17195 (winblue_gdr.140530-1506)
FileDescription: Universal Serial Bus Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb4bd000 fffff801`bb4ca000 nvvadarm (deferred)
Image path: \SystemRoot\system32\drivers\nvvadarm.sys
Image name: nvvadarm.sys
Browse all global symbols functions data
Timestamp: Sun Jul 10 18:24:49 2016 (5782CB31)
CheckSum: 0000BEED
ImageSize: 0000D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bb4ca000 fffff801`bb4d8000 monitor (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\monitor.sys\5215F7C5e000\monitor.sys
Image path: \SystemRoot\System32\drivers\monitor.sys
Image name: monitor.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:36:37 2013 (5215F7C5)
CheckSum: 00015E6D
ImageSize: 0000E000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: monitor.sys
OriginalFilename: monitor.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Monitor Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb4d8000 fffff801`bb4fc000 luafv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\luafv.sys\530894A124000\luafv.sys
Image path: \SystemRoot\system32\drivers\luafv.sys
Image name: luafv.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:14:25 2014 (530894A1)
CheckSum: 000203F8
ImageSize: 00024000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: luafv.sys
OriginalFilename: luafv.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: LUA File Virtualization Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb4fc000 fffff801`bb510000 lltdio (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\lltdio.sys\5215F7B214000\lltdio.sys
Image path: \SystemRoot\system32\DRIVERS\lltdio.sys
Image name: lltdio.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:36:18 2013 (5215F7B2)
CheckSum: 00010A57
ImageSize: 00014000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: LLTDIO.SYS
OriginalFilename: LLTDIO.SYS
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Link-Layer Topology Mapper I/O Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb510000 fffff801`bb528000 rspndr (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\rspndr.sys\5215F7C218000\rspndr.sys
Image path: \SystemRoot\system32\DRIVERS\rspndr.sys
Image name: rspndr.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:36:34 2013 (5215F7C2)
CheckSum: 0001E4AC
ImageSize: 00018000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: RSPNDR.SYS
OriginalFilename: RSPNDR.SYS
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Link-Layer Topology Responder Driver for NDIS 6
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb528000 fffff801`bb574000 mrxsmb10 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mrxsmb10.sys\570553194c000\mrxsmb10.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Image name: mrxsmb10.sys
Browse all global symbols functions data
Timestamp: Wed Apr 06 14:19:05 2016 (57055319)
CheckSum: 00052B56
ImageSize: 0004C000
File version: 6.3.9600.18298
Product version: 6.3.9600.18298
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb0.sys
OriginalFilename: MRXSMB0.Sys
ProductVersion: 6.3.9600.18298
FileVersion: 6.3.9600.18298 (winblue_ltsb.160406-0607)
FileDescription: Longhorn SMB Downlevel SubRdr
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb600000 fffff801`bb61b000 cdfs (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\cdfs.sys\5215F89F1b000\cdfs.sys
Image path: \SystemRoot\system32\DRIVERS\cdfs.sys
Image name: cdfs.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:15 2013 (5215F89F)
CheckSum: 00017F3A
ImageSize: 0001B000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cdfs.sys
OriginalFilename: cdfs.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: CD-ROM File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb61b000 fffff801`bb627000 dump_diskdump (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\diskdump.sys\5215F8A2c000\diskdump.sys
Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys
Image name: dump_diskdump.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:18 2013 (5215F8A2)
CheckSum: 00014133
ImageSize: 0000C000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: diskdump.sys
OriginalFilename: diskdump.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Crash Dump Disk Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bb62b000 fffff801`bbb28000 RTKVHD64 (deferred)
Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
Image name: RTKVHD64.sys
Browse all global symbols functions data
Timestamp: Tue Apr 26 07:58:01 2016 (571F57C9)
CheckSum: 004D28BB
ImageSize: 004FD000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bbb28000 fffff801`bbb36000 hidusb (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\hidusb.sys\53183EBEe000\hidusb.sys
Image path: \SystemRoot\System32\drivers\hidusb.sys
Image name: hidusb.sys
Browse all global symbols functions data
Timestamp: Thu Mar 06 04:24:14 2014 (53183EBE)
CheckSum: 0000F649
ImageSize: 0000E000
File version: 6.3.9600.17041
Product version: 6.3.9600.17041
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: HIDUSB.SYS
OriginalFilename: HIDUSB.SYS
ProductVersion: 6.3.9600.17041
FileVersion: 6.3.9600.17041 (winblue_gdr.140305-1710)
FileDescription: USB Miniport Driver for Input Devices
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbb36000 fffff801`bbb55000 HIDCLASS (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\HIDCLASS.SYS\53183ED81f000\HIDCLASS.SYS
Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS
Image name: HIDCLASS.SYS
Browse all global symbols functions data
Timestamp: Thu Mar 06 04:24:40 2014 (53183ED8)
CheckSum: 0001F7E0
ImageSize: 0001F000
File version: 6.3.9600.17041
Product version: 6.3.9600.17041
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hidclass.sys
OriginalFilename: hidclass.sys
ProductVersion: 6.3.9600.17041
FileVersion: 6.3.9600.17041 (winblue_gdr.140305-1710)
FileDescription: Hid Class Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbb55000 fffff801`bbb5cf00 HIDPARSE (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\HIDPARSE.SYS\5215F8AA7f00\HIDPARSE.SYS
Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS
Image name: HIDPARSE.SYS
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:26 2013 (5215F8AA)
CheckSum: 00008A01
ImageSize: 00007F00
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hidparse.sys
OriginalFilename: hidparse.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Hid Parsing Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbb5d000 fffff801`bbb83000 asmthub3 (deferred)
Image path: \SystemRoot\System32\drivers\asmthub3.sys
Image name: asmthub3.sys
Browse all global symbols functions data
Timestamp: Thu Feb 04 02:04:17 2016 (56B2F7F1)
CheckSum: 0003051F
ImageSize: 00026000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bbb83000 fffff801`bbb90000 mouhid (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mouhid.sys\54335E27d000\mouhid.sys
Image path: \SystemRoot\System32\drivers\mouhid.sys
Image name: mouhid.sys
Browse all global symbols functions data
Timestamp: Mon Oct 06 23:29:43 2014 (54335E27)
CheckSum: 0000CB5E
ImageSize: 0000D000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mouhid.sys
OriginalFilename: mouhid.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: HID Mouse Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbb90000 fffff801`bbba0000 mouclass (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mouclass.sys\54335E2710000\mouclass.sys
Image path: \SystemRoot\System32\drivers\mouclass.sys
Image name: mouclass.sys
Browse all global symbols functions data
Timestamp: Mon Oct 06 23:29:43 2014 (54335E27)
CheckSum: 0000CAC2
ImageSize: 00010000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mouclass.sys
OriginalFilename: mouclass.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: Mouse Class Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbba0000 fffff801`bbbc7000 usbccgp (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\usbccgp.sys\53D0F1B327000\usbccgp.sys
Image path: \SystemRoot\System32\drivers\usbccgp.sys
Image name: usbccgp.sys
Browse all global symbols functions data
Timestamp: Thu Jul 24 07:44:51 2014 (53D0F1B3)
CheckSum: 00032E6F
ImageSize: 00027000
File version: 6.3.9600.17238
Product version: 6.3.9600.17238
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: USBCCGP.SYS
OriginalFilename: USBCCGP.SYS
ProductVersion: 6.3.9600.17238
FileVersion: 6.3.9600.17238 (winblue_gdr.140723-2018)
FileDescription: USB Common Class Generic Parent Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbbc7000 fffff801`bbbd5000 kbdhid (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\kbdhid.sys\54335E27e000\kbdhid.sys
Image path: \SystemRoot\System32\drivers\kbdhid.sys
Image name: kbdhid.sys
Browse all global symbols functions data
Timestamp: Mon Oct 06 23:29:43 2014 (54335E27)
CheckSum: 00007FFE
ImageSize: 0000E000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: kbdhid.sys
OriginalFilename: kbdhid.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: HID Keyboard Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbbd5000 fffff801`bbbe7000 kbdclass (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\kbdclass.sys\54335E2E12000\kbdclass.sys
Image path: \SystemRoot\System32\drivers\kbdclass.sys
Image name: kbdclass.sys
Browse all global symbols functions data
Timestamp: Mon Oct 06 23:29:50 2014 (54335E2E)
CheckSum: 00014137
ImageSize: 00012000
File version: 6.3.9600.17393
Product version: 6.3.9600.17393
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: kbdclass.sys
OriginalFilename: kbdclass.sys
ProductVersion: 6.3.9600.17393
FileVersion: 6.3.9600.17393 (winblue_r4.141006-1627)
FileDescription: Keyboard Class Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbbe7000 fffff801`bbbfd000 dump_dumpfve (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\dumpfve.sys\530894B816000\dumpfve.sys
Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Image name: dump_dumpfve.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:14:48 2014 (530894B8)
CheckSum: 0001E997
ImageSize: 00016000
File version: 6.3.9600.17031
Product version: 6.3.9600.17031
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dumpfve.sys
OriginalFilename: dumpfve.sys
ProductVersion: 6.3.9600.17031
FileVersion: 6.3.9600.17031 (winblue_gdr.140221-1952)
FileDescription: Bitlocker Drive Encryption Crashdump Filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbe00000 fffff801`bbe6c000 mrxsmb (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mrxsmb.sys\570553346c000\mrxsmb.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
Image name: mrxsmb.sys
Browse all global symbols functions data
Timestamp: Wed Apr 06 14:19:32 2016 (57055334)
CheckSum: 00066D05
ImageSize: 0006C000
File version: 6.3.9600.18298
Product version: 6.3.9600.18298
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb.sys
OriginalFilename: MRXSMB.Sys
ProductVersion: 6.3.9600.18298
FileVersion: 6.3.9600.18298 (winblue_ltsb.160406-0607)
FileDescription: Windows NT SMB Minirdr
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbe97000 fffff801`bbf91000 HTTP (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\HTTP.sys\54EBC87Cfa000\HTTP.sys
Image path: \SystemRoot\system32\drivers\HTTP.sys
Image name: HTTP.sys
Browse all global symbols functions data
Timestamp: Mon Feb 23 19:40:28 2015 (54EBC87C)
CheckSum: 000F4A1D
ImageSize: 000FA000
File version: 6.3.9600.17712
Product version: 6.3.9600.17712
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: http.sys
OriginalFilename: http.sys
ProductVersion: 6.3.9600.17712
FileVersion: 6.3.9600.17712 (winblue_r9.150223-1621)
FileDescription: HTTP Protocol Stack
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbf91000 fffff801`bbfb1000 bowser (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\bowser.sys\5215F83E20000\bowser.sys
Image path: \SystemRoot\system32\DRIVERS\bowser.sys
Image name: bowser.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:38:38 2013 (5215F83E)
CheckSum: 0001A48D
ImageSize: 00020000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: browser.sys
OriginalFilename: browser.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: NT Lan Manager Datagram Receiver Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbfb1000 fffff801`bbfc8000 mpsdrv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mpsdrv.sys\545054CB17000\mpsdrv.sys
Image path: \SystemRoot\System32\drivers\mpsdrv.sys
Image name: mpsdrv.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:45:31 2014 (545054CB)
CheckSum: 00013A09
ImageSize: 00017000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mpsdrv.sys
OriginalFilename: mpsdrv.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Microsoft Protection Service Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bbfc8000 fffff801`bbfff000 mrxsmb20 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\mrxsmb20.sys\5705537037000\mrxsmb20.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Image name: mrxsmb20.sys
Browse all global symbols functions data
Timestamp: Wed Apr 06 14:20:32 2016 (57055370)
CheckSum: 00038181
ImageSize: 00037000
File version: 6.3.9600.18298
Product version: 6.3.9600.18298
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb20.sys
OriginalFilename: MRXSMB20.Sys
ProductVersion: 6.3.9600.18298
FileVersion: 6.3.9600.18298 (winblue_ltsb.160406-0607)
FileDescription: Longhorn SMB 2.0 Redirector
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc019000 fffff801`bc0c2000 peauth (deferred)
Image path: \SystemRoot\system32\drivers\peauth.sys
Image name: peauth.sys
Browse all global symbols functions data
Timestamp: Sat Feb 22 07:09:37 2014 (53089381)
CheckSum: 000AAFD6
ImageSize: 000A9000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff801`bc0c2000 fffff801`bc105000 srvnet (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\srvnet.sys\57365E0F43000\srvnet.sys
Image path: \SystemRoot\System32\DRIVERS\srvnet.sys
Image name: srvnet.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:06:55 2016 (57365E0F)
CheckSum: 00046C7C
ImageSize: 00043000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRVNET.SYS
OriginalFilename: SRVNET.SYS
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: Server Network driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc105000 fffff801`bc117000 tcpipreg (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\tcpipreg.sys\53183DBF12000\tcpipreg.sys
Image path: \SystemRoot\System32\drivers\tcpipreg.sys
Image name: tcpipreg.sys
Browse all global symbols functions data
Timestamp: Thu Mar 06 04:19:59 2014 (53183DBF)
CheckSum: 00018079
ImageSize: 00012000
File version: 6.3.9600.17041
Product version: 6.3.9600.17041
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tcpipreg.sys
OriginalFilename: tcpipreg.sys
ProductVersion: 6.3.9600.17041
FileVersion: 6.3.9600.17041 (winblue_gdr.140305-1710)
FileDescription: TCP/IP Registry Compatibility Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc117000 fffff801`bc136000 WdNisDrv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\WdNisDrv.sys\55933D961f000\WdNisDrv.sys
Image path: \SystemRoot\system32\Drivers\WdNisDrv.sys
Image name: WdNisDrv.sys
Browse all global symbols functions data
Timestamp: Tue Jun 30 21:08:38 2015 (55933D96)
CheckSum: 000249A1
ImageSize: 0001F000
File version: 4.8.207.0
Product version: 4.8.207.0
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Malware Protection
InternalName: NisDrvWFP.sys
OriginalFilename: NisDrvWFP.sys
ProductVersion: 4.8.0207.0
FileVersion: 4.8.0207.0
FileDescription: Microsoft Network Realtime Inspection Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc136000 fffff801`bc1e2000 srv2 (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\srv2.sys\57365E4Bac000\srv2.sys
Image path: \SystemRoot\System32\DRIVERS\srv2.sys
Image name: srv2.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:07:55 2016 (57365E4B)
CheckSum: 000AE799
ImageSize: 000AC000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRV2.SYS
OriginalFilename: SRV2.SYS
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: Smb 2.0 Server driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc266000 fffff801`bc2f4000 srv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\srv.sys\57365E298e000\srv.sys
Image path: \SystemRoot\System32\DRIVERS\srv.sys
Image name: srv.sys
Browse all global symbols functions data
Timestamp: Fri May 13 19:07:21 2016 (57365E29)
CheckSum: 0006BDA8
ImageSize: 0008E000
File version: 6.3.9600.18340
Product version: 6.3.9600.18340
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRV.SYS
OriginalFilename: SRV.SYS
ProductVersion: 6.3.9600.18340
FileVersion: 6.3.9600.18340 (winblue_ltsb.160513-1153)
FileDescription: Server driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc2f4000 fffff801`bc321000 tunnel (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\tunnel.sys\5215F7912d000\tunnel.sys
Image path: \SystemRoot\system32\DRIVERS\tunnel.sys
Image name: tunnel.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:35:45 2013 (5215F791)
CheckSum: 0002B6E4
ImageSize: 0002D000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tunnel.sys
OriginalFilename: tunnel.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Microsoft Tunnel Interface Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc321000 fffff801`bc331000 condrv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\condrv.sys\5215F8A110000\condrv.sys
Image path: \SystemRoot\System32\drivers\condrv.sys
Image name: condrv.sys
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:17 2013 (5215F8A1)
CheckSum: 000124B2
ImageSize: 00010000
File version: 6.3.9600.16384
Product version: 6.3.9600.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: condrv.sys
OriginalFilename: condrv.sys
ProductVersion: 6.3.9600.16384
FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
FileDescription: Console Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc33b000 fffff801`bc34b000 qwavedrv (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\qwavedrv.sys\5450554C10000\qwavedrv.sys
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image name: qwavedrv.sys
Browse all global symbols functions data
Timestamp: Tue Oct 28 22:47:40 2014 (5450554C)
CheckSum: 00014C2D
ImageSize: 00010000
File version: 6.3.9600.17415
Product version: 6.3.9600.17415
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: qwavedrv.sys
OriginalFilename: qwavedrv.sys
ProductVersion: 6.3.9600.17415
FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
FileDescription: Microsoft Quality Windows Audio Video Experience (qWave) Support Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff801`bc357000 fffff801`bc361000 NvStreamKms (deferred)
Image path: \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
Image name: NvStreamKms.sys
Browse all global symbols functions data
Timestamp: Fri Jun 03 07:28:21 2016 (575169D5)
CheckSum: 000134F5
ImageSize: 0000A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff802`2c0ef000 fffff802`2c0f8000 kd (deferred)
Image path: \SystemRoot\system32\kd.dll
Image name: kd.dll
Browse all global symbols functions data
Timestamp: Thu Aug 22 07:40:43 2013 (5215F8BB)
CheckSum: 000068C8
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff802`2cc0c000 fffff802`2cc7c000 hal (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\hal.dll\538BADE870000\hal.dll
Image path: hal.dll
Image name: hal.dll
Browse all global symbols functions data
Timestamp: Sun Jun 01 18:49:12 2014 (538BADE8)
CheckSum: 0006C82F
ImageSize: 00070000
File version: 6.3.9600.17196
Product version: 6.3.9600.17196
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: hal.dll
OriginalFilename: hal.dll
ProductVersion: 6.3.9600.17196
FileVersion: 6.3.9600.17196 (winblue_gdr.140601-1505)
FileDescription: Hardware Abstraction Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff802`2cc7c000 fffff802`2d408000 nt (pdb symbols) C:\ProgramData\dbg\sym\ntkrnlmp.pdb\C11BF5BB511C4BADAE1354E9C0DFF96B1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Mapped memory image file: C:\ProgramData\dbg\sym\ntoskrnl.exe\575C323778c000\ntoskrnl.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Sat Jun 11 11:45:59 2016 (575C3237)
CheckSum: 0071B633
ImageSize: 0078C000
File version: 6.3.9600.18378
Product version: 6.3.9600.18378
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntkrnlmp.exe
OriginalFilename: ntkrnlmp.exe
ProductVersion: 6.3.9600.18378
FileVersion: 6.3.9600.18378 (winblue_ltsb.160611-0600)
FileDescription: NT Kernel & System
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff960`000b6000 fffff960`004ca000 win32k (deferred)
Mapped memory image file: C:\ProgramData\dbg\sym\win32k.sys\575B3289414000\win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Browse all global symbols functions data
Timestamp: Fri Jun 10 17:35:05 2016 (575B3289)
CheckSum: 0040541E
ImageSize: 00414000
File version: 6.3.9600.18377
Product version: 6.3.9600.18377
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.3.9600.18377
FileVersion: 6.3.9600.18377 (winblue_ltsb.160610-0600)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff960`007ea000 fffff960`007f3000 TSDDD (deferred)
Image path: \SystemRoot\System32\TSDDD.dll
Image name: TSDDD.dll
Browse all global symbols functions data
Timestamp: unavailable (00000000)
CheckSum: 00000000
ImageSize: 00009000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff960`00923000 fffff960`0095d000 cdd (deferred)
Image path: \SystemRoot\System32\cdd.dll
Image name: cdd.dll
Browse all global symbols functions data
Timestamp: unavailable (00000000)
CheckSum: 00000000
ImageSize: 0003A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff960`00b3b000 fffff960`00b9b000 ATMFD (deferred)
Image path: \SystemRoot\System32\ATMFD.DLL
Image name: ATMFD.DLL
Browse all global symbols functions data
Timestamp: Fri May 13 19:09:07 2016 (57365E93)
CheckSum: 0006506B
ImageSize: 00060000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Unloaded modules:
fffff801`bc34b000 fffff801`bc357000 hiber_storpo
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff801`bdc18000 fffff801`be18c000 hiber_iaStor
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00574000
fffff801`be18c000 fffff801`be1a2000 hiber_dumpfv
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00016000
fffff801`bc331000 fffff801`bc33b000 NvStreamKms.
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000A000
fffff801`b8fee000 fffff801`b8ffa000 dump_storpor
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff801`b9687000 fffff801`b9bfb000 dump_iaStorA
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00574000
fffff801`b9600000 fffff801`b9616000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00016000
fffff801`b9f18000 fffff801`b9f28000 dam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00010000
fffff801`b8188000 fffff801`b8196000 WdBoot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff801`b8c8f000 fffff801`b8c9b000 hwpolicy.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
 


Last edited by a moderator:

kemical

Windows Forum Admin
Staff member
Premium Supporter
#3
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41201, fffff68000187cb8, 286040021a84c867, ffffe000e4fb39a0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+16f8c )

Followup: MachineOwner
Hi,
bugcheck 1A means an severe memory management issue occured. This is often indicative of faulty RAM. Even brand new RAM can be faulty and you need to run Memtest86 to test.
Windows does have a memory testing app but it can miss errors and the best app for the job is Memtest86.
If you open the link below you'll see you can run Memtest86 in two ways. You can either burn it to disk or install it onto a USB drive it's entirely up to you. You'll then need to enter the bios to change the boot order so you can boot from either the Disk or USB stick you have Memtest86 on.
You must test for at least 12 hours unless it becomes obvious there is a problem straight away.
Memtest86+ - Advanced Memory Diagnostic Tool

I also checked the bios and it is a little old:
BiosVersion = A.10
BiosReleaseDate = 09/06/2015
SystemManufacturer = MSI
SystemProductName = MS-7978
BaseBoardManufacturer = MSI
BaseBoardProduct = Z170A GAMING M3 (MS-7978)

I think the above version number is actually A.1 and the latest bios stands at A.6. There have been a number of updates for compatibility (memory). If your unsure of the process then get a local pc store to do it for you:
Support For Z170A GAMING M3 | MSI Global | Motherboard - The world leader in motherboard design

It's also possible that this could be a software issue and testing will show either way.

Post any new dump files


Lastly I tidied up your initial post just so the thread is easier to navigate.
 


#4
Thanks for the tips kemical!

Good catch on the Bios version. I checked and oddly mine is A.00; we ordered our motherboards the same day from the same website(newegg). I think we'll try updating the bios first and see if it makes any difference; If not we'll run memtest and go from there.
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#5
Your very welcome and I hope all goes well. Post back with any updates or dump files.. :)
 


RichM

Well-Known Member
#6
Good catch kemical as the error is mismanaged ram usually meaning ram compatibility but as luck would have it this ram was tested and worked for the board. However that said Corsair has an issue with ram where if you have a different batch even though their model number can be the same, the ram is completely different maker and model as Corsair really manufactures nothing themselves. I know the ram is popular and well thought of but I avoid them myself just for that mentioned reason.
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#7
Good catch kemical as the error is mismanaged ram usually meaning ram compatibility but as luck would have it this ram was tested and worked for the board.
Thanks and yes Bugcheck 1A is usually a red flag but whether it was down to either bad ram or bios incompatibility (or neither) has yet to be determined as we are still waiting on results from the op.
 


#8
Well we flashed his bios to the newest one available and he has had no restarts/BSODs or any other anomalies within about a day.

When he first got that BSOD(DMP in the OP) a week after he installed W8.1 he had begun to get several unexplained program crashes and random black screen restarts. These would happen when he was doing anything or nothing at all. They were occurring anywhere between 5 and 20 minutes by the time we decided to flash the BIOS.

The fact that it has been flawless for a day is nice, but a similar problem with windows 10 went away for about a week after installing W8.1 and then it effectively returned. I will be keeping a close eye on this for a couple weeks or so. I'll keep this thread updated with any changes...
 


RichM

Well-Known Member
#9
Great news.
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#10
Well we flashed his bios to the newest one available and he has had no restarts/BSODs or any other anomalies within about a day.

When he first got that BSOD(DMP in the OP) a week after he installed W8.1 he had begun to get several unexplained program crashes and random black screen restarts. These would happen when he was doing anything or nothing at all. They were occurring anywhere between 5 and 20 minutes by the time we decided to flash the BIOS.

The fact that it has been flawless for a day is nice, but a similar problem with windows 10 went away for about a week after installing W8.1 and then it effectively returned. I will be keeping a close eye on this for a couple weeks or so. I'll keep this thread updated with any changes...
Thanks for the update. Hope all goes well but if not then please post back.
 


#11
Well the end of day 2 after updating the bios didn't end on a promising note. Upon powering on the computer he got another BSOD before he saw his desktop. Details below and I will attach the DMP file.

i
crosoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PC\Downloads\072716-5078-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18378.amd64fre.winblue_ltsb.160611-0600
Machine Name:
Kernel base = 0xfffff801`18476000 PsLoadedModuleList = 0xfffff801`18749630
Debug session time: Wed Jul 27 20:42:31.576 2016 (UTC - 4:00)
System Uptime: 0 days 22:38:04.242
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C000021A, {ffffc000908a6aa0, 0, 0, 0}

ETW minidump data unavailable
Probably caused by : ntkrnlmp.exe ( nt! ?? ::OKHAJAOM::`string'+269a )

Followup: MachineOwner
---------


This is a STATUS_SYSTEM_PROCESS_TERMINATED bugcheck.
It signals that the system is rebooting due to a critical service termination.
The bugcheck is not very useful for debugging. To investigate the root cause
find the related svchost.exe crashes that happened on the same machine
around the time of this dump.

4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

WINLOGON_FATAL_ERROR (c000021a)
The Winlogon process terminated unexpectedly.
Arguments:
Arg1: ffffc000908a6aa0, String that identifies the problem.
Arg2: 0000000000000000, Error Code.
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------

ETW minidump data unavailable

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9600.18378.amd64fre.winblue_ltsb.160611-0600

SYSTEM_MANUFACTURER: MSI

SYSTEM_PRODUCT_NAME: MS-7978

SYSTEM_SKU: Default string

SYSTEM_VERSION: 2.0

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: A.60

BIOS_DATE: 05/16/2016

BASEBOARD_MANUFACTURER: MSI

BASEBOARD_PRODUCT: Z170A GAMING M3 (MS-7978)

BASEBOARD_VERSION: 2.0

ERROR_CODE: (NTSTATUS) 0xc000021a - {Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x%08x (0x%08x 0x%08x). The system has been shut down.

EXCEPTION_CODE: (NTSTATUS) 0xc000021a - {Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x%08x (0x%08x 0x%08x). The system has been shut down.

EXCEPTION_CODE_STR: c000021a

EXCEPTION_PARAMETER1: ffffc000908a6aa0

EXCEPTION_PARAMETER2: 0000000000000000

EXCEPTION_PARAMETER3: 0000000000000000

EXCEPTION_PARAMETER4: 0

DUMP_TYPE: 2

BUGCHECK_P1: ffffc000908a6aa0

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME: services.exe

ADDITIONAL_DEBUG_TEXT: Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly

TAG_NOT_DEFINED_1004b:
This is a STATUS_SYSTEM_PROCESS_TERMINATED bugcheck.
It signals that the system is rebooting due to a critical service termination.
The bugcheck is not very useful for debugging. To investigate the root cause
find the related svchost.exe crashes that happened on the same machine
around the time of this dump.

BUGCHECK_STR: 0xc000021a_rpcss.dll_Critical_Service_Terminated

IMAGE_NAME: ntkrnlmp.exe

MODULE_NAME: nt

CPU_COUNT: 8

CPU_MHZ: fa8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 84'00000000 (cache) 84'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: COREREACTOR

ANALYSIS_SESSION_TIME: 07-27-2016 20:59:28.0470

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff801187fa98d to fffff801185c42a0

STACK_TEXT:
ffffd000`226585b8 fffff801`187fa98d : 00000000`0000004c 00000000`c000021a ffffd000`250532f8 ffffe000`b6e03770 : nt!KeBugCheckEx
ffffd000`226585c0 fffff801`187f44ea : ffffe000`ae334700 ffffd000`226586d9 00000000`00000000 00000000`00000002 : nt!PopGracefulShutdown+0x2c9
ffffd000`22658600 fffff801`185cfab3 : ffffe000`ae3344c0 00000000`00000000 00000000`c0000004 ffffd000`22658800 : nt! ?? ::OKHAJAOM::`string'+0x269a
ffffd000`22658740 fffff801`185c7f20 : fffff801`18a03f7d 00000000`00000001 ffffd000`22658958 00000000`c0000004 : nt!KiSystemServiceCopyEnd+0x13
ffffd000`226588d8 fffff801`18a03f7d : 00000000`00000001 ffffd000`22658958 00000000`c0000004 ffffd001`be240180 : nt!KiServiceLinkage
ffffd000`226588e0 fffff801`1893d55f : 00000000`00000000 00000000`00000000 ffffd001`be240180 ffffe000`ae334600 : nt! ?? ::NNGAKEGL::`string'+0x6d7cd
ffffd000`226589a0 fffff801`1854affa : fffff801`1854af40 00000000`00000000 00000000`00000002 00000000`00000000 : nt!PopPolicyWorkerAction+0x63
ffffd000`22658a10 fffff801`1852aa2f : fffff800`00000002 ffffe000`ae3344c0 fffff801`18730080 00000000`00000000 : nt!PopPolicyWorkerThread+0xba
ffffd000`22658a50 fffff801`18570c10 : ffff9e2a`b673f7d9 ffffe000`ae3344c0 00000000`00000080 ffffe000`ae3344c0 : nt!ExpWorkerThread+0x69f
ffffd000`22658b00 fffff801`185ca8c6 : fffff801`18773180 ffffe000`ae3344c0 ffffe000`b58d5080 fffff801`18500070 : nt!PspSystemThreadStartup+0x58
ffffd000`22658b60 00000000`00000000 : ffffd000`22659000 ffffd000`22652000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: ca83477c6c105b050cb3ec79e1112ae3fe845ead

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a8cc45de0169225656c9980dd400447876498902

THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c

FOLLOWUP_IP:
nt! ?? ::OKHAJAOM::`string'+269a
fffff801`187f44ea cc int 3

FAULT_INSTR_CODE: 98e8cc

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt! ?? ::OKHAJAOM::`string'+269a

FOLLOWUP_NAME: MachineOwner

DEBUG_FLR_IMAGE_TIMESTAMP: 575c3237

IMAGE_VERSION: 6.3.9600.18378

BUCKET_ID_FUNC_OFFSET: 269a

FAILURE_BUCKET_ID: 0xc000021a_rpcss.dll_Critical_Service_Terminated_nt!_??_::OKHAJAOM::_string_

BUCKET_ID: 0xc000021a_rpcss.dll_Critical_Service_Terminated_nt!_??_::OKHAJAOM::_string_

PRIMARY_PROBLEM_CLASS: 0xc000021a_rpcss.dll_Critical_Service_Terminated_nt!_??_::OKHAJAOM::_string_

TARGET_TIME: 2016-07-28T00:42:31.000Z

OSBUILD: 9600

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 8.1

OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-06-11 11:45:59

BUILDDATESTAMP_STR: 160611-0600

BUILDLAB_STR: winblue_ltsb

BUILDOSVER_STR: 6.3.9600.18378.amd64fre.winblue_ltsb.160611-0600

ANALYSIS_SESSION_ELAPSED_TIME: 355

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xc000021a_rpcss.dll_critical_service_terminated_nt!_??_::eek:khajaom::_string_

FAILURE_ID_HASH: {985ba5ee-c7fd-3ab7-c026-2d066fd15a29}

Followup: MachineOwner
---------


This is a STATUS_SYSTEM_PROCESS_TERMINATED bugcheck.
It signals that the system is rebooting due to a critical service termination.
The bugcheck is not very useful for debugging. To investigate the root cause
find the related svchost.exe crashes that happened on the same machine
around the time of this dump.
 


Attachments

Last edited by a moderator:

kemical

Windows Forum Admin
Staff member
Premium Supporter
#12
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C000021A, {ffffc000908a6aa0, 0, 0, 0}

----- ETW minidump data unavailable-----
Probably caused by : ntkrnlmp.exe ( nt! ?? ::OKHAJAOM::`string'+269a )

Followup: MachineOwner
Hi,
this bugcheck can often by caused by third party application. I see you installed the MSI Afterburner? If so this app is well known for causing bsod's and I'd remove it and see if the bsod's stop.
 


#13
Aaaaaaand here we go again! When he started a game of Homeworld he got another 0x1A followed by numerous black screen restarts upon opening most games. Log below and DMP attached. Day 3 is off to a wonderful start I see.


Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PC\Downloads\072816-5046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18378.amd64fre.winblue_ltsb.160611-0600
Machine Name:
Kernel base = 0xfffff802`7688c000 PsLoadedModuleList = 0xfffff802`76b5f630
Debug session time: Thu Jul 28 01:49:47.861 2016 (UTC - 4:00)
System Uptime: 0 days 1:58:20.526
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41793, fffff68000308ff8, 200, 1ff}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1699f )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041793, The subtype of the bugcheck.
Arg2: fffff68000308ff8
Arg3: 0000000000000200
Arg4: 00000000000001ff

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9600.18378.amd64fre.winblue_ltsb.160611-0600

SYSTEM_MANUFACTURER: MSI

SYSTEM_PRODUCT_NAME: MS-7978

SYSTEM_SKU: Default string

SYSTEM_VERSION: 2.0

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: A.60

BIOS_DATE: 05/16/2016

BASEBOARD_MANUFACTURER: MSI

BASEBOARD_PRODUCT: Z170A GAMING M3 (MS-7978)

BASEBOARD_VERSION: 2.0

DUMP_TYPE: 2

BUGCHECK_P1: 41793

BUGCHECK_P2: fffff68000308ff8

BUGCHECK_P3: 200

BUGCHECK_P4: 1ff

BUGCHECK_STR: 0x1a_41793

CPU_COUNT: 8

CPU_MHZ: fa8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 84'00000000 (cache) 84'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: DesertsOfKhara

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: COREREACTOR

ANALYSIS_SESSION_TIME: 07-28-2016 18:49:49.0861

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff80276a0115f to fffff802769da2a0

STACK_TEXT:
ffffd000`22f8f548 fffff802`76a0115f : 00000000`0000001a 00000000`00041793 fffff680`00308ff8 00000000`00000200 : nt!KeBugCheckEx
ffffd000`22f8f550 fffff802`76909013 : ffffd000`22f8f7f8 ffffc002`0cbe6a80 00000000`00000000 ffffe001`46e34350 : nt! ?? ::FNODOBFM::`string'+0x1699f
ffffd000`22f8f7e0 fffff802`76c82c4d : ffffe001`47414010 00000000`60a10000 ffffd000`00000000 7fffffff`00000000 : nt!MiDeleteVad+0x233
ffffd000`22f8f8e0 fffff802`76c82b25 : 00000000`00000000 00000000`00000008 00000000`00000000 00000000`00000001 : nt!MiUnmapViewOfSection+0xfd
ffffd000`22f8f9b0 fffff802`769e5ab3 : ffffe001`4ff1a080 00000000`00000000 ffffe001`47b478c0 00000000`01000000 : nt!NtUnmapViewOfSection+0x65
ffffd000`22f8fa00 00007ffa`3d69095a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0bf4eee8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`3d69095a


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: 32a903aaf9bcaa8f855cac24cc24d23ba868ae89

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 004018a47779667f02ad4dd8ec4f5a809f615f69

THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+1699f
fffff802`76a0115f cc int 3

FAULT_INSTR_CODE: c93345cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+1699f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 575c3237

IMAGE_VERSION: 6.3.9600.18378

BUCKET_ID_FUNC_OFFSET: 1699f

FAILURE_BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41793_nt!_??_::FNODOBFM::_string_

PRIMARY_PROBLEM_CLASS: 0x1a_41793_nt!_??_::FNODOBFM::_string_

TARGET_TIME: 2016-07-28T05:49:47.000Z

OSBUILD: 9600

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 8.1

OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-06-11 11:45:59

BUILDDATESTAMP_STR: 160611-0600

BUILDLAB_STR: winblue_ltsb

BUILDOSVER_STR: 6.3.9600.18378.amd64fre.winblue_ltsb.160611-0600

ANALYSIS_SESSION_ELAPSED_TIME: 2c9

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41793_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {2bb49b32-09fa-a96d-8b93-292cf7a50b3f}

Followup: MachineOwner
---------
 


Attachments

Last edited by a moderator:

kemical

Windows Forum Admin
Staff member
Premium Supporter
#14
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41793, fffff68000308ff8, 200, 1ff}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+1699f )

Followup: MachineOwner
Hi,
did you try removing MSI afterburner? I see it's still installed..

Windows does have a memory testing app but it can miss errors and the best app for the job is Memtest86.
If you open the link below you'll see you can run Memtest86 in two ways. You can either burn it to disk or install it onto a USB drive it's entirely up to you. You'll then need to enter the bios to change the boot order so you can boot from either the Disk or USB stick you have Memtest86 on.
You must test for at least 12 hours unless it becomes obvious there is a problem straight away.
Memtest86+ - Advanced Memory Diagnostic Tool
 


#15
I had thought we unstalled afterburner... I'll remind him to do so before we do the memtest
 


#16
Strange, MSI Afterburner isnt listed programs/features list nor is it in the program list. Perhaps we'll have to manually remove it.

Update; we manage to get 2 memtest passes in before he needed to use his computer for other things; there were no failures.
Since he is leaving for a trip this weekend he plans to let it run overnight and throughout Saturday to get as many passes as possible in.

In the meantime he did get another one today. DMP attached.
Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PC\Downloads\072916-4968-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18378.amd64fre.winblue_ltsb.160611-0600
Machine Name:
Kernel base = 0xfffff802`3fc02000 PsLoadedModuleList = 0xfffff802`3fed5630
Debug session time: Fri Jul 29 00:53:10.815 2016 (UTC - 4:00)
System Uptime: 0 days 2:33:47.480
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41201, fffff680002768f8, 8ec04002da697867, ffffe000ca750520}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+16f8c )

Followup: MachineOwner
---------

5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff680002768f8
Arg3: 8ec04002da697867
Arg4: ffffe000ca750520

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 9600.18378.amd64fre.winblue_ltsb.160611-0600

SYSTEM_MANUFACTURER: MSI

SYSTEM_PRODUCT_NAME: MS-7978

SYSTEM_SKU: Default string

SYSTEM_VERSION: 2.0

BIOS_VENDOR: American Megatrends Inc.

BIOS_VERSION: A.60

BIOS_DATE: 05/16/2016

BASEBOARD_MANUFACTURER: MSI

BASEBOARD_PRODUCT: Z170A GAMING M3 (MS-7978)

BASEBOARD_VERSION: 2.0

DUMP_TYPE: 2

BUGCHECK_P1: 41201

BUGCHECK_P2: fffff680002768f8

BUGCHECK_P3: 8ec04002da697867

BUGCHECK_P4: ffffe000ca750520

BUGCHECK_STR: 0x1a_41201

CPU_COUNT: 8

CPU_MHZ: fa8

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 5e

CPU_STEPPING: 3

CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 84'00000000 (cache) 84'00000000 (init)

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: DesertsOfKhara

CURRENT_IRQL: 0

ANALYSIS_SESSION_HOST: COREREACTOR

ANALYSIS_SESSION_TIME: 07-29-2016 16:41:57.0724

ANALYSIS_VERSION: 10.0.10586.567 amd64fre

LAST_CONTROL_TRANSFER: from fffff8023fd7774c to fffff8023fd502a0

STACK_TEXT:
ffffd000`2296e5f8 fffff802`3fd7774c : 00000000`0000001a 00000000`00041201 fffff680`002768f8 8ec04002`da697867 : nt!KeBugCheckEx
ffffd000`2296e600 fffff802`3fc6c7ff : 00000000`00000000 00000000`00000000 ffffe000`d342c880 fffff802`3fc6d1a6 : nt! ?? ::FNODOBFM::`string'+0x16f8c
ffffd000`2296e670 fffff802`3fc6c18d : e000d3fc`8050f33d 00000007`000014d0 e000d3fc`8050f33b fffff802`3fca80fb : nt!MiQueryAddressState+0x34f
ffffd000`2296e770 fffff802`3fff8139 : 00000000`00000003 ffffd000`2296ea80 ffffe000`ca750520 00000000`00000001 : nt!MiQueryAddressSpan+0x10d
ffffd000`2296e7e0 fffff802`3fff7e0a : ffffe000`c9fbdda8 ffffe000`d24db130 00000000`00000000 00000000`00001000 : nt!MmQueryVirtualMemory+0x329
ffffd000`2296e940 fffff802`3fd5bab3 : 00000000`00000000 0000004d`3c82eb58 00000000`dc0019ff 00000000`00000134 : nt!NtQueryVirtualMemory+0x22
ffffd000`2296e990 00007fff`460408ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000004d`3c82e7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`460408ea


STACK_COMMAND: kb

THREAD_SHA1_HASH_MOD_FUNC: e04af0401ee17939845926712ce52fb813bd5c89

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 459b885d701aef4e810a13e9ed8e28c1f5fa1723

THREAD_SHA1_HASH_MOD: 30a3e915496deaace47137d5b90c3ecc03746bf6

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+16f8c
fffff802`3fd7774c cc int 3

FAULT_INSTR_CODE: d58b48cc

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+16f8c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 575c3237

IMAGE_VERSION: 6.3.9600.18378

BUCKET_ID_FUNC_OFFSET: 16f8c

FAILURE_BUCKET_ID: 0x1a_41201_nt!_??_::FNODOBFM::_string_

BUCKET_ID: 0x1a_41201_nt!_??_::FNODOBFM::_string_

PRIMARY_PROBLEM_CLASS: 0x1a_41201_nt!_??_::FNODOBFM::_string_

TARGET_TIME: 2016-07-29T04:53:10.000Z

OSBUILD: 9600

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 8.1

OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2016-06-11 11:45:59

BUILDDATESTAMP_STR: 160611-0600

BUILDLAB_STR: winblue_ltsb

BUILDOSVER_STR: 6.3.9600.18378.amd64fre.winblue_ltsb.160611-0600

ANALYSIS_SESSION_ELAPSED_TIME: 29e

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x1a_41201_nt!_??_::fnodobfm::_string_

FAILURE_ID_HASH: {48c83227-3944-10a1-bf0f-11b43dc9c13b}

Followup: MachineOwner
---------
 


Attachments

kemical

Windows Forum Admin
Staff member
Premium Supporter
#17
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41201, fffff680002768f8, 8ec04002da697867, ffffe000ca750520}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+16f8c )

Followup: MachineOwner
Update; we manage to get 2 memtest passes in before he needed to use his computer for other things
Nice but ideally you need to run for longer although I see there are plans to do this.

If the memory passes then try running the driver verifier although first create a recovery disk/usb as the verifier sometimes cause a boot loop. You'll need the recovery disk/usb to boot into recovery, safe mode and then turn the verifier off.
How do I fix a Blue Screen in Windows using Driver Verifier?

Post any resulting dump files

Oh and yes MSI Afterburner still looks installed.
 


Last edited:
#18
Wait why would he need a boot disk to get into safemode? Wouldn't F8->safemode work?
 


kemical

Windows Forum Admin
Staff member
Premium Supporter
#19
Wouldn't F8->safemode work?
Since the advent of Windows 8 booting into safe mode doesn't always work with the F8 key especially if your running a uefi bios. This guide will show you the various ways you can access safe mode for both win 8 and 10
5 Ways To Boot Into Safe Mode In Windows 8.1 - Page 2
 


#20
Okay, update here.

Memtest 86 ran over the weekend, we got 13 passses with no errors but a warning that the RAM may be vulnerable to high frequency row hammer bit flips.

Moving on, I walked my friend through how to run driver verifier and it triggered a nice amount of BSODs very quickly. Thankfully we were able to disable it without needing safemode. I won't bother posting text dumps since there are so many, but I have attached all of the dmp files generated.

It looks like 4/5 of them point to bwcW8x64.sys and a single one points too nvlddmkm.sys
 


Attachments

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top