Loading Dump File [C:\Users\Amaru\Desktop\031614-5015-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid *** **************************************************************************** * Symbol loading may be unreliable without a symbol search path. * * Use .symfix to have the debugger choose a symbol path. * * After setting your symbol path, use .reload to refresh symbol locations. * **************************************************************************** Executable search path is: ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Windows 8 Kernel Version 9600 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505 Machine Name: Kernel base = 0xfffff802`5700f000 PsLoadedModuleList = 0xfffff802`572d3990 Debug session time: Sun Mar 16 21:34:30.895 2014 (UTC + 1:00) System Uptime: 0 days 1:13:56.545 ********************************************************************* * Symbols can not be loaded because symbol path is not initialized. * * * * The Symbol Path can be set by: * * using the _NT_SYMBOL_PATH environment variable. * * using the -y argument when starting the debugger. * * using .sympath and .sympath+ * ********************************************************************* Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols ............................................................... ................................................................ ............................ Loading User Symbols Loading unloaded module list ............ ************* Symbol Loading Error Summary ************** Module name Error ntoskrnl The system cannot find the file specified You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded. You should also verify that your symbol search path (.sympath) is correct. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {101113148, 2, 0, fffff8025704f9eb} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : ntoskrnl.exe ( nt+409eb ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000101113148, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8025704f9eb, address which referenced memory Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ADDITIONAL_DEBUG_TEXT: You can run '.symfix; .reload' to try to fix the symbol path and load symbols. MODULE_NAME: nt FAULTING_MODULE: fffff8025700f000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 52718d9c READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSizeOfNonPagedPoolInBytes 0000000101113148 CURRENT_IRQL: 0 FAULTING_IP: nt+409eb fffff802`5704f9eb 49ff64c070 jmp qword ptr [r8+rax*8+70h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre LAST_CONTROL_TRANSFER: from fffff802571687e9 to fffff8025715cca0 STACK_TEXT: fffff802`58a16cf8 fffff802`571687e9 : 00000000`0000000a 00000001`01113148 00000000`00000002 00000000`00000000 : nt+0x14dca0 fffff802`58a16d00 00000000`0000000a : 00000001`01113148 00000000`00000002 00000000`00000000 fffff802`5704f9eb : nt+0x1597e9 fffff802`58a16d08 00000001`01113148 : 00000000`00000002 00000000`00000000 fffff802`5704f9eb fffff802`57108f45 : 0xa fffff802`58a16d10 00000000`00000002 : 00000000`00000000 fffff802`5704f9eb fffff802`57108f45 00000000`00000000 : 0x00000001`01113148 fffff802`58a16d18 00000000`00000000 : fffff802`5704f9eb fffff802`57108f45 00000000`00000000 00000000`00000000 : 0x2 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: nt+409eb fffff802`5704f9eb 49ff64c070 jmp qword ptr [r8+rax*8+70h] SYMBOL_NAME: nt+409eb FOLLOWUP_NAME: MachineOwner IMAGE_NAME: ntoskrnl.exe BUCKET_ID: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:wrong_symbols FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8} Followup: MachineOwner --------- 0: kd> lmv start end module name fffff800`00000000 fffff800`00034000 nvhda64v (deferred) Image path: \SystemRoot\system32\drivers\nvhda64v.sys Image name: nvhda64v.sys Timestamp: Sun Jun 16 14:38:07 2013 (51BDB1AF) CheckSum: 00038732 ImageSize: 00034000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00042000 fffff800`000a8000 mcupdate_GenuineIntel (deferred) Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll Image name: mcupdate_GenuineIntel.dll Timestamp: Thu Aug 22 13:40:16 2013 (5215F8A0) CheckSum: 0006AE79 ImageSize: 00066000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`000a8000 fffff800`000b6000 werkernel (deferred) Image path: \SystemRoot\System32\drivers\werkernel.sys Image name: werkernel.sys Timestamp: Thu Aug 22 13:40:24 2013 (5215F8A8) CheckSum: 0000D30A ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`000b6000 fffff800`00118000 CLFS (deferred) Image path: \SystemRoot\System32\drivers\CLFS.SYS Image name: CLFS.SYS Timestamp: Thu Aug 22 13:40:20 2013 (5215F8A4) CheckSum: 00064D65 ImageSize: 00062000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00118000 fffff800`0013a000 tm (deferred) Image path: \SystemRoot\System32\drivers\tm.sys Image name: tm.sys Timestamp: Thu Aug 22 13:39:33 2013 (5215F875) CheckSum: 00027299 ImageSize: 00022000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0013a000 fffff800`0014f000 PSHED (deferred) Image path: \SystemRoot\system32\PSHED.dll Image name: PSHED.dll Timestamp: Sat Sep 14 15:57:19 2013 (52346B3F) CheckSum: 00014F05 ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0014f000 fffff800`00159000 BOOTVID (deferred) Image path: \SystemRoot\system32\BOOTVID.dll Image name: BOOTVID.dll Timestamp: Thu Aug 22 13:40:26 2013 (5215F8AA) CheckSum: 000143A5 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00159000 fffff800`001e1000 CI (deferred) Image path: \SystemRoot\system32\CI.dll Image name: CI.dll Timestamp: Sat Sep 21 09:58:34 2013 (523D51AA) CheckSum: 0008AE61 ImageSize: 00088000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00200000 fffff800`0025e000 spaceport (deferred) Image path: \SystemRoot\System32\drivers\spaceport.sys Image name: spaceport.sys Timestamp: Wed Oct 30 23:38:47 2013 (52718A77) CheckSum: 0005F6B8 ImageSize: 0005E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00275000 fffff800`002d2000 msrpc (deferred) Image path: \SystemRoot\System32\drivers\msrpc.sys Image name: msrpc.sys Timestamp: Thu Aug 22 13:39:22 2013 (5215F86A) CheckSum: 0005E90A ImageSize: 0005D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`002d2000 fffff800`003a1000 Wdf01000 (deferred) Image path: \SystemRoot\system32\drivers\Wdf01000.sys Image name: Wdf01000.sys Timestamp: Thu Aug 22 13:38:56 2013 (5215F850) CheckSum: 000DAC61 ImageSize: 000CF000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`003a1000 fffff800`003b2000 WDFLDR (deferred) Image path: \SystemRoot\system32\drivers\WDFLDR.SYS Image name: WDFLDR.SYS Timestamp: Thu Aug 22 13:39:03 2013 (5215F857) CheckSum: 00018D2B ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`003b2000 fffff800`003ca000 acpiex (deferred) Image path: \SystemRoot\System32\Drivers\acpiex.sys Image name: acpiex.sys Timestamp: Thu Aug 22 13:37:47 2013 (5215F80B) CheckSum: 0001AB70 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`003ca000 fffff800`003d5000 WppRecorder (deferred) Image path: \SystemRoot\System32\Drivers\WppRecorder.sys Image name: WppRecorder.sys Timestamp: Thu Aug 22 13:39:40 2013 (5215F87C) CheckSum: 000115DC ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00400000 fffff800`00449000 pci (deferred) Image path: \SystemRoot\System32\drivers\pci.sys Image name: pci.sys Timestamp: Thu Aug 22 13:38:31 2013 (5215F837) CheckSum: 0004DF95 ImageSize: 00049000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00449000 fffff800`00456000 vdrvroot (deferred) Image path: \SystemRoot\System32\drivers\vdrvroot.sys Image name: vdrvroot.sys Timestamp: Thu Aug 22 13:38:49 2013 (5215F849) CheckSum: 000167D2 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00456000 fffff800`00472000 pdc (deferred) Image path: \SystemRoot\system32\drivers\pdc.sys Image name: pdc.sys Timestamp: Fri Nov 01 05:58:42 2013 (52733502) CheckSum: 00024C0E ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00472000 fffff800`0048a000 partmgr (deferred) Image path: \SystemRoot\System32\drivers\partmgr.sys Image name: partmgr.sys Timestamp: Thu Aug 22 13:40:20 2013 (5215F8A4) CheckSum: 000258EA ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0048a000 fffff800`0049f000 volmgr (deferred) Image path: \SystemRoot\System32\drivers\volmgr.sys Image name: volmgr.sys Timestamp: Thu Aug 22 13:39:53 2013 (5215F889) CheckSum: 00018065 ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0049f000 fffff800`004c9000 usbccgp (deferred) Image path: \SystemRoot\System32\drivers\usbccgp.sys Image name: usbccgp.sys Timestamp: Wed Oct 23 10:17:41 2013 (52678625) CheckSum: 00032A3A ImageSize: 0002A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`004da000 fffff800`0055f000 ACPI (deferred) Image path: \SystemRoot\System32\drivers\ACPI.sys Image name: ACPI.sys Timestamp: Tue Oct 08 09:40:38 2013 (5253B6F6) CheckSum: 00080B58 ImageSize: 00085000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0055f000 fffff800`00569000 WMILIB (deferred) Image path: \SystemRoot\System32\drivers\WMILIB.SYS Image name: WMILIB.SYS Timestamp: Thu Aug 22 13:40:23 2013 (5215F8A7) CheckSum: 00005EF7 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00569000 fffff800`005f4000 cng (deferred) Image path: \SystemRoot\System32\Drivers\cng.sys Image name: cng.sys Timestamp: Thu Aug 22 13:38:09 2013 (5215F821) CheckSum: 000990D1 ImageSize: 0008B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`005f4000 fffff800`005fe000 msisadrv (deferred) Image path: \SystemRoot\System32\drivers\msisadrv.sys Image name: msisadrv.sys Timestamp: Thu Aug 22 13:39:03 2013 (5215F857) CheckSum: 0000A48E ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00600000 fffff800`00629000 TS4nt (deferred) Image path: \SystemRoot\System32\Drivers\TS4nt.sys Image name: TS4nt.sys Timestamp: Thu Aug 19 16:05:30 2010 (4C6D3A2A) CheckSum: 0001F7AC ImageSize: 00029000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00629000 fffff800`00649000 EhStorTcgDrv (deferred) Image path: \SystemRoot\System32\drivers\EhStorTcgDrv.sys Image name: EhStorTcgDrv.sys Timestamp: Thu Aug 22 13:37:30 2013 (5215F7FA) CheckSum: 00024E40 ImageSize: 00020000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00649000 fffff800`00663000 EhStorClass (deferred) Image path: \SystemRoot\System32\drivers\EhStorClass.sys Image name: EhStorClass.sys Timestamp: Thu Aug 22 13:38:15 2013 (5215F827) CheckSum: 0002292E ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00663000 fffff800`006bf000 fltmgr (deferred) Image path: \SystemRoot\system32\drivers\fltmgr.sys Image name: fltmgr.sys Timestamp: Thu Aug 22 13:40:18 2013 (5215F8A2) CheckSum: 0005F56C ImageSize: 0005C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`006bf000 fffff800`006d5000 fileinfo (deferred) Image path: \SystemRoot\System32\drivers\fileinfo.sys Image name: fileinfo.sys Timestamp: Thu Aug 22 13:38:45 2013 (5215F845) CheckSum: 00017698 ImageSize: 00016000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`006ee000 fffff800`0074d000 volmgrx (deferred) Image path: \SystemRoot\System32\drivers\volmgrx.sys Image name: volmgrx.sys Timestamp: Thu Aug 22 13:40:23 2013 (5215F8A7) CheckSum: 000675F8 ImageSize: 0005F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0074d000 fffff800`00768000 mountmgr (deferred) Image path: \SystemRoot\System32\drivers\mountmgr.sys Image name: mountmgr.sys Timestamp: Thu Aug 22 13:40:04 2013 (5215F894) CheckSum: 00020DF0 ImageSize: 0001B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00768000 fffff800`00785000 storahci (deferred) Image path: \SystemRoot\System32\drivers\storahci.sys Image name: storahci.sys Timestamp: Thu Aug 22 13:40:39 2013 (5215F8B7) CheckSum: 00021E30 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00785000 fffff800`007e4000 storport (deferred) Image path: \SystemRoot\System32\drivers\storport.sys Image name: storport.sys Timestamp: Thu Aug 22 13:39:03 2013 (5215F857) CheckSum: 0005D296 ImageSize: 0005F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00800000 fffff800`00879000 NETIO (deferred) Image path: \SystemRoot\system32\drivers\NETIO.SYS Image name: NETIO.SYS Timestamp: Thu Aug 22 13:37:08 2013 (5215F7E4) CheckSum: 0007A220 ImageSize: 00079000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00879000 fffff800`00a6f000 Ntfs (deferred) Image path: \SystemRoot\System32\Drivers\Ntfs.sys Image name: Ntfs.sys Timestamp: Thu Aug 22 10:48:02 2013 (5215D042) CheckSum: 001EB344 ImageSize: 001F6000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00a6f000 fffff800`00a8b000 ksecdd (deferred) Image path: \SystemRoot\System32\Drivers\ksecdd.sys Image name: ksecdd.sys Timestamp: Sat Sep 21 09:59:44 2013 (523D51F0) CheckSum: 0001EAE0 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00a8b000 fffff800`00a9b000 pcw (deferred) Image path: \SystemRoot\System32\drivers\pcw.sys Image name: pcw.sys Timestamp: Thu Aug 22 10:46:34 2013 (5215CFEA) CheckSum: 00011373 ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00a9b000 fffff800`00aa6000 Fs_Rec (deferred) Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys Image name: Fs_Rec.sys Timestamp: Thu Aug 22 10:46:33 2013 (5215CFE9) CheckSum: 0000C6BA ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00aa6000 fffff800`00bbe000 ndis (deferred) Image path: \SystemRoot\system32\drivers\ndis.sys Image name: ndis.sys Timestamp: Mon Nov 25 00:30:24 2013 (52928C10) CheckSum: 00119449 ImageSize: 00118000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00bbe000 fffff800`00bf2000 ksecpkg (deferred) Image path: \SystemRoot\System32\Drivers\ksecpkg.sys Image name: ksecpkg.sys Timestamp: Thu Aug 22 13:37:32 2013 (5215F7FC) CheckSum: 00032777 ImageSize: 00034000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00c00000 fffff800`00c93000 fvevol (deferred) Image path: \SystemRoot\System32\DRIVERS\fvevol.sys Image name: fvevol.sys Timestamp: Sat Sep 21 09:58:16 2013 (523D5198) CheckSum: 0009A9BC ImageSize: 00093000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00cb5000 fffff800`00f31000 tcpip (deferred) Image path: \SystemRoot\System32\drivers\tcpip.sys Image name: tcpip.sys Timestamp: Wed Jan 29 01:40:05 2014 (52E84DE5) CheckSum: 0027B8DE ImageSize: 0027C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00f31000 fffff800`00f9d000 fwpkclnt (deferred) Image path: \SystemRoot\System32\drivers\fwpkclnt.sys Image name: fwpkclnt.sys Timestamp: Thu Aug 22 13:36:38 2013 (5215F7C6) CheckSum: 00073E61 ImageSize: 0006C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00f9d000 fffff800`00fc2000 wfplwfs (deferred) Image path: \SystemRoot\system32\DRIVERS\wfplwfs.sys Image name: wfplwfs.sys Timestamp: Sun Oct 13 01:46:38 2013 (5259DF5E) CheckSum: 00028B37 ImageSize: 00025000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00fc2000 fffff800`00fe6000 MiniIcpt (deferred) Image path: \??\C:\Windows\system32\drivers\MiniIcpt.sys Image name: MiniIcpt.sys Timestamp: Fri Aug 02 03:44:18 2013 (51FB0EF2) CheckSum: 0002BA09 ImageSize: 00024000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00fe6000 fffff800`00fee000 Beep (deferred) Image path: \SystemRoot\System32\Drivers\Beep.SYS Image name: Beep.SYS Timestamp: Thu Aug 22 13:40:24 2013 (5215F8A8) CheckSum: 00009735 ImageSize: 00008000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`00fee000 fffff800`00ffc000 BasicRender (deferred) Image path: \SystemRoot\System32\drivers\BasicRender.sys Image name: BasicRender.sys Timestamp: Thu Aug 22 13:39:27 2013 (5215F86F) CheckSum: 00009861 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01000000 fffff800`01056000 CLASSPNP (deferred) Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS Image name: CLASSPNP.SYS Timestamp: Thu Aug 22 10:46:47 2013 (5215CFF7) CheckSum: 0005C143 ImageSize: 00056000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01056000 fffff800`0106b000 crashdmp (deferred) Image path: \SystemRoot\System32\Drivers\crashdmp.sys Image name: crashdmp.sys Timestamp: Thu Aug 22 13:40:03 2013 (5215F893) CheckSum: 00015F7C ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`010aa000 fffff800`010d8000 cdrom (deferred) Image path: \SystemRoot\System32\drivers\cdrom.sys Image name: cdrom.sys Timestamp: Thu Aug 22 10:46:35 2013 (5215CFEB) CheckSum: 00032799 ImageSize: 0002E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`010dc000 fffff800`0112c000 volsnap (deferred) Image path: \SystemRoot\System32\drivers\volsnap.sys Image name: volsnap.sys Timestamp: Fri Jan 31 13:14:07 2014 (52EB938F) CheckSum: 00051CC6 ImageSize: 00050000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0112c000 fffff800`01171000 rdyboost (deferred) Image path: \SystemRoot\System32\drivers\rdyboost.sys Image name: rdyboost.sys Timestamp: Sun Oct 13 01:49:41 2013 (5259E015) CheckSum: 00045DA7 ImageSize: 00045000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01171000 fffff800`01188000 mup (deferred) Image path: \SystemRoot\System32\Drivers\mup.sys Image name: mup.sys Timestamp: Thu Aug 22 13:40:28 2013 (5215F8AC) CheckSum: 0002066D ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01188000 fffff800`01197000 intelpep (deferred) Image path: \SystemRoot\System32\drivers\intelpep.sys Image name: intelpep.sys Timestamp: Sat Nov 09 09:45:55 2013 (527DF643) CheckSum: 0000CCF7 ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01197000 fffff800`011a0000 Null (deferred) Image path: \SystemRoot\System32\Drivers\Null.SYS Image name: Null.SYS Timestamp: Thu Aug 22 13:40:24 2013 (5215F8A8) CheckSum: 0000EAA8 ImageSize: 00009000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`011a3000 fffff800`011b7000 GDBehave (deferred) Image path: \SystemRoot\system32\drivers\GDBehave.sys Image name: GDBehave.sys Timestamp: Fri Aug 02 03:43:49 2013 (51FB0ED5) CheckSum: 00018CFC ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`011b7000 fffff800`011d3000 disk (deferred) Image path: \SystemRoot\System32\drivers\disk.sys Image name: disk.sys Timestamp: Thu Aug 22 13:39:47 2013 (5215F883) CheckSum: 0001FEF4 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`011d3000 fffff800`011e7000 HookCentre (deferred) Image path: \??\C:\Windows\system32\drivers\HookCentre.sys Image name: HookCentre.sys Timestamp: Fri Aug 02 03:46:12 2013 (51FB0F64) CheckSum: 0001F8E9 ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`011e7000 fffff800`011f9000 gddcv64 (deferred) Image path: \??\C:\Windows\system32\drivers\gddcv64.sys Image name: gddcv64.sys Timestamp: Fri Jun 21 14:22:53 2013 (51C4459D) CheckSum: 00019D88 ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01400000 fffff800`01470000 rdbss (deferred) Image path: \SystemRoot\system32\DRIVERS\rdbss.sys Image name: rdbss.sys Timestamp: Tue Dec 17 08:21:22 2013 (52AFFB72) CheckSum: 0006BFA7 ImageSize: 00070000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0148c000 fffff800`01606000 dxgkrnl (deferred) Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image name: dxgkrnl.sys Timestamp: Tue Jan 07 08:27:12 2014 (52CBAC50) CheckSum: 0017DDB3 ImageSize: 0017A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01606000 fffff800`01618000 watchdog (deferred) Image path: \SystemRoot\System32\drivers\watchdog.sys Image name: watchdog.sys Timestamp: Thu Aug 22 13:39:48 2013 (5215F884) CheckSum: 0001A986 ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01618000 fffff800`01679000 dxgmms1 (deferred) Image path: \SystemRoot\System32\drivers\dxgmms1.sys Image name: dxgmms1.sys Timestamp: Wed Jan 08 00:42:20 2014 (52CC90DC) CheckSum: 0006B3DB ImageSize: 00061000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01679000 fffff800`0168b000 BasicDisplay (deferred) Image path: \SystemRoot\System32\drivers\BasicDisplay.sys Image name: BasicDisplay.sys Timestamp: Thu Aug 22 13:39:31 2013 (5215F873) CheckSum: 00016E0C ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0168b000 fffff800`0169f000 Npfs (deferred) Image path: \SystemRoot\System32\Drivers\Npfs.SYS Image name: Npfs.SYS Timestamp: Thu Aug 22 13:40:25 2013 (5215F8A9) CheckSum: 000163DC ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0169f000 fffff800`016ab000 Msfs (deferred) Image path: \SystemRoot\System32\Drivers\Msfs.SYS Image name: Msfs.SYS Timestamp: Thu Aug 22 13:40:24 2013 (5215F8A8) CheckSum: 0000EF55 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`016ab000 fffff800`016cb000 tdx (deferred) Image path: \SystemRoot\system32\DRIVERS\tdx.sys Image name: tdx.sys Timestamp: Thu Aug 22 13:36:34 2013 (5215F7C2) CheckSum: 00020690 ImageSize: 00020000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`016cb000 fffff800`016d9000 TDI (deferred) Image path: \SystemRoot\system32\DRIVERS\TDI.SYS Image name: TDI.SYS Timestamp: Thu Aug 22 13:39:01 2013 (5215F855) CheckSum: 0000D2C0 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`016d9000 fffff800`01725000 netbt (deferred) Image path: \SystemRoot\System32\DRIVERS\netbt.sys Image name: netbt.sys Timestamp: Thu Aug 22 13:37:01 2013 (5215F7DD) CheckSum: 00051A95 ImageSize: 0004C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01725000 fffff800`017b8000 afd (deferred) Image path: \SystemRoot\system32\drivers\afd.sys Image name: afd.sys Timestamp: Thu Aug 22 13:36:50 2013 (5215F7D2) CheckSum: 0008F143 ImageSize: 00093000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`017b8000 fffff800`017e2000 pacer (deferred) Image path: \SystemRoot\system32\DRIVERS\pacer.sys Image name: pacer.sys Timestamp: Thu Aug 22 13:36:06 2013 (5215F7A6) CheckSum: 00033197 ImageSize: 0002A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`017e2000 fffff800`017f3000 netbios (deferred) Image path: \SystemRoot\system32\DRIVERS\netbios.sys Image name: netbios.sys Timestamp: Thu Aug 22 13:38:58 2013 (5215F852) CheckSum: 000155DC ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01800000 fffff800`0180b000 kdnic (deferred) Image path: \SystemRoot\system32\DRIVERS\kdnic.sys Image name: kdnic.sys Timestamp: Thu Aug 22 13:38:26 2013 (5215F832) CheckSum: 00009E90 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0180b000 fffff800`0181c000 umbus (deferred) Image path: \SystemRoot\System32\drivers\umbus.sys Image name: umbus.sys Timestamp: Thu Aug 22 13:38:59 2013 (5215F853) CheckSum: 0000FBC2 ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0181c000 fffff800`01868000 ks (deferred) Image path: \SystemRoot\system32\drivers\ks.sys Image name: ks.sys Timestamp: Thu Sep 05 09:39:03 2013 (52283517) CheckSum: 00050669 ImageSize: 0004C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01868000 fffff800`018d3000 usbhub (deferred) Image path: \SystemRoot\System32\drivers\usbhub.sys Image name: usbhub.sys Timestamp: Thu Aug 22 13:38:33 2013 (5215F839) CheckSum: 00073566 ImageSize: 0006B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`018d3000 fffff800`01961000 csc (deferred) Image path: \SystemRoot\system32\drivers\csc.sys Image name: csc.sys Timestamp: Thu Aug 22 13:38:00 2013 (5215F818) CheckSum: 00093C84 ImageSize: 0008E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01961000 fffff800`0196f000 nsiproxy (deferred) Image path: \SystemRoot\system32\drivers\nsiproxy.sys Image name: nsiproxy.sys Timestamp: Thu Aug 22 13:36:34 2013 (5215F7C2) CheckSum: 00017361 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0196f000 fffff800`0197b000 npsvctrig (deferred) Image path: \SystemRoot\System32\drivers\npsvctrig.sys Image name: npsvctrig.sys Timestamp: Thu Aug 22 13:38:22 2013 (5215F82E) CheckSum: 000117AA ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0197b000 fffff800`01987000 mssmbios (deferred) Image path: \SystemRoot\System32\drivers\mssmbios.sys Image name: mssmbios.sys Timestamp: Thu Aug 22 13:39:41 2013 (5215F87D) CheckSum: 00018399 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01987000 fffff800`0199b000 gdwfpcd64 (deferred) Image path: \SystemRoot\system32\drivers\gdwfpcd64.sys Image name: gdwfpcd64.sys Timestamp: Wed Jul 31 15:03:33 2013 (51F90B25) CheckSum: 0001C083 ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0199b000 fffff800`019c1000 dfsc (deferred) Image path: \SystemRoot\System32\Drivers\dfsc.sys Image name: dfsc.sys Timestamp: Thu Aug 22 13:38:00 2013 (5215F818) CheckSum: 0002BD99 ImageSize: 00026000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`019d1000 fffff800`019d7000 AsIO (deferred) Image path: \SystemRoot\SysWow64\drivers\AsIO.sys Image name: AsIO.sys Timestamp: Wed Aug 22 11:54:47 2012 (5034AC67) CheckSum: 0000EA4F ImageSize: 00006000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`019d7000 fffff800`019ee000 ahcache (deferred) Image path: \SystemRoot\system32\DRIVERS\ahcache.sys Image name: ahcache.sys Timestamp: Thu Aug 22 13:39:54 2013 (5215F88A) CheckSum: 0001ABE5 ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`019ee000 fffff800`019fd000 CompositeBus (deferred) Image path: \SystemRoot\System32\drivers\CompositeBus.sys Image name: CompositeBus.sys Timestamp: Thu Aug 22 13:38:48 2013 (5215F848) CheckSum: 00009752 ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01a00000 fffff800`01a18000 usbehci (deferred) Image path: \SystemRoot\System32\drivers\usbehci.sys Image name: usbehci.sys Timestamp: Thu Aug 22 13:39:15 2013 (5215F863) CheckSum: 00022947 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01a18000 fffff800`01a87000 USBPORT (deferred) Image path: \SystemRoot\System32\drivers\USBPORT.SYS Image name: USBPORT.SYS Timestamp: Thu Aug 22 13:39:40 2013 (5215F87C) CheckSum: 0006F7A9 ImageSize: 0006F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`01ab0000 fffff800`02708000 nvlddmkm (deferred) Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys Image name: nvlddmkm.sys Timestamp: Tue Mar 04 12:07:52 2014 (5315B408) CheckSum: 00C20523 ImageSize: 00C58000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02708000 fffff800`02721000 HDAudBus (deferred) Image path: \SystemRoot\System32\drivers\HDAudBus.sys Image name: HDAudBus.sys Timestamp: Thu Aug 22 13:38:37 2013 (5215F83D) CheckSum: 000162F3 ImageSize: 00019000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02738000 fffff800`0278d000 USBXHCI (deferred) Image path: \SystemRoot\System32\drivers\USBXHCI.SYS Image name: USBXHCI.SYS Timestamp: Wed Jan 08 00:30:49 2014 (52CC8E29) CheckSum: 0005B805 ImageSize: 00055000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0278d000 fffff800`027bf000 ucx01000 (deferred) Image path: \SystemRoot\System32\drivers\ucx01000.sys Image name: ucx01000.sys Timestamp: Thu Aug 22 13:37:32 2013 (5215F7FC) CheckSum: 0003A962 ImageSize: 00032000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`027bf000 fffff800`027db000 TeeDriverx64 (deferred) Image path: \SystemRoot\system32\DRIVERS\TeeDriverx64.sys Image name: TeeDriverx64.sys Timestamp: Thu Sep 05 20:02:18 2013 (5228C72A) CheckSum: 0001ACA6 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02800000 fffff800`0280d000 serenum (deferred) Image path: \SystemRoot\System32\drivers\serenum.sys Image name: serenum.sys Timestamp: Thu Aug 22 13:40:17 2013 (5215F8A1) CheckSum: 0000F7B3 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0280d000 fffff800`02824000 gddcd64 (deferred) Image path: \??\C:\Windows\system32\drivers\gddcd64.sys Image name: gddcd64.sys Timestamp: Fri Jun 21 14:22:53 2013 (51C4459D) CheckSum: 00014B26 ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02824000 fffff800`0284b000 SteelBus64 (deferred) Image path: \SystemRoot\System32\drivers\SteelBus64.sys Image name: SteelBus64.sys Timestamp: Wed Oct 30 17:15:33 2013 (527130A5) CheckSum: 00030AD2 ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0284b000 fffff800`02856000 rdpbus (deferred) Image path: \SystemRoot\System32\drivers\rdpbus.sys Image name: rdpbus.sys Timestamp: Thu Aug 22 13:38:52 2013 (5215F84C) CheckSum: 00010298 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02856000 fffff800`02862000 USBD (deferred) Image path: \SystemRoot\System32\drivers\USBD.SYS Image name: USBD.SYS Timestamp: Thu Aug 22 13:40:22 2013 (5215F8A6) CheckSum: 0000F69F ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02862000 fffff800`02880000 intelppm (deferred) Image path: \SystemRoot\System32\drivers\intelppm.sys Image name: intelppm.sys Timestamp: Thu Aug 22 10:46:35 2013 (5215CFEB) CheckSum: 00026EA5 ImageSize: 0001E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02880000 fffff800`0288a000 wmiacpi (deferred) Image path: \SystemRoot\System32\drivers\wmiacpi.sys Image name: wmiacpi.sys Timestamp: Thu Aug 22 13:40:04 2013 (5215F894) CheckSum: 000113E8 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0288a000 fffff800`02897000 nvvad64v (deferred) Image path: \SystemRoot\system32\drivers\nvvad64v.sys Image name: nvvad64v.sys Timestamp: Fri Dec 27 17:41:28 2013 (52BDADB8) CheckSum: 0000E072 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02897000 fffff800`028de000 portcls (deferred) Image path: \SystemRoot\system32\drivers\portcls.sys Image name: portcls.sys Timestamp: Tue Sep 17 09:01:35 2013 (5237FE4F) CheckSum: 0004830C ImageSize: 00047000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`028de000 fffff800`028fa000 drmk (deferred) Image path: \SystemRoot\system32\drivers\drmk.sys Image name: drmk.sys Timestamp: Thu Aug 22 13:39:24 2013 (5215F86C) CheckSum: 00018FB9 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`028fe000 fffff800`029ca000 Rt630x64 (deferred) Image path: \SystemRoot\system32\DRIVERS\Rt630x64.sys Image name: Rt630x64.sys Timestamp: Fri Jul 26 09:01:35 2013 (51F21ECF) CheckSum: 000D3781 ImageSize: 000CC000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`029ca000 fffff800`029cf300 ksthunk (deferred) Image path: \SystemRoot\system32\drivers\ksthunk.sys Image name: ksthunk.sys Timestamp: Thu Aug 22 13:39:31 2013 (5215F873) CheckSum: 0000B8D5 ImageSize: 00005300 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`029d0000 fffff800`029db000 NdisVirtualBus (deferred) Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys Image name: NdisVirtualBus.sys Timestamp: Thu Aug 22 13:36:25 2013 (5215F7B9) CheckSum: 0000E724 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`029db000 fffff800`029dc600 swenum (deferred) Image path: \SystemRoot\System32\drivers\swenum.sys Image name: swenum.sys Timestamp: Thu Aug 22 13:39:29 2013 (5215F871) CheckSum: 00006844 ImageSize: 00001600 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`029e1000 fffff800`029fb000 serial (deferred) Image path: \SystemRoot\System32\drivers\serial.sys Image name: serial.sys Timestamp: Thu Aug 22 13:40:08 2013 (5215F898) CheckSum: 00021394 ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02a1d000 fffff800`02a95000 UsbHub3 (deferred) Image path: \SystemRoot\System32\drivers\UsbHub3.sys Image name: UsbHub3.sys Timestamp: Tue Sep 17 09:01:13 2013 (5237FE39) CheckSum: 0007F113 ImageSize: 00078000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02a95000 fffff800`02b8f000 HTTP (deferred) Image path: \SystemRoot\system32\drivers\HTTP.sys Image name: HTTP.sys Timestamp: Thu Aug 22 13:37:09 2013 (5215F7E5) CheckSum: 000F7976 ImageSize: 000FA000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02b8f000 fffff800`02bda000 mrxsmb10 (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys Image name: mrxsmb10.sys Timestamp: Thu Aug 22 13:35:42 2013 (5215F78E) CheckSum: 00054B82 ImageSize: 0004B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02bda000 fffff800`02bf7000 Ndu (deferred) Image path: \SystemRoot\system32\drivers\Ndu.sys Image name: Ndu.sys Timestamp: Thu Aug 22 13:35:42 2013 (5215F78E) CheckSum: 000226B3 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02c00000 fffff800`02c17000 mpsdrv (deferred) Image path: \SystemRoot\System32\drivers\mpsdrv.sys Image name: mpsdrv.sys Timestamp: Thu Aug 22 13:36:06 2013 (5215F7A6) CheckSum: 00019FC0 ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02c17000 fffff800`02c83000 mrxsmb (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys Image name: mrxsmb.sys Timestamp: Sat Nov 23 08:08:17 2013 (52905461) CheckSum: 00070263 ImageSize: 0006C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02c83000 fffff800`02cbc000 mrxsmb20 (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys Image name: mrxsmb20.sys Timestamp: Sat Sep 21 09:57:59 2013 (523D5187) CheckSum: 0003580B ImageSize: 00039000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02cbc000 fffff800`02cf5000 fastfat (deferred) Image path: \SystemRoot\System32\Drivers\fastfat.SYS Image name: fastfat.SYS Timestamp: Thu Aug 22 13:40:18 2013 (5215F8A2) CheckSum: 0003780B ImageSize: 00039000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`02cf6000 fffff800`03079980 RTKVHD64 (deferred) Image path: \SystemRoot\system32\drivers\RTKVHD64.sys Image name: RTKVHD64.sys Timestamp: Tue Oct 22 14:31:34 2013 (52667026) CheckSum: 0038FB07 ImageSize: 00383980 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0307a000 fffff800`03088000 hidusb (deferred) Image path: \SystemRoot\System32\drivers\hidusb.sys Image name: hidusb.sys Timestamp: Thu Aug 22 13:38:58 2013 (5215F852) CheckSum: 0000E161 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03088000 fffff800`030a7000 HIDCLASS (deferred) Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS Image name: HIDCLASS.SYS Timestamp: Thu Aug 22 13:39:13 2013 (5215F861) CheckSum: 000270DF ImageSize: 0001F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030a7000 fffff800`030aef00 HIDPARSE (deferred) Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS Image name: HIDPARSE.SYS Timestamp: Thu Aug 22 13:40:26 2013 (5215F8AA) CheckSum: 00008A01 ImageSize: 00007F00 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030af000 fffff800`030bd000 kbdhid (deferred) Image path: \SystemRoot\System32\drivers\kbdhid.sys Image name: kbdhid.sys Timestamp: Thu Aug 22 13:39:13 2013 (5215F861) CheckSum: 00009F8D ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030bd000 fffff800`030cd000 kbdclass (deferred) Image path: \SystemRoot\System32\drivers\kbdclass.sys Image name: kbdclass.sys Timestamp: Thu Aug 22 13:39:23 2013 (5215F86B) CheckSum: 00017EC0 ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030cd000 fffff800`030da000 mouhid (deferred) Image path: \SystemRoot\System32\drivers\mouhid.sys Image name: mouhid.sys Timestamp: Thu Aug 22 13:39:13 2013 (5215F861) CheckSum: 0000F6C4 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030da000 fffff800`030ea000 mouclass (deferred) Image path: \SystemRoot\System32\drivers\mouclass.sys Image name: mouclass.sys Timestamp: Thu Aug 22 13:39:13 2013 (5215F861) CheckSum: 0000CB52 ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030ea000 fffff800`030f6000 dump_diskdump (deferred) Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys Image name: dump_diskdump.sys Timestamp: Thu Aug 22 13:40:18 2013 (5215F8A2) CheckSum: 00014133 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`030f6000 fffff800`03113000 dump_storahci (deferred) Image path: \SystemRoot\System32\Drivers\dump_storahci.sys Image name: dump_storahci.sys Timestamp: Thu Aug 22 13:40:39 2013 (5215F8B7) CheckSum: 00021E30 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03113000 fffff800`03129000 dump_dumpfve (deferred) Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys Image name: dump_dumpfve.sys Timestamp: Thu Aug 22 13:39:55 2013 (5215F88B) CheckSum: 00012A89 ImageSize: 00016000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03129000 fffff800`03132480 SAlpham64 (deferred) Image path: \SystemRoot\System32\drivers\SAlpham64.sys Image name: SAlpham64.sys Timestamp: Fri May 31 16:19:10 2013 (51A8B15E) CheckSum: 0000D535 ImageSize: 00009480 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03133000 fffff800`03159000 USBSTOR (deferred) Image path: \SystemRoot\System32\drivers\USBSTOR.SYS Image name: USBSTOR.SYS Timestamp: Mon Nov 25 00:29:08 2013 (52928BC4) CheckSum: 000278C9 ImageSize: 00026000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03159000 fffff800`03176900 usbaudio (deferred) Image path: \SystemRoot\system32\drivers\usbaudio.sys Image name: usbaudio.sys Timestamp: Fri Dec 13 08:24:20 2013 (52AAB624) CheckSum: 00028810 ImageSize: 0001D900 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03177000 fffff800`0319b000 luafv (deferred) Image path: \SystemRoot\system32\drivers\luafv.sys Image name: luafv.sys Timestamp: Thu Aug 22 13:39:36 2013 (5215F878) CheckSum: 00026C0E ImageSize: 00024000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0319b000 fffff800`031a9000 monitor (deferred) Image path: \SystemRoot\System32\drivers\monitor.sys Image name: monitor.sys Timestamp: Thu Aug 22 13:36:37 2013 (5215F7C5) CheckSum: 00015E6D ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`031a9000 fffff800`031bd000 lltdio (deferred) Image path: \SystemRoot\system32\DRIVERS\lltdio.sys Image name: lltdio.sys Timestamp: Thu Aug 22 13:36:18 2013 (5215F7B2) CheckSum: 00010A57 ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`031bd000 fffff800`031d5000 rspndr (deferred) Image path: \SystemRoot\system32\DRIVERS\rspndr.sys Image name: rspndr.sys Timestamp: Thu Aug 22 13:36:34 2013 (5215F7C2) CheckSum: 0001E4AC ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`031d5000 fffff800`031f5000 bowser (deferred) Image path: \SystemRoot\system32\DRIVERS\bowser.sys Image name: bowser.sys Timestamp: Thu Aug 22 13:38:38 2013 (5215F83E) CheckSum: 0001A48D ImageSize: 00020000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03287000 fffff800`03330000 peauth (deferred) Image path: \SystemRoot\system32\drivers\peauth.sys Image name: peauth.sys Timestamp: Thu Aug 22 13:36:07 2013 (5215F7A7) CheckSum: 000A4E1E ImageSize: 000A9000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03330000 fffff800`0333b000 secdrv (deferred) Image path: \SystemRoot\System32\Drivers\secdrv.SYS Image name: secdrv.SYS Timestamp: Wed Sep 13 15:18:38 2006 (4508052E) CheckSum: 00010B40 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0333b000 fffff800`0337e000 srvnet (deferred) Image path: \SystemRoot\System32\DRIVERS\srvnet.sys Image name: srvnet.sys Timestamp: Wed Sep 11 11:31:45 2013 (52303881) CheckSum: 0003C4F0 ImageSize: 00043000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`0337e000 fffff800`03390000 tcpipreg (deferred) Image path: \SystemRoot\System32\drivers\tcpipreg.sys Image name: tcpipreg.sys Timestamp: Thu Aug 22 13:36:03 2013 (5215F7A3) CheckSum: 000195C4 ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03390000 fffff800`033bd000 tunnel (deferred) Image path: \SystemRoot\system32\DRIVERS\tunnel.sys Image name: tunnel.sys Timestamp: Thu Aug 22 13:35:45 2013 (5215F791) CheckSum: 0002B6E4 ImageSize: 0002D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`033bd000 fffff800`033da000 hiber_storahci (deferred) Image path: \SystemRoot\System32\Drivers\hiber_storahci.sys Image name: hiber_storahci.sys Timestamp: Thu Aug 22 13:40:39 2013 (5215F8B7) CheckSum: 00021E30 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`033da000 fffff800`033f0000 hiber_dumpfve (deferred) Image path: \SystemRoot\System32\Drivers\hiber_dumpfve.sys Image name: hiber_dumpfve.sys Timestamp: Thu Aug 22 13:39:55 2013 (5215F88B) CheckSum: 00012A89 ImageSize: 00016000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03400000 fffff800`03498000 srv (deferred) Image path: \SystemRoot\System32\DRIVERS\srv.sys Image name: srv.sys Timestamp: Sat Oct 05 13:01:15 2013 (524FF17B) CheckSum: 000789BB ImageSize: 00098000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03498000 fffff800`034b9000 WudfPf (deferred) Image path: \SystemRoot\system32\drivers\WudfPf.sys Image name: WudfPf.sys Timestamp: Thu Aug 22 13:37:21 2013 (5215F7F1) CheckSum: 00026D0B ImageSize: 00021000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`034b9000 fffff800`034c5000 hiber_diskdump (deferred) Image path: \SystemRoot\System32\Drivers\hiber_diskdump.sys Image name: hiber_diskdump.sys Timestamp: Thu Aug 22 13:40:18 2013 (5215F8A2) CheckSum: 00014133 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`034c5000 fffff800`03572000 srv2 (deferred) Image path: \SystemRoot\System32\DRIVERS\srv2.sys Image name: srv2.sys Timestamp: Sat Sep 21 09:58:17 2013 (523D5199) CheckSum: 000B1977 ImageSize: 000AD000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`03572000 fffff800`035b0000 WUDFRd (deferred) Image path: \SystemRoot\system32\DRIVERS\WUDFRd.sys Image name: WUDFRd.sys Timestamp: Thu Aug 22 13:36:50 2013 (5215F7D2) CheckSum: 0003DD8A ImageSize: 0003E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`035b0000 fffff800`035bb000 WpdUpFltr (deferred) Image path: \SystemRoot\System32\drivers\WpdUpFltr.sys Image name: WpdUpFltr.sys Timestamp: Thu Aug 22 13:38:45 2013 (5215F845) CheckSum: 00009D60 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`035bb000 fffff800`035d2000 PktIcpt (deferred) Image path: \??\C:\Windows\system32\drivers\PktIcpt.sys Image name: PktIcpt.sys Timestamp: Fri Aug 02 03:51:52 2013 (51FB10B8) CheckSum: 0001D9CD ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`035d2000 fffff800`035e8000 mslldp (deferred) Image path: \SystemRoot\system32\DRIVERS\mslldp.sys Image name: mslldp.sys Timestamp: Thu Aug 22 13:36:07 2013 (5215F7A7) CheckSum: 00017750 ImageSize: 00016000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`035e8000 fffff800`035f8000 condrv (deferred) Image path: \SystemRoot\System32\drivers\condrv.sys Image name: condrv.sys Timestamp: Thu Aug 22 13:40:17 2013 (5215F8A1) CheckSum: 000124B2 ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff802`5645e000 fffff802`56467000 kd (deferred) Image path: \SystemRoot\system32\kd.dll Image name: kd.dll Timestamp: Thu Aug 22 13:40:43 2013 (5215F8BB) CheckSum: 000068C8 ImageSize: 00009000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff802`5700f000 fffff802`57790000 nt T (no symbols) Loaded symbol image file: ntoskrnl.exe Image path: \SystemRoot\system32\ntoskrnl.exe Image name: ntoskrnl.exe Timestamp: Wed Oct 30 23:52:12 2013 (52718D9C) CheckSum: 007120D6 ImageSize: 00781000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff802`57790000 fffff802`577ff000 hal (deferred) Image path: \SystemRoot\system32\hal.dll Image name: hal.dll Timestamp: Fri Dec 27 13:15:40 2013 (52BD6F6C) CheckSum: 0006F3F2 ImageSize: 0006F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff960`00097000 fffff960`004b0000 win32k (deferred) Image path: \SystemRoot\System32\win32k.sys Image name: win32k.sys Timestamp: unavailable (00000000) CheckSum: 00000000 ImageSize: 00419000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff960`006db000 fffff960`006e4000 TSDDD (deferred) Image path: \SystemRoot\System32\TSDDD.dll Image name: TSDDD.dll Timestamp: unavailable (00000000) CheckSum: 00000000 ImageSize: 00009000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff960`00808000 fffff960`00843000 cdd (deferred) Image path: \SystemRoot\System32\cdd.dll Image name: cdd.dll Timestamp: unavailable (00000000) CheckSum: 00000000 ImageSize: 0003B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Unloaded modules: fffff800`035b0000 fffff800`035ee000 WUDFRd.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0003E000 fffff800`03572000 fffff800`035b0000 WUDFRd.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0003E000 fffff800`03498000 fffff800`034c5000 tunnel.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0002D000 fffff800`0106b000 fffff800`01077000 dump_storpor Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000C000 fffff800`01077000 fffff800`01094000 dump_storahc Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`01094000 fffff800`010aa000 dump_dumpfve Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00016000 fffff800`02824000 fffff800`02862000 WUDFRd.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0003E000 fffff800`029ca000 fffff800`029e1000 gddcd64.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00017000 fffff800`027db000 fffff800`027f2000 gddcd64.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00017000 fffff800`02721000 fffff800`02738000 gddcd64.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00017000 fffff800`019c1000 fffff800`019d1000 dam.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00010000 fffff800`01197000 fffff800`011a3000 hwpolicy.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000C000