dump says it is the fileinfo.sys
\SystemRoot\System32\drivers\fileinfo.sys
crashes on
Code:
nt!PfpRpFileKeyUpdate+0x41a
Code:
Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\STORMS~1\AppData\Local\Temp\112715-11343-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
Windows 10 Kernel Version 10586 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 10586.11.amd64fre.th2_release.151112-1900
Machine Name:
Kernel base = 0xfffff803`6a21c000 PsLoadedModuleList = 0xfffff803`6a4fac70
Debug session time: Sat Nov 28 01:10:46.298 2015 (UTC + 1:00)
System Uptime: 0 days 2:10:51.981
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff8036a5f656a, ffffd000243b10f8, ffffd000243b0910}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamLog+155 )
Followup: MachineOwner
---------
1: kd> .ecxr
Unable to get exception context, HRESULT 0x8000FFFF
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8036a5f656a, The address that the exception occurred at
Arg3: ffffd000243b10f8, Exception Record Address
Arg4: ffffd000243b0910, Context Record Address
Debugging Details:
------------------
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_DATE: 10/13/2015
BASEBOARD_PRODUCT: Z97 Anniversary
BASEBOARD_VERSION:
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8036a5f656a
BUGCHECK_P3: ffffd000243b10f8
BUGCHECK_P4: ffffd000243b0910
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i 0x%p refererte minne ved adressen 0x%p. Minnet kunne ikke v re %s.
FAULTING_IP:
nt!PfpRpFileKeyUpdate+41a
fffff803`6a5f656a 488b4108 mov rax,qword ptr [rcx+8]
EXCEPTION_RECORD: ffffd000243b10f8 -- (.exr 0xffffd000243b10f8)
ExceptionAddress: fffff8036a5f656a (nt!PfpRpFileKeyUpdate+0x000000000000041a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffd000243b0910 -- (.cxr 0xffffd000243b0910)
rax=004f004f004c0054 rbx=ffffffffffffffff rcx=0055004f0067006e
rdx=ffffc0003c63b7a0 rsi=8000000000000002 rdi=0000000000000000
rip=fffff8036a5f656a rsp=ffffd000243b1330 rbp=ffffd000243b1439
r8=0f505d821ea9f122 r9=0000000000008000 r10=ffffc0003a912150
r11=ffffffffffffffff r12=0000000000000000 r13=ffffc0003a912150
r14=0000000000000000 r15=fffff8036a51bf18
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!PfpRpFileKeyUpdate+0x41a:
fffff803`6a5f656a 488b4108 mov rax,qword ptr [rcx+8] ds:002b:0055004f`00670076=????????????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: cdc
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i 0x%p refererte minne ved adressen 0x%p. Minnet kunne ikke v re %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: fffff8036a59a520: Unable to get MiVisibleState
ffffffffffffffff
FOLLOWUP_IP:
fileinfo!FIStreamLog+155
fffff800`5537c245 4c8b5d18 mov r11,qword ptr [rbp+18h]
BUGCHECK_STR: AV
ANALYSIS_VERSION: 10.0.10240.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff8036a27b064 to fffff8036a5f656a
STACK_TEXT:
ffffd000`243b1330 fffff803`6a27b064 : ffffd000`243b15c0 ffffd000`00000000 ffffd000`243b15c0 ffffc000`3a912150 : nt!PfpRpFileKeyUpdate+0x41a
ffffd000`243b13b0 fffff800`5537c245 : c0003a55`61500400 c0003a55`61580400 00000000`00000000 00000000`00000000 : nt!PfFileInfoNotify+0x5e4
ffffd000`243b14a0 fffff800`5537bb3f : ffffe000`00000000 ffffc000`3a8ff760 ffffe000`c9fd33f0 00000000`00000000 : fileinfo!FIStreamLog+0x155
ffffd000`243b15a0 fffff800`5470a5d8 : ffffe000`d1be5658 fffff800`00000001 ffffe000`d1be5658 00000000`00000706 : fileinfo!FIStreamCleanup+0x9f
ffffd000`243b1600 fffff800`547366bf : ffffe000`d1be5660 00000000`00000000 00000000`00000000 ffffe000`cc9db588 : FLTMGR!DoReleaseContext+0x78
ffffd000`243b1640 fffff800`5473871a : ffffe000`d1be5658 00000000`00000705 ffffffff`ffffffff ffffe000`cc9db010 : FLTMGR!FltpDeleteContextList+0xaf
ffffd000`243b1670 fffff800`5473a032 : ffffe000`d1be5610 ffffe000`ce0c6180 00000000`00000702 00000000`00000000 : FLTMGR!CleanupStreamListCtrl+0x4a
ffffd000`243b16b0 fffff803`6a68c1ea : 00000000`00000000 ffffc000`6f725346 fffff800`55e39000 fffff800`55dc533b : FLTMGR!DeleteStreamListCtrlCallback+0x92
ffffd000`243b16f0 fffff800`55e9d0f5 : ffffc000`3a912150 ffffe000`d1be5618 ffffd000`243b1828 ffffe000`ce0c6180 : nt!FsRtlTeardownPerStreamContexts+0x5a
ffffd000`243b1740 fffff800`55e9cee2 : ffffe001`01000000 00000000`00000000 ffffe000`ce0c6180 fffff800`55dcdb26 : NTFS!NtfsDeleteScb+0x145
ffffd000`243b17e0 fffff800`55dd5a83 : 00000000`00000000 ffffc000`3a912150 00000000`00000000 ffffc000`3a912048 : NTFS!NtfsRemoveScb+0x62
ffffd000`243b1820 fffff800`55e9cc60 : ffffc000`3a912010 ffffd000`243b1a80 ffffe000`d091e9e8 fffff800`55dcd66d : NTFS!NtfsPrepareFcbForRemoval+0x63
ffffd000`243b1860 fffff800`55dcca80 : ffffe000`d091e9e8 ffffd000`243b1963 ffffc000`3a912420 ffffc000`3a912010 : NTFS!NtfsTeardownStructures+0x90
ffffd000`243b18e0 fffff800`55e84aeb : ffffd000`243b1ab8 ffffd000`00000001 ffffd000`243b1a80 ffffc000`3a912010 : NTFS!NtfsDecrementCloseCounts+0xd0
ffffd000`243b1920 fffff800`55ec0112 : ffffe000`d091e9e8 ffffc000`3a912150 ffffc000`3a912010 ffffe000`ce0c6180 : NTFS!NtfsCommonClose+0x40b
ffffd000`243b19f0 fffff803`6a286b79 : fffff803`6a5af200 ffffe000`cd5d4040 00000000`00000000 fffff803`6a51daa8 : NTFS!NtfsFspCloseInternal+0x1a6
ffffd000`243b1b80 fffff803`6a225125 : 00000000`00000000 00000000`00000080 ffffe000`c8892700 ffffe000`cd5d4040 : nt!ExpWorkerThread+0xe9
ffffd000`243b1c10 fffff803`6a363606 : ffffd000`795b6180 ffffe000`cd5d4040 fffff803`6a2250e4 fffff800`55ae205e : nt!PspSystemThreadStartup+0x41
ffffd000`243b1c60 00000000`00000000 : ffffd000`243b2000 ffffd000`243ac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: fileinfo!FIStreamLog+155
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5632d7dd
IMAGE_VERSION: 10.0.10586.0
STACK_COMMAND: .cxr 0xffffd000243b0910 ; kb
BUCKET_ID_FUNC_OFFSET: 155
FAILURE_BUCKET_ID: AV_fileinfo!FIStreamLog
BUCKET_ID: AV_fileinfo!FIStreamLog
PRIMARY_PROBLEM_CLASS: AV_fileinfo!FIStreamLog
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_fileinfo!fistreamlog
FAILURE_ID_HASH: {fe921cf1-eb48-5a69-fae6-1cebd1abe45d}
Followup: MachineOwner
---------
1: kd> .ecxr
Unable to get exception context, HRESULT 0x8000FFFF
1: kd> kd
ffffd000`243b13a0 243b14e8
ffffd000`243b13a4 ffffd000
ffffd000`243b13a8 6a27b064
ffffd000`243b13ac fffff803
ffffd000`243b13b0 243b15c0
ffffd000`243b13b4 ffffd000
ffffd000`243b13b8 00000000
ffffd000`243b13bc ffffd000
ffffd000`243b13c0 243b15c0
ffffd000`243b13c4 ffffd000
ffffd000`243b13c8 3a912150
ffffd000`243b13cc ffffc000
ffffd000`243b13d0 60800400
ffffd000`243b13d4 c0003a55
ffffd000`243b13d8 60880400
ffffd000`243b13dc c0003a55
ffffd000`243b13e0 60900400
ffffd000`243b13e4 c0003a55
ffffd000`243b13e8 60980400
ffffd000`243b13ec c0003a55
ffffd000`243b13f0 60a00400
ffffd000`243b13f4 c0003a55
ffffd000`243b13f8 60a80400
ffffd000`243b13fc c0003a55
ffffd000`243b1400 60b00400
ffffd000`243b1404 c0003a55
ffffd000`243b1408 60b80400
ffffd000`243b140c c0003a55
ffffd000`243b1410 60c00400
ffffd000`243b1414 c0003a55
ffffd000`243b1418 60c80400
ffffd000`243b141c c0003a55
ffffd000`243b1420 60d00400
ffffd000`243b1424 c0003a55
ffffd000`243b1428 60d80400
ffffd000`243b142c c0003a55
ffffd000`243b1430 60e00400
ffffd000`243b1434 c0003a55
ffffd000`243b1438 60e80400
ffffd000`243b143c c0003a55
ffffd000`243b1440 60f00400
ffffd000`243b1444 c0003a55
ffffd000`243b1448 60f80400
ffffd000`243b144c c0003a55
ffffd000`243b1450 61000400
ffffd000`243b1454 c0003a55
ffffd000`243b1458 d091e9e8
ffffd000`243b145c ffffe000
ffffd000`243b1460 00000706
ffffd000`243b1464 00000000
ffffd000`243b1468 00000000
ffffd000`243b146c 00000000
ffffd000`243b1470 00000000
ffffd000`243b1474 00000000
ffffd000`243b1478 00000000
ffffd000`243b147c 00000000
ffffd000`243b1480 00000000
ffffd000`243b1484 00000000
ffffd000`243b1488 243b15c0
ffffd000`243b148c ffffd000
ffffd000`243b1490 243b14e0
ffffd000`243b1494 ffffd000
ffffd000`243b1498 5537c245
ffffd000`243b149c fffff800
ffffd000`243b14a0 61500400
ffffd000`243b14a4 c0003a55
ffffd000`243b14a8 61580400
ffffd000`243b14ac c0003a55
ffffd000`243b14b0 00000000
ffffd000`243b14b4 00000000
ffffd000`243b14b8 00000000
ffffd000`243b14bc 00000000
ffffd000`243b14c0 61700400
ffffd000`243b14c4 c0003a55
ffffd000`243b14c8 61780400
ffffd000`243b14cc c0003a55
ffffd000`243b14d0 61800400
ffffd000`243b14d4 c0003a55
ffffd000`243b14d8 61880400
ffffd000`243b14dc c0003a55
ffffd000`243b14e0 61900400
ffffd000`243b14e4 c0003a55
ffffd000`243b14e8 0000000d
ffffd000`243b14ec 00000003
ffffd000`243b14f0 00000001
ffffd000`243b14f4 00000000
ffffd000`243b14f8 243b1510
ffffd000`243b14fc ffffd000
ffffd000`243b1500 61b00400
ffffd000`243b1504 c0003a55
ffffd000`243b1508 61b80400
ffffd000`243b150c c0003a55
ffffd000`243b1510 00000000
ffffd000`243b1514 00000000
ffffd000`243b1518 ce0c6030
ffffd000`243b151c ffffe000
ffffd000`243b1520 3a912150
ffffd000`243b1524 ffffc000
ffffd000`243b1528 30f370e0
ffffd000`243b152c ffffc000
ffffd000`243b1530 00b70017
ffffd000`243b1534 ffffe000
ffffd000`243b1538 1b60ef88
ffffd000`243b153c 0001b530
ffffd000`243b1540 00000001
ffffd000`243b1544 c0003a55
ffffd000`243b1548 61f80400
ffffd000`243b154c c0003a55
ffffd000`243b1550 32bfd7b0
ffffd000`243b1554 ffffc000
ffffd000`243b1558 c8948a90
ffffd000`243b155c ffffe000
ffffd000`243b1560 d091e9e8
ffffd000`243b1564 ffffe000
ffffd000`243b1568 553717aa
ffffd000`243b156c fffff800
ffffd000`243b1570 00000000
ffffd000`243b1574 00000000
ffffd000`243b1578 f159090a
ffffd000`243b157c ffff2f17
ffffd000`243b1580 c9fd33f0
ffffd000`243b1584 ffffe000
ffffd000`243b1588 00000000
ffffd000`243b158c 00000000
ffffd000`243b1590 54700000
ffffd000`243b1594 fffff800
ffffd000`243b1598 5537bb3f
ffffd000`243b159c fffff800
ffffd000`243b15a0 00000000
ffffd000`243b15a4 ffffe000
ffffd000`243b15a8 3a8ff760
ffffd000`243b15ac ffffc000
ffffd000`243b15b0 c9fd33f0
ffffd000`243b15b4 ffffe000
ffffd000`243b15b8 00000000
ffffd000`243b15bc 00000000
ffffd000`243b15c0 00000019
ffffd000`243b15c4 00000000
ffffd000`243b15c8 3a8ff760
ffffd000`243b15cc ffffc000
ffffd000`243b15d0 00000003
ffffd000`243b15d4 ffffe000
ffffd000`243b15d8 3a8ff790
ffffd000`243b15dc ffffc000
ffffd000`243b15e0 00000000
ffffd000`243b15e4 00000000
ffffd000`243b15e8 00000000
ffffd000`243b15ec 00000000
ffffd000`243b15f0 3a8ff700
ffffd000`243b15f4 ffffc000
ffffd000`243b15f8 5470a5d8
ffffd000`243b15fc fffff800
ffffd000`243b1600 d1be5658
ffffd000`243b1604 ffffe000
ffffd000`243b1608 00000001
ffffd000`243b160c fffff800
ffffd000`243b1610 d1be5658
ffffd000`243b1614 ffffe000
ffffd000`243b1618 00000706
ffffd000`243b161c 00000000
ffffd000`243b1620 ffffffff
ffffd000`243b1624 ffffffff
ffffd000`243b1628 d1be5658
ffffd000`243b162c ffffe000
ffffd000`243b1630 3a8ff718
ffffd000`243b1634 ffffc000
ffffd000`243b1638 547366bf
ffffd000`243b163c fffff800
ffffd000`243b1640 d1be5660
ffffd000`243b1644 ffffe000
ffffd000`243b1648 00000000
ffffd000`243b164c 00000000
ffffd000`243b1650 00000000
ffffd000`243b1654 00000000
ffffd000`243b1658 cc9db588
ffffd000`243b165c ffffe000
ffffd000`243b1660 d1be5610
ffffd000`243b1664 ffffe000
ffffd000`243b1668 5473871a
ffffd000`243b166c fffff800
ffffd000`243b1670 d1be5658
ffffd000`243b1674 ffffe000
ffffd000`243b1678 00000705
ffffd000`243b167c 00000000
ffffd000`243b1680 ffffffff
ffffd000`243b1684 ffffffff
ffffd000`243b1688 cc9db010
ffffd000`243b168c ffffe000
ffffd000`243b1690 ce0c6180
ffffd000`243b1694 ffffe000
ffffd000`243b1698 d1be5610
ffffd000`243b169c ffffe000
ffffd000`243b16a0 cc9db010
ffffd000`243b16a4 ffffe000
ffffd000`243b16a8 5473a032
ffffd000`243b16ac fffff800
ffffd000`243b16b0 d1be5610
ffffd000`243b16b4 ffffe000
ffffd000`243b16b8 ce0c6180
ffffd000`243b16bc ffffe000
ffffd000`243b16c0 00000702
ffffd000`243b16c4 00000000
ffffd000`243b16c8 00000000
ffffd000`243b16cc 00000000
ffffd000`243b16d0 29d94fa8
ffffd000`243b16d4 ffffc000
ffffd000`243b16d8 6a2f0e0d
ffffd000`243b16dc fffff803
ffffd000`243b16e0 3a912150
ffffd000`243b16e4 ffffc000
ffffd000`243b16e8 6a68c1ea
ffffd000`243b16ec fffff803
ffffd000`243b16f0 00000000
ffffd000`243b16f4 00000000
ffffd000`243b16f8 6f725346
ffffd000`243b16fc ffffc000
ffffd000`243b1700 55e39000
ffffd000`243b1704 fffff800
ffffd000`243b1708 55dc533b
ffffd000`243b170c fffff800
ffffd000`243b1710 243b17f0
ffffd000`243b1714 ffffd000
ffffd000`243b1718 243b1a00
ffffd000`243b171c ffffd000
ffffd000`243b1720 d091e9e8
ffffd000`243b1724 ffffe000
ffffd000`243b1728 00000706
ffffd000`243b172c 00000000
ffffd000`243b1730 00000705
ffffd000`243b1734 00000000
ffffd000`243b1738 55e9d0f5
ffffd000`243b173c fffff800
ffffd000`243b1740 3a912150
ffffd000`243b1744 ffffc000
ffffd000`243b1748 d1be5618
ffffd000`243b174c ffffe000
ffffd000`243b1750 243b1828
ffffd000`243b1754 ffffd000
ffffd000`243b1758 ce0c6180
ffffd000`243b175c ffffe000
ffffd000`243b1760 00016e01
ffffd000`243b1764 00010000
ffffd000`243b1768 00000000
ffffd000`243b176c 00000000
ffffd000`243b1770 00000000
ffffd000`243b1774 00000000
ffffd000`243b1778 ce0c6180
ffffd000`243b177c ffffe000
ffffd000`243b1780 00000000
ffffd000`243b1784 00000000
ffffd000`243b1788 3a911400
ffffd000`243b178c ffffc000
ffffd000`243b1790 d2e45018
ffffd000`243b1794 ffffe000
ffffd000`243b1798 3a911010
ffffd000`243b179c ffffc000
1: kd> kb
# RetAddr : Args to Child : Call Site
00 fffff803`6a27b064 : ffffd000`243b15c0 ffffd000`00000000 ffffd000`243b15c0 ffffc000`3a912150 : nt!PfpRpFileKeyUpdate+0x41a
01 fffff800`5537c245 : c0003a55`61500400 c0003a55`61580400 00000000`00000000 00000000`00000000 : nt!PfFileInfoNotify+0x5e4
02 fffff800`5537bb3f : ffffe000`00000000 ffffc000`3a8ff760 ffffe000`c9fd33f0 00000000`00000000 : fileinfo!FIStreamLog+0x155
03 fffff800`5470a5d8 : ffffe000`d1be5658 fffff800`00000001 ffffe000`d1be5658 00000000`00000706 : fileinfo!FIStreamCleanup+0x9f
04 fffff800`547366bf : ffffe000`d1be5660 00000000`00000000 00000000`00000000 ffffe000`cc9db588 : FLTMGR!DoReleaseContext+0x78
05 fffff800`5473871a : ffffe000`d1be5658 00000000`00000705 ffffffff`ffffffff ffffe000`cc9db010 : FLTMGR!FltpDeleteContextList+0xaf
06 fffff800`5473a032 : ffffe000`d1be5610 ffffe000`ce0c6180 00000000`00000702 00000000`00000000 : FLTMGR!CleanupStreamListCtrl+0x4a
07 fffff803`6a68c1ea : 00000000`00000000 ffffc000`6f725346 fffff800`55e39000 fffff800`55dc533b : FLTMGR!DeleteStreamListCtrlCallback+0x92
08 fffff800`55e9d0f5 : ffffc000`3a912150 ffffe000`d1be5618 ffffd000`243b1828 ffffe000`ce0c6180 : nt!FsRtlTeardownPerStreamContexts+0x5a
09 fffff800`55e9cee2 : ffffe001`01000000 00000000`00000000 ffffe000`ce0c6180 fffff800`55dcdb26 : NTFS!NtfsDeleteScb+0x145
0a fffff800`55dd5a83 : 00000000`00000000 ffffc000`3a912150 00000000`00000000 ffffc000`3a912048 : NTFS!NtfsRemoveScb+0x62
0b fffff800`55e9cc60 : ffffc000`3a912010 ffffd000`243b1a80 ffffe000`d091e9e8 fffff800`55dcd66d : NTFS!NtfsPrepareFcbForRemoval+0x63
0c fffff800`55dcca80 : ffffe000`d091e9e8 ffffd000`243b1963 ffffc000`3a912420 ffffc000`3a912010 : NTFS!NtfsTeardownStructures+0x90
0d fffff800`55e84aeb : ffffd000`243b1ab8 ffffd000`00000001 ffffd000`243b1a80 ffffc000`3a912010 : NTFS!NtfsDecrementCloseCounts+0xd0
0e fffff800`55ec0112 : ffffe000`d091e9e8 ffffc000`3a912150 ffffc000`3a912010 ffffe000`ce0c6180 : NTFS!NtfsCommonClose+0x40b
0f fffff803`6a286b79 : fffff803`6a5af200 ffffe000`cd5d4040 00000000`00000000 fffff803`6a51daa8 : NTFS!NtfsFspCloseInternal+0x1a6
10 fffff803`6a225125 : 00000000`00000000 00000000`00000080 ffffe000`c8892700 ffffe000`cd5d4040 : nt!ExpWorkerThread+0xe9
11 fffff803`6a363606 : ffffd000`795b6180 ffffe000`cd5d4040 fffff803`6a2250e4 fffff800`55ae205e : nt!PspSystemThreadStartup+0x41
12 00000000`00000000 : ffffd000`243b2000 ffffd000`243ac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
1: kd> lmvm fileinfo
Browse full module list
start end module name
fffff800`55370000 fffff800`55389000 fileinfo (pdb symbols) c:\symbols\fileinfo.pdb\EDAC3E964274474F9DEBCB699A8AF6651\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: c:\symbols\fileinfo.sys\5632D7DD19000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:17 2015 (5632D7DD)
CheckSum: 000200B3
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
1: kd> lmDvmfileinfo
Browse full module list
start end module name
fffff800`55370000 fffff800`55389000 fileinfo (pdb symbols) c:\symbols\fileinfo.pdb\EDAC3E964274474F9DEBCB699A8AF6651\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: c:\symbols\fileinfo.sys\5632D7DD19000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:17 2015 (5632D7DD)
CheckSum: 000200B3
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
1: kd> .lastevent
Last event: Break instruction exception - code 80000003 (first/second chance not available)
debugger time: Sat Nov 28 12:25:16.422 2015 (UTC + 1:00)
1: kd> .frame 0n0;dv /t /v
00 ffffd000`243b1330 fffff803`6a27b064 nt!PfpRpFileKeyUpdate+0x41a
Unable to enumerate locals, HRESULT 0x80004005
Private symbols (symbols.pri) are required for locals.
Type ".hh dbgerr005" for details.
windbg> .hh dbgerr005
1: kd> lmDvmfileinfo
Browse full module list
start end module name
fffff800`55370000 fffff800`55389000 fileinfo (pdb symbols) c:\symbols\fileinfo.pdb\EDAC3E964274474F9DEBCB699A8AF6651\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: c:\symbols\fileinfo.sys\5632D7DD19000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:17 2015 (5632D7DD)
CheckSum: 000200B3
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
1: kd> kb
# RetAddr : Args to Child : Call Site
00 fffff803`6a27b064 : ffffd000`243b15c0 ffffd000`00000000 ffffd000`243b15c0 ffffc000`3a912150 : nt!PfpRpFileKeyUpdate+0x41a
01 fffff800`5537c245 : c0003a55`61500400 c0003a55`61580400 00000000`00000000 00000000`00000000 : nt!PfFileInfoNotify+0x5e4
02 fffff800`5537bb3f : ffffe000`00000000 ffffc000`3a8ff760 ffffe000`c9fd33f0 00000000`00000000 : fileinfo!FIStreamLog+0x155
03 fffff800`5470a5d8 : ffffe000`d1be5658 fffff800`00000001 ffffe000`d1be5658 00000000`00000706 : fileinfo!FIStreamCleanup+0x9f
04 fffff800`547366bf : ffffe000`d1be5660 00000000`00000000 00000000`00000000 ffffe000`cc9db588 : FLTMGR!DoReleaseContext+0x78
05 fffff800`5473871a : ffffe000`d1be5658 00000000`00000705 ffffffff`ffffffff ffffe000`cc9db010 : FLTMGR!FltpDeleteContextList+0xaf
06 fffff800`5473a032 : ffffe000`d1be5610 ffffe000`ce0c6180 00000000`00000702 00000000`00000000 : FLTMGR!CleanupStreamListCtrl+0x4a
07 fffff803`6a68c1ea : 00000000`00000000 ffffc000`6f725346 fffff800`55e39000 fffff800`55dc533b : FLTMGR!DeleteStreamListCtrlCallback+0x92
08 fffff800`55e9d0f5 : ffffc000`3a912150 ffffe000`d1be5618 ffffd000`243b1828 ffffe000`ce0c6180 : nt!FsRtlTeardownPerStreamContexts+0x5a
09 fffff800`55e9cee2 : ffffe001`01000000 00000000`00000000 ffffe000`ce0c6180 fffff800`55dcdb26 : NTFS!NtfsDeleteScb+0x145
0a fffff800`55dd5a83 : 00000000`00000000 ffffc000`3a912150 00000000`00000000 ffffc000`3a912048 : NTFS!NtfsRemoveScb+0x62
0b fffff800`55e9cc60 : ffffc000`3a912010 ffffd000`243b1a80 ffffe000`d091e9e8 fffff800`55dcd66d : NTFS!NtfsPrepareFcbForRemoval+0x63
0c fffff800`55dcca80 : ffffe000`d091e9e8 ffffd000`243b1963 ffffc000`3a912420 ffffc000`3a912010 : NTFS!NtfsTeardownStructures+0x90
0d fffff800`55e84aeb : ffffd000`243b1ab8 ffffd000`00000001 ffffd000`243b1a80 ffffc000`3a912010 : NTFS!NtfsDecrementCloseCounts+0xd0
0e fffff800`55ec0112 : ffffe000`d091e9e8 ffffc000`3a912150 ffffc000`3a912010 ffffe000`ce0c6180 : NTFS!NtfsCommonClose+0x40b
0f fffff803`6a286b79 : fffff803`6a5af200 ffffe000`cd5d4040 00000000`00000000 fffff803`6a51daa8 : NTFS!NtfsFspCloseInternal+0x1a6
10 fffff803`6a225125 : 00000000`00000000 00000000`00000080 ffffe000`c8892700 ffffe000`cd5d4040 : nt!ExpWorkerThread+0xe9
11 fffff803`6a363606 : ffffd000`795b6180 ffffe000`cd5d4040 fffff803`6a2250e4 fffff800`55ae205e : nt!PspSystemThreadStartup+0x41
12 00000000`00000000 : ffffd000`243b2000 ffffd000`243ac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
1: kd> kd
ffffd000`243b13a0 243b14e8
ffffd000`243b13a4 ffffd000
ffffd000`243b13a8 6a27b064
ffffd000`243b13ac fffff803
ffffd000`243b13b0 243b15c0
ffffd000`243b13b4 ffffd000
ffffd000`243b13b8 00000000
ffffd000`243b13bc ffffd000
ffffd000`243b13c0 243b15c0
ffffd000`243b13c4 ffffd000
ffffd000`243b13c8 3a912150
ffffd000`243b13cc ffffc000
ffffd000`243b13d0 60800400
ffffd000`243b13d4 c0003a55
ffffd000`243b13d8 60880400
ffffd000`243b13dc c0003a55
ffffd000`243b13e0 60900400
ffffd000`243b13e4 c0003a55
ffffd000`243b13e8 60980400
ffffd000`243b13ec c0003a55
ffffd000`243b13f0 60a00400
ffffd000`243b13f4 c0003a55
ffffd000`243b13f8 60a80400
ffffd000`243b13fc c0003a55
ffffd000`243b1400 60b00400
ffffd000`243b1404 c0003a55
ffffd000`243b1408 60b80400
ffffd000`243b140c c0003a55
ffffd000`243b1410 60c00400
ffffd000`243b1414 c0003a55
ffffd000`243b1418 60c80400
ffffd000`243b141c c0003a55
ffffd000`243b1420 60d00400
ffffd000`243b1424 c0003a55
ffffd000`243b1428 60d80400
ffffd000`243b142c c0003a55
ffffd000`243b1430 60e00400
ffffd000`243b1434 c0003a55
ffffd000`243b1438 60e80400
ffffd000`243b143c c0003a55
ffffd000`243b1440 60f00400
ffffd000`243b1444 c0003a55
ffffd000`243b1448 60f80400
ffffd000`243b144c c0003a55
ffffd000`243b1450 61000400
ffffd000`243b1454 c0003a55
ffffd000`243b1458 d091e9e8
ffffd000`243b145c ffffe000
ffffd000`243b1460 00000706
ffffd000`243b1464 00000000
ffffd000`243b1468 00000000
ffffd000`243b146c 00000000
ffffd000`243b1470 00000000
ffffd000`243b1474 00000000
ffffd000`243b1478 00000000
ffffd000`243b147c 00000000
ffffd000`243b1480 00000000
ffffd000`243b1484 00000000
ffffd000`243b1488 243b15c0
ffffd000`243b148c ffffd000
ffffd000`243b1490 243b14e0
ffffd000`243b1494 ffffd000
ffffd000`243b1498 5537c245
ffffd000`243b149c fffff800
ffffd000`243b14a0 61500400
ffffd000`243b14a4 c0003a55
ffffd000`243b14a8 61580400
ffffd000`243b14ac c0003a55
ffffd000`243b14b0 00000000
ffffd000`243b14b4 00000000
ffffd000`243b14b8 00000000
ffffd000`243b14bc 00000000
ffffd000`243b14c0 61700400
ffffd000`243b14c4 c0003a55
ffffd000`243b14c8 61780400
ffffd000`243b14cc c0003a55
ffffd000`243b14d0 61800400
ffffd000`243b14d4 c0003a55
ffffd000`243b14d8 61880400
ffffd000`243b14dc c0003a55
ffffd000`243b14e0 61900400
ffffd000`243b14e4 c0003a55
ffffd000`243b14e8 0000000d
ffffd000`243b14ec 00000003
ffffd000`243b14f0 00000001
ffffd000`243b14f4 00000000
ffffd000`243b14f8 243b1510
ffffd000`243b14fc ffffd000
ffffd000`243b1500 61b00400
ffffd000`243b1504 c0003a55
ffffd000`243b1508 61b80400
ffffd000`243b150c c0003a55
ffffd000`243b1510 00000000
ffffd000`243b1514 00000000
ffffd000`243b1518 ce0c6030
ffffd000`243b151c ffffe000
ffffd000`243b1520 3a912150
ffffd000`243b1524 ffffc000
ffffd000`243b1528 30f370e0
ffffd000`243b152c ffffc000
ffffd000`243b1530 00b70017
ffffd000`243b1534 ffffe000
ffffd000`243b1538 1b60ef88
ffffd000`243b153c 0001b530
ffffd000`243b1540 00000001
ffffd000`243b1544 c0003a55
ffffd000`243b1548 61f80400
ffffd000`243b154c c0003a55
ffffd000`243b1550 32bfd7b0
ffffd000`243b1554 ffffc000
ffffd000`243b1558 c8948a90
ffffd000`243b155c ffffe000
ffffd000`243b1560 d091e9e8
ffffd000`243b1564 ffffe000
ffffd000`243b1568 553717aa
ffffd000`243b156c fffff800
ffffd000`243b1570 00000000
ffffd000`243b1574 00000000
ffffd000`243b1578 f159090a
ffffd000`243b157c ffff2f17
ffffd000`243b1580 c9fd33f0
ffffd000`243b1584 ffffe000
ffffd000`243b1588 00000000
ffffd000`243b158c 00000000
ffffd000`243b1590 54700000
ffffd000`243b1594 fffff800
ffffd000`243b1598 5537bb3f
ffffd000`243b159c fffff800
ffffd000`243b15a0 00000000
ffffd000`243b15a4 ffffe000
ffffd000`243b15a8 3a8ff760
ffffd000`243b15ac ffffc000
ffffd000`243b15b0 c9fd33f0
ffffd000`243b15b4 ffffe000
ffffd000`243b15b8 00000000
ffffd000`243b15bc 00000000
ffffd000`243b15c0 00000019
ffffd000`243b15c4 00000000
ffffd000`243b15c8 3a8ff760
ffffd000`243b15cc ffffc000
ffffd000`243b15d0 00000003
ffffd000`243b15d4 ffffe000
ffffd000`243b15d8 3a8ff790
ffffd000`243b15dc ffffc000
ffffd000`243b15e0 00000000
ffffd000`243b15e4 00000000
ffffd000`243b15e8 00000000
ffffd000`243b15ec 00000000
ffffd000`243b15f0 3a8ff700
ffffd000`243b15f4 ffffc000
ffffd000`243b15f8 5470a5d8
ffffd000`243b15fc fffff800
ffffd000`243b1600 d1be5658
ffffd000`243b1604 ffffe000
ffffd000`243b1608 00000001
ffffd000`243b160c fffff800
ffffd000`243b1610 d1be5658
ffffd000`243b1614 ffffe000
ffffd000`243b1618 00000706
ffffd000`243b161c 00000000
ffffd000`243b1620 ffffffff
ffffd000`243b1624 ffffffff
ffffd000`243b1628 d1be5658
ffffd000`243b162c ffffe000
ffffd000`243b1630 3a8ff718
ffffd000`243b1634 ffffc000
ffffd000`243b1638 547366bf
ffffd000`243b163c fffff800
ffffd000`243b1640 d1be5660
ffffd000`243b1644 ffffe000
ffffd000`243b1648 00000000
ffffd000`243b164c 00000000
ffffd000`243b1650 00000000
ffffd000`243b1654 00000000
ffffd000`243b1658 cc9db588
ffffd000`243b165c ffffe000
ffffd000`243b1660 d1be5610
ffffd000`243b1664 ffffe000
ffffd000`243b1668 5473871a
ffffd000`243b166c fffff800
ffffd000`243b1670 d1be5658
ffffd000`243b1674 ffffe000
ffffd000`243b1678 00000705
ffffd000`243b167c 00000000
ffffd000`243b1680 ffffffff
ffffd000`243b1684 ffffffff
ffffd000`243b1688 cc9db010
ffffd000`243b168c ffffe000
ffffd000`243b1690 ce0c6180
ffffd000`243b1694 ffffe000
ffffd000`243b1698 d1be5610
ffffd000`243b169c ffffe000
ffffd000`243b16a0 cc9db010
ffffd000`243b16a4 ffffe000
ffffd000`243b16a8 5473a032
ffffd000`243b16ac fffff800
ffffd000`243b16b0 d1be5610
ffffd000`243b16b4 ffffe000
ffffd000`243b16b8 ce0c6180
ffffd000`243b16bc ffffe000
ffffd000`243b16c0 00000702
ffffd000`243b16c4 00000000
ffffd000`243b16c8 00000000
ffffd000`243b16cc 00000000
ffffd000`243b16d0 29d94fa8
ffffd000`243b16d4 ffffc000
ffffd000`243b16d8 6a2f0e0d
ffffd000`243b16dc fffff803
ffffd000`243b16e0 3a912150
ffffd000`243b16e4 ffffc000
ffffd000`243b16e8 6a68c1ea
ffffd000`243b16ec fffff803
ffffd000`243b16f0 00000000
ffffd000`243b16f4 00000000
ffffd000`243b16f8 6f725346
ffffd000`243b16fc ffffc000
ffffd000`243b1700 55e39000
ffffd000`243b1704 fffff800
ffffd000`243b1708 55dc533b
ffffd000`243b170c fffff800
ffffd000`243b1710 243b17f0
ffffd000`243b1714 ffffd000
ffffd000`243b1718 243b1a00
ffffd000`243b171c ffffd000
ffffd000`243b1720 d091e9e8
ffffd000`243b1724 ffffe000
ffffd000`243b1728 00000706
ffffd000`243b172c 00000000
ffffd000`243b1730 00000705
ffffd000`243b1734 00000000
ffffd000`243b1738 55e9d0f5
ffffd000`243b173c fffff800
ffffd000`243b1740 3a912150
ffffd000`243b1744 ffffc000
ffffd000`243b1748 d1be5618
ffffd000`243b174c ffffe000
ffffd000`243b1750 243b1828
ffffd000`243b1754 ffffd000
ffffd000`243b1758 ce0c6180
ffffd000`243b175c ffffe000
ffffd000`243b1760 00016e01
ffffd000`243b1764 00010000
ffffd000`243b1768 00000000
ffffd000`243b176c 00000000
ffffd000`243b1770 00000000
ffffd000`243b1774 00000000
ffffd000`243b1778 ce0c6180
ffffd000`243b177c ffffe000
ffffd000`243b1780 00000000
ffffd000`243b1784 00000000
ffffd000`243b1788 3a911400
ffffd000`243b178c ffffc000
ffffd000`243b1790 d2e45018
ffffd000`243b1794 ffffe000
ffffd000`243b1798 3a911010
ffffd000`243b179c ffffc000
1: kd> lmDv
start end module name
fffff800`54600000 fffff800`54699000 CI (deferred)
Mapped memory image file: c:\symbols\CI.dll\5632D76799000\CI.dll
Image path: \SystemRoot\system32\CI.dll
Image name: CI.dll
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:35:19 2015 (5632D767)
CheckSum: 0009EBA1
ImageSize: 00099000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ci.dll
OriginalFilename: ci.dll
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Code Integrity Module
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`546a0000 fffff800`546fc000 msrpc (deferred)
Mapped memory image file: c:\symbols\msrpc.sys\5632D7465c000\msrpc.sys
Image path: \SystemRoot\System32\drivers\msrpc.sys
Image name: msrpc.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:34:46 2015 (5632D746)
CheckSum: 000663ED
ImageSize: 0005C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: krpcdd.sys
OriginalFilename: krpcdd.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Remote Procedure Call Provider
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54700000 fffff800`54762000 FLTMGR (pdb symbols) c:\symbols\fltMgr.pdb\620A988036C34BAFAD3FA05B3C5E27FF1\fltMgr.pdb
Loaded symbol image file: FLTMGR.SYS
Mapped memory image file: c:\symbols\FLTMGR.SYS\5632D17662000\FLTMGR.SYS
Image path: \SystemRoot\System32\drivers\FLTMGR.SYS
Image name: FLTMGR.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:58 2015 (5632D176)
CheckSum: 000654CB
ImageSize: 00062000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fltMgr.sys
OriginalFilename: fltMgr.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Filesystem Filter Manager
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54770000 fffff800`54795000 ksecdd (deferred)
Mapped memory image file: c:\symbols\ksecdd.sys\5632D83325000\ksecdd.sys
Image path: \SystemRoot\System32\drivers\ksecdd.sys
Image name: ksecdd.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:43 2015 (5632D833)
CheckSum: 000242F3
ImageSize: 00025000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksecdd.sys
OriginalFilename: ksecdd.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Security Support Provider Interface
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`547a0000 fffff800`54845000 clipsp (deferred)
Mapped memory image file: c:\symbols\clipsp.sys\5632D7DBa5000\clipsp.sys
Image path: \SystemRoot\System32\drivers\clipsp.sys
Image name: clipsp.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:15 2015 (5632D7DB)
CheckSum: 000A35BB
ImageSize: 000A5000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: clipsp.dll
OriginalFilename: clipsp.dll
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: CLIP Service
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54850000 fffff800`54915000 Wdf01000 (deferred)
Mapped memory image file: c:\symbols\Wdf01000.sys\5632D4DBc5000\Wdf01000.sys
Image path: \SystemRoot\system32\drivers\Wdf01000.sys
Image name: Wdf01000.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:24:27 2015 (5632D4DB)
CheckSum: 000CE0F2
ImageSize: 000C5000
File version: 1.17.10586.0
Product version: 1.17.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdf01000.sys
OriginalFilename: wdf01000.sys
ProductVersion: 1.17.10586.0
FileVersion: 1.17.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Mode Driver Framework Runtime
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54920000 fffff800`54933000 WDFLDR (deferred)
Mapped memory image file: c:\symbols\WDFLDR.SYS\5632D16813000\WDFLDR.SYS
Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
Image name: WDFLDR.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:44 2015 (5632D168)
CheckSum: 00012BB1
ImageSize: 00013000
File version: 1.17.10586.0
Product version: 1.17.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wdfldr.sys
OriginalFilename: wdfldr.sys
ProductVersion: 1.17.10586.0
FileVersion: 1.17.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Mode Driver Framework Loader
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54940000 fffff800`54963000 acpiex (deferred)
Mapped memory image file: c:\symbols\acpiex.sys\5632D85423000\acpiex.sys
Image path: \SystemRoot\System32\Drivers\acpiex.sys
Image name: acpiex.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:39:16 2015 (5632D854)
CheckSum: 0002299C
ImageSize: 00023000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: acpiex.sys
OriginalFilename: acpiex.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: ACPIEx Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54970000 fffff800`5497d000 WppRecorder (deferred)
Mapped memory image file: c:\symbols\WppRecorder.sys\5632D166d000\WppRecorder.sys
Image path: \SystemRoot\System32\Drivers\WppRecorder.sys
Image name: WppRecorder.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 00006A47
ImageSize: 0000D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WppRecorder.sys
OriginalFilename: WppRecorder.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: WPP Trace Recorder
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54980000 fffff800`54a18000 cng (deferred)
Mapped memory image file: c:\symbols\cng.sys\5632D60D98000\cng.sys
Image path: \SystemRoot\System32\Drivers\cng.sys
Image name: cng.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:29:33 2015 (5632D60D)
CheckSum: 0009CE74
ImageSize: 00098000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cng.sys
OriginalFilename: cng.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Cryptography, Next Generation
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54a20000 fffff800`54ab0000 ACPI (deferred)
Mapped memory image file: c:\symbols\ACPI.sys\5632D17F90000\ACPI.sys
Image path: \SystemRoot\System32\drivers\ACPI.sys
Image name: ACPI.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:10:07 2015 (5632D17F)
CheckSum: 0009888A
ImageSize: 00090000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ACPI.sys
OriginalFilename: ACPI.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: ACPI Driver for NT
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54ab0000 fffff800`54abc000 WMILIB (deferred)
Mapped memory image file: c:\symbols\WMILIB.SYS\5632D166c000\WMILIB.SYS
Image path: \SystemRoot\System32\drivers\WMILIB.SYS
Image name: WMILIB.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 0000E2D8
ImageSize: 0000C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WmiLib.sys
OriginalFilename: WmiLib.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: WMILIB WMI support library Dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54ad0000 fffff800`54aef000 WindowsTrustedRT (deferred)
Mapped memory image file: c:\symbols\WindowsTrustedRT.sys\5632D8261f000\WindowsTrustedRT.sys
Image path: \SystemRoot\system32\drivers\WindowsTrustedRT.sys
Image name: WindowsTrustedRT.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:30 2015 (5632D826)
CheckSum: 000273C2
ImageSize: 0001F000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WindowsTrustedRT.sys
OriginalFilename: WindowsTrustedRT.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Trusted Runtime Interface Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54af0000 fffff800`54afb000 WindowsTrustedRTProxy (deferred)
Mapped memory image file: c:\symbols\WindowsTrustedRTProxy.sys\5632D825b000\WindowsTrustedRTProxy.sys
Image path: \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
Image name: WindowsTrustedRTProxy.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:29 2015 (5632D825)
CheckSum: 0000887A
ImageSize: 0000B000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WindowsTrustedRTProxy.sys
OriginalFilename: WindowsTrustedRTProxy.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Trusted Runtime Service Proxy Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54b00000 fffff800`54b12000 pcw (deferred)
Mapped memory image file: c:\symbols\pcw.sys\5632D16612000\pcw.sys
Image path: \SystemRoot\System32\drivers\pcw.sys
Image name: pcw.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 0000D26A
ImageSize: 00012000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.8 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pcw.sys
OriginalFilename: pcw.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Performance Counters for Windows Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54b20000 fffff800`54b2b000 msisadrv (deferred)
Mapped memory image file: c:\symbols\msisadrv.sys\5632D8F3b000\msisadrv.sys
Image path: \SystemRoot\System32\drivers\msisadrv.sys
Image name: msisadrv.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:55 2015 (5632D8F3)
CheckSum: 0000B42A
ImageSize: 0000B000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: msisadrv.sys
OriginalFilename: msisadrv.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: ISA Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54b30000 fffff800`54b86000 pci (deferred)
Mapped memory image file: c:\symbols\pci.sys\5632D60A56000\pci.sys
Image path: \SystemRoot\System32\drivers\pci.sys
Image name: pci.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:29:30 2015 (5632D60A)
CheckSum: 00058377
ImageSize: 00056000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pci.sys
OriginalFilename: pci.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NT Plug and Play PCI Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54b90000 fffff800`54ba2000 vdrvroot (deferred)
Mapped memory image file: c:\symbols\vdrvroot.sys\5632D84512000\vdrvroot.sys
Image path: \SystemRoot\System32\drivers\vdrvroot.sys
Image name: vdrvroot.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:39:01 2015 (5632D845)
CheckSum: 0001B995
ImageSize: 00012000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: vdrvroot.sys
OriginalFilename: vdrvroot.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Virtual Drive Root Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54bb0000 fffff800`54bce000 pdc (deferred)
Mapped memory image file: c:\symbols\pdc.sys\5632D16F1e000\pdc.sys
Image path: \SystemRoot\system32\drivers\pdc.sys
Image name: pdc.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:51 2015 (5632D16F)
CheckSum: 000226C8
ImageSize: 0001E000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pdc.sys
OriginalFilename: pdc.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Power Dependency Coordinator Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54bd0000 fffff800`54be9000 CEA (deferred)
Mapped memory image file: c:\symbols\CEA.sys\5632D90219000\CEA.sys
Image path: \SystemRoot\system32\drivers\CEA.sys
Image name: CEA.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:42:10 2015 (5632D902)
CheckSum: 00020528
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: EventAggregation.sys
OriginalFilename: EventAggregation.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Event Aggregation Kernel Mode Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54bf0000 fffff800`54c12000 partmgr (deferred)
Mapped memory image file: c:\symbols\partmgr.sys\5632D17022000\partmgr.sys
Image path: \SystemRoot\System32\drivers\partmgr.sys
Image name: partmgr.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:52 2015 (5632D170)
CheckSum: 0002A5EC
ImageSize: 00022000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: partmgr.sys
OriginalFilename: partmgr.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Partition Management Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54c20000 fffff800`54ca6000 spaceport (deferred)
Mapped memory image file: c:\symbols\spaceport.sys\5632D74586000\spaceport.sys
Image path: \SystemRoot\System32\drivers\spaceport.sys
Image name: spaceport.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:34:45 2015 (5632D745)
CheckSum: 00083816
ImageSize: 00086000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: spaceport.sys
OriginalFilename: spaceport.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Storage Spaces Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54cb0000 fffff800`54cc8000 volmgr (deferred)
Mapped memory image file: c:\symbols\volmgr.sys\5632D16D18000\volmgr.sys
Image path: \SystemRoot\System32\drivers\volmgr.sys
Image name: volmgr.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:49 2015 (5632D16D)
CheckSum: 00014F78
ImageSize: 00018000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: volmgr.sys
OriginalFilename: volmgr.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Volume Manager Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54cd0000 fffff800`54d2e000 volmgrx (deferred)
Image path: \SystemRoot\System32\drivers\volmgrx.sys
Image name: volmgrx.sys
Browse all global symbols functions data
Timestamp: unavailable (00000000)
CheckSum: 00000000
ImageSize: 0005E000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`54d30000 fffff800`54d4d000 mountmgr (deferred)
Mapped memory image file: c:\symbols\mountmgr.sys\5632D16C1d000\mountmgr.sys
Image path: \SystemRoot\System32\drivers\mountmgr.sys
Image name: mountmgr.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:48 2015 (5632D16C)
CheckSum: 00027071
ImageSize: 0001D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mountmgr.sys
OriginalFilename: mountmgr.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Mount Point Manager
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`54d50000 fffff800`552c3000 iaStorA (deferred)
Image path: \SystemRoot\System32\drivers\iaStorA.sys
Image name: iaStorA.sys
Browse all global symbols functions data
Timestamp: Mon Jul 27 11:26:48 2015 (55B5F958)
CheckSum: 00169B3D
ImageSize: 00573000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`552d0000 fffff800`55348000 storport (deferred)
Mapped memory image file: c:\symbols\storport.sys\5632D71D78000\storport.sys
Image path: \SystemRoot\System32\drivers\storport.sys
Image name: storport.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:34:05 2015 (5632D71D)
CheckSum: 00071F47
ImageSize: 00078000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: storport.sys
OriginalFilename: storport.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Storage Port Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55350000 fffff800`5536c000 EhStorClass (deferred)
Mapped memory image file: c:\symbols\EhStorClass.sys\5632D68D1c000\EhStorClass.sys
Image path: \SystemRoot\System32\drivers\EhStorClass.sys
Image name: EhStorClass.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:31:41 2015 (5632D68D)
CheckSum: 0001C33E
ImageSize: 0001C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: EhStorClass.sys
OriginalFilename: EhStorClass.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Enhanced Storage Class driver for IEEE 1667 devices
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55370000 fffff800`55389000 fileinfo (pdb symbols) c:\symbols\fileinfo.pdb\EDAC3E964274474F9DEBCB699A8AF6651\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: c:\symbols\fileinfo.sys\5632D7DD19000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:17 2015 (5632D7DD)
CheckSum: 000200B3
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55390000 fffff800`553c8000 Wof (deferred)
Mapped memory image file: c:\symbols\Wof.sys\5632D81838000\Wof.sys
Image path: \SystemRoot\System32\Drivers\Wof.sys
Image name: Wof.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:16 2015 (5632D818)
CheckSum: 0003126C
ImageSize: 00038000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: wof.sys
OriginalFilename: wof.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Overlay Filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`553f0000 fffff800`5547e000 mcupdate_GenuineIntel (deferred)
Mapped memory image file: c:\symbols\mcupdate_GenuineIntel.dll\5632D9128e000\mcupdate_GenuineIntel.dll
Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
Image name: mcupdate_GenuineIntel.dll
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:42:26 2015 (5632D912)
CheckSum: 000844F7
ImageSize: 0008E000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.A Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mcupdate.dll
OriginalFilename: mcupdate_GenuineIntel.dll
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Intel Microcode Update Library
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55480000 fffff800`55490000 werkernel (deferred)
Mapped memory image file: c:\symbols\werkernel.sys\5632D90B10000\werkernel.sys
Image path: \SystemRoot\System32\drivers\werkernel.sys
Image name: werkernel.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:42:19 2015 (5632D90B)
CheckSum: 0000F1E0
ImageSize: 00010000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: werkernel.sys
OriginalFilename: werkernel.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Error Reporting Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55490000 fffff800`554f5000 CLFS (deferred)
Mapped memory image file: c:\symbols\CLFS.SYS\5632D17265000\CLFS.SYS
Image path: \SystemRoot\System32\drivers\CLFS.SYS
Image name: CLFS.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:54 2015 (5632D172)
CheckSum: 000624FF
ImageSize: 00065000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: clfs.sys
OriginalFilename: Clfs.Sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Common Log File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55500000 fffff800`55525000 tm (deferred)
Mapped memory image file: c:\symbols\tm.sys\5632D16625000\tm.sys
Image path: \SystemRoot\System32\drivers\tm.sys
Image name: tm.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 0002833E
ImageSize: 00025000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tm.sys
OriginalFilename: tm.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Transaction Manager Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55530000 fffff800`55547000 PSHED (deferred)
Mapped memory image file: c:\symbols\PSHED.dll\5632D16C17000\PSHED.dll
Image path: \SystemRoot\system32\PSHED.dll
Image name: PSHED.dll
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:48 2015 (5632D16C)
CheckSum: 00019860
ImageSize: 00017000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pshed.dll
OriginalFilename: pshed.dll
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Platform Specific Hardware Error Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55550000 fffff800`5555b000 BOOTVID (deferred)
Mapped memory image file: c:\symbols\BOOTVID.dll\5632D165b000\BOOTVID.dll
Image path: \SystemRoot\system32\BOOTVID.dll
Image name: BOOTVID.dll
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:41 2015 (5632D165)
CheckSum: 0000ACBE
ImageSize: 0000B000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: bootvid.dll
OriginalFilename: bootvid.dll
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: VGA Boot Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55560000 fffff800`5556e000 cmimcext (deferred)
Mapped memory image file: c:\symbols\cmimcext.sys\5632D166e000\cmimcext.sys
Image path: \SystemRoot\System32\drivers\cmimcext.sys
Image name: cmimcext.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 00006A25
ImageSize: 0000E000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cmimcext.sys
OriginalFilename: cmimcext.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Configuration Manager Initial Configuration Extension Host Export Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55570000 fffff800`5557c000 ntosext (deferred)
Mapped memory image file: c:\symbols\ntosext.sys\5632D165c000\ntosext.sys
Image path: \SystemRoot\System32\drivers\ntosext.sys
Image name: ntosext.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:41 2015 (5632D165)
CheckSum: 00008FEE
ImageSize: 0000C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntosext.sys
OriginalFilename: ntosext.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NTOS extension host driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55580000 fffff800`555cc000 WdFilter (deferred)
Mapped memory image file: c:\symbols\WdFilter.sys\5632D73B4c000\WdFilter.sys
Image path: \SystemRoot\system32\drivers\WdFilter.sys
Image name: WdFilter.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:34:35 2015 (5632D73B)
CheckSum: 00049FFD
ImageSize: 0004C000
File version: 4.9.10586.0
Product version: 4.9.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.0 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MpFilter
OriginalFilename: MpFilter.sys
ProductVersion: 4.9.10586.0
FileVersion: 4.9.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft antimalware file system filter driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55600000 fffff800`55720000 ndis (deferred)
Mapped memory image file: c:\symbols\ndis.sys\5632D5D2120000\ndis.sys
Image path: \SystemRoot\system32\drivers\ndis.sys
Image name: ndis.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:28:34 2015 (5632D5D2)
CheckSum: 00126E82
ImageSize: 00120000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NDIS.SYS
OriginalFilename: NDIS.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Network Driver Interface Specification (NDIS)
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55720000 fffff800`55798000 NETIO (deferred)
Mapped memory image file: c:\symbols\NETIO.SYS\5632D71578000\NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:33:57 2015 (5632D715)
CheckSum: 000806D7
ImageSize: 00078000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`557a0000 fffff800`557ce000 ksecpkg (deferred)
Mapped memory image file: c:\symbols\ksecpkg.sys\5632D8122e000\ksecpkg.sys
Image path: \SystemRoot\System32\Drivers\ksecpkg.sys
Image name: ksecpkg.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:10 2015 (5632D812)
CheckSum: 0002ACBC
ImageSize: 0002E000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ksecpkg.sys
OriginalFilename: ksecpkg.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Kernel Security Support Provider Interface Packages
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`557d0000 fffff800`55a27000 tcpip (deferred)
Mapped memory image file: c:\symbols\tcpip.sys\5632D55F257000\tcpip.sys
Image path: \SystemRoot\System32\drivers\tcpip.sys
Image name: tcpip.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:26:39 2015 (5632D55F)
CheckSum: 0025080F
ImageSize: 00257000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tcpip.sys
OriginalFilename: tcpip.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: TCP/IP Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55a30000 fffff800`55a97000 fwpkclnt (deferred)
Mapped memory image file: c:\symbols\fwpkclnt.sys\5632D17B67000\fwpkclnt.sys
Image path: \SystemRoot\System32\drivers\fwpkclnt.sys
Image name: fwpkclnt.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:10:03 2015 (5632D17B)
CheckSum: 000706BD
ImageSize: 00067000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fwpkclnt.sys
OriginalFilename: fwpkclnt.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FWP/IPsec Kernel-Mode API
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55aa0000 fffff800`55aca000 wfplwfs (deferred)
Mapped memory image file: c:\symbols\wfplwfs.sys\5632D7B42a000\wfplwfs.sys
Image path: \SystemRoot\System32\drivers\wfplwfs.sys
Image name: wfplwfs.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:36:36 2015 (5632D7B4)
CheckSum: 0002A425
ImageSize: 0002A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WFPLWFS.SYS
OriginalFilename: WFPLWFS.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: WFP NDIS 6.30 Lightweight Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55ad0000 fffff800`55b71000 fvevol (deferred)
Mapped memory image file: c:\symbols\fvevol.sys\5632D675a1000\fvevol.sys
Image path: \SystemRoot\System32\DRIVERS\fvevol.sys
Image name: fvevol.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:31:17 2015 (5632D675)
CheckSum: 000A2C7A
ImageSize: 000A1000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FVEVOL.SYS
OriginalFilename: FVEVOL.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: BitLocker Drive Encryption Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55b80000 fffff800`55be9000 volsnap (deferred)
Mapped memory image file: c:\symbols\volsnap.sys\5632D17069000\volsnap.sys
Image path: \SystemRoot\System32\drivers\volsnap.sys
Image name: volsnap.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:52 2015 (5632D170)
CheckSum: 00070F91
ImageSize: 00069000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: volsnap.sys
OriginalFilename: volsnap.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Volume Shadow Copy Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55bf0000 fffff800`55c34000 rdyboost (deferred)
Mapped memory image file: c:\symbols\rdyboost.sys\5632D76B44000\rdyboost.sys
Image path: \SystemRoot\System32\drivers\rdyboost.sys
Image name: rdyboost.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:35:23 2015 (5632D76B)
CheckSum: 00049180
ImageSize: 00044000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rdyboost.sys
OriginalFilename: rdyboost.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: ReadyBoost Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55c40000 fffff800`55c65000 mup (deferred)
Mapped memory image file: c:\symbols\mup.sys\5632D4DB25000\mup.sys
Image path: \SystemRoot\System32\Drivers\mup.sys
Image name: mup.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:24:27 2015 (5632D4DB)
CheckSum: 0001F32C
ImageSize: 00025000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MUP.SYS
OriginalFilename: MUP.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Multiple UNC Provider Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55c80000 fffff800`55c9f000 disk (deferred)
Mapped memory image file: c:\symbols\disk.sys\5632D16E1f000\disk.sys
Image path: \SystemRoot\System32\drivers\disk.sys
Image name: disk.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:50 2015 (5632D16E)
CheckSum: 0001EBB9
ImageSize: 0001F000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: disk.sys
OriginalFilename: disk.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: PnP Disk Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55ca0000 fffff800`55d00000 CLASSPNP (deferred)
Mapped memory image file: c:\symbols\CLASSPNP.SYS\5632D17560000\CLASSPNP.SYS
Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS
Image name: CLASSPNP.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:57 2015 (5632D175)
CheckSum: 0006910D
ImageSize: 00060000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: Classpnp.sys
OriginalFilename: Classpnp.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: SCSI Class System Dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55d20000 fffff800`55d39000 crashdmp (deferred)
Mapped memory image file: c:\symbols\crashdmp.sys\5632D81C19000\crashdmp.sys
Image path: \SystemRoot\System32\Drivers\crashdmp.sys
Image name: crashdmp.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:20 2015 (5632D81C)
CheckSum: 00015609
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: crashdmp.sys
OriginalFilename: crashdmp.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Crash Dump Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55dc0000 fffff800`55fd8000 NTFS (pdb symbols) c:\symbols\ntfs.pdb\EFB9533DBFF64A4886FB2D975BDBB1101\ntfs.pdb
Loaded symbol image file: NTFS.sys
Mapped memory image file: c:\symbols\NTFS.sys\5632D207218000\NTFS.sys
Image path: \SystemRoot\System32\Drivers\NTFS.sys
Image name: NTFS.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:12:23 2015 (5632D207)
CheckSum: 00213BE8
ImageSize: 00218000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntfs.sys
OriginalFilename: ntfs.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NT File System Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`55fe0000 fffff800`55fed000 Fs_Rec (deferred)
Mapped memory image file: c:\symbols\Fs_Rec.sys\5632D166d000\Fs_Rec.sys
Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys
Image name: Fs_Rec.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 0000AF64
ImageSize: 0000D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: fs_rec.sys
OriginalFilename: fs_rec.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: File System Recognizer Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56800000 fffff800`56d73000 dump_iaStorA (deferred)
Image path: \SystemRoot\System32\Drivers\dump_iaStorA.sys
Image name: dump_iaStorA.sys
Browse all global symbols functions data
Timestamp: Mon Jul 27 11:26:48 2015 (55B5F958)
CheckSum: 00169B3D
ImageSize: 00573000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`56dc0000 fffff800`56df1000 cdrom (deferred)
Mapped memory image file: c:\symbols\cdrom.sys\5632D17231000\cdrom.sys
Image path: \SystemRoot\System32\drivers\cdrom.sys
Image name: cdrom.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:54 2015 (5632D172)
CheckSum: 000370E7
ImageSize: 00031000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: cdrom.sys
OriginalFilename: cdrom.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: SCSI CD-ROM Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e00000 fffff800`56e1d000 filecrypt (deferred)
Mapped memory image file: c:\symbols\filecrypt.sys\5632D7FD1d000\filecrypt.sys
Image path: \SystemRoot\system32\drivers\filecrypt.sys
Image name: filecrypt.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:49 2015 (5632D7FD)
CheckSum: 000186D2
ImageSize: 0001D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: filecrypt.sys
OriginalFilename: filecrypt.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows sandboxing and encryption filter
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e20000 fffff800`56e2c000 tbs (deferred)
Mapped memory image file: c:\symbols\tbs.sys\5632D8F1c000\tbs.sys
Image path: \SystemRoot\system32\drivers\tbs.sys
Image name: tbs.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:53 2015 (5632D8F1)
CheckSum: 000080BD
ImageSize: 0000C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: TBS.SYS
OriginalFilename: TBS.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Export driver for kernel mode TPM API
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e30000 fffff800`56e3a000 Null (deferred)
Mapped memory image file: c:\symbols\Null.SYS\5632D166a000\Null.SYS
Image path: \SystemRoot\System32\Drivers\Null.SYS
Image name: Null.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 00002DC5
ImageSize: 0000A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: null.sys
OriginalFilename: null.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NULL Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e40000 fffff800`56e4a000 Beep (deferred)
Mapped memory image file: c:\symbols\Beep.SYS\5632D8F5a000\Beep.SYS
Image path: \SystemRoot\System32\Drivers\Beep.SYS
Image name: Beep.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:57 2015 (5632D8F5)
CheckSum: 00005C7E
ImageSize: 0000A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: beep.sys
OriginalFilename: beep.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: BEEP Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e50000 fffff800`56e64000 BasicDisplay (deferred)
Mapped memory image file: c:\symbols\BasicDisplay.sys\5632D89C14000\BasicDisplay.sys
Image path: \SystemRoot\System32\drivers\BasicDisplay.sys
Image name: BasicDisplay.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:40:28 2015 (5632D89C)
CheckSum: 0001C352
ImageSize: 00014000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: BasicDisplay.sys
OriginalFilename: BasicDisplay.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Basic Display Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e70000 fffff800`56e85000 watchdog (deferred)
Mapped memory image file: c:\symbols\watchdog.sys\5632D86915000\watchdog.sys
Image path: \SystemRoot\System32\drivers\watchdog.sys
Image name: watchdog.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:39:37 2015 (5632D869)
CheckSum: 0001CD12
ImageSize: 00015000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: watchdog.sys
OriginalFilename: watchdog.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Watchdog Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`56e90000 fffff800`5707d000 dxgkrnl (deferred)
Mapped memory image file: c:\symbols\dxgkrnl.sys\5632D2611ed000\dxgkrnl.sys
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image name: dxgkrnl.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:13:53 2015 (5632D261)
CheckSum: 001F1D7E
ImageSize: 001ED000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dxgkrnl.sys
OriginalFilename: dxgkrnl.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: DirectX Graphics Kernel
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57080000 fffff800`57092000 BasicRender (deferred)
Mapped memory image file: c:\symbols\BasicRender.sys\5632D8E412000\BasicRender.sys
Image path: \SystemRoot\System32\drivers\BasicRender.sys
Image name: BasicRender.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:40 2015 (5632D8E4)
CheckSum: 0001110D
ImageSize: 00012000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.4 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: BasicRender.sys
OriginalFilename: BasicRender.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Basic Render Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`570a0000 fffff800`570b9000 Npfs (deferred)
Mapped memory image file: c:\symbols\Npfs.SYS\5632D16619000\Npfs.SYS
Image path: \SystemRoot\System32\Drivers\Npfs.SYS
Image name: Npfs.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 000131F5
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: npfs.sys
OriginalFilename: npfs.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NPFS Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`570c0000 fffff800`570cf000 Msfs (deferred)
Mapped memory image file: c:\symbols\Msfs.SYS\5632D166f000\Msfs.SYS
Image path: \SystemRoot\System32\Drivers\Msfs.SYS
Image name: Msfs.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:42 2015 (5632D166)
CheckSum: 000109EA
ImageSize: 0000F000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MSFS.SYS
OriginalFilename: MSFS.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Mailslot driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`570d0000 fffff800`570f3000 tdx (deferred)
Mapped memory image file: c:\symbols\tdx.sys\563B27BD23000\tdx.sys
Image path: \SystemRoot\system32\DRIVERS\tdx.sys
Image name: tdx.sys
Browse all global symbols functions data
Timestamp: Thu Nov 05 10:56:13 2015 (563B27BD)
CheckSum: 000290A3
ImageSize: 00023000
File version: 10.0.10586.3
Product version: 10.0.10586.3
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdx.sys
OriginalFilename: tdx.sys
ProductVersion: 10.0.10586.3
FileVersion: 10.0.10586.3 (th2_release_sec.151104-1948)
FileDescription: TDI Translation Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57100000 fffff800`5710f000 TDI (deferred)
Mapped memory image file: c:\symbols\TDI.SYS\5632D8EFf000\TDI.SYS
Image path: \SystemRoot\system32\DRIVERS\TDI.SYS
Image name: TDI.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:51 2015 (5632D8EF)
CheckSum: 00011617
ImageSize: 0000F000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tdi.sys
OriginalFilename: tdi.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: TDI Wrapper
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57110000 fffff800`5715b000 netbt (deferred)
Mapped memory image file: c:\symbols\netbt.sys\5632D77C4b000\netbt.sys
Image path: \SystemRoot\System32\DRIVERS\netbt.sys
Image name: netbt.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:35:40 2015 (5632D77C)
CheckSum: 00045487
ImageSize: 0004B000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netbt.sys
OriginalFilename: netbt.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: MBT Transport driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57160000 fffff800`571f2000 afd (deferred)
Mapped memory image file: c:\symbols\afd.sys\563B212392000\afd.sys
Image path: \SystemRoot\system32\drivers\afd.sys
Image name: afd.sys
Browse all global symbols functions data
Timestamp: Thu Nov 05 10:28:03 2015 (563B2123)
CheckSum: 0008EE59
ImageSize: 00092000
File version: 10.0.10586.3
Product version: 10.0.10586.3
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: afd.sys
OriginalFilename: afd.sys
ProductVersion: 10.0.10586.3
FileVersion: 10.0.10586.3 (th2_release_sec.151104-1948)
FileDescription: Ancillary Function Driver for WinSock
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57200000 fffff800`57219000 vwififlt (deferred)
Mapped memory image file: c:\symbols\vwififlt.sys\5632D7E719000\vwififlt.sys
Image path: \SystemRoot\System32\drivers\vwififlt.sys
Image name: vwififlt.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:27 2015 (5632D7E7)
CheckSum: 0001DEEF
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: vwififlt.sys
OriginalFilename: vwififlt.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Virtual WiFi Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57220000 fffff800`5724b000 pacer (deferred)
Mapped memory image file: c:\symbols\pacer.sys\5632D7922b000\pacer.sys
Image path: \SystemRoot\System32\drivers\pacer.sys
Image name: pacer.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:36:02 2015 (5632D792)
CheckSum: 00029E79
ImageSize: 0002B000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: pacer.sys
OriginalFilename: pacer.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: QoS Packet Scheduler
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57250000 fffff800`57262000 netbios (deferred)
Mapped memory image file: c:\symbols\netbios.sys\5632D7FA12000\netbios.sys
Image path: \SystemRoot\system32\drivers\netbios.sys
Image name: netbios.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:46 2015 (5632D7FA)
CheckSum: 00013382
ImageSize: 00012000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NETBIOS.SYS
OriginalFilename: NETBIOS.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NetBIOS interface driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57270000 fffff800`572e1000 rdbss (deferred)
Mapped memory image file: c:\symbols\rdbss.sys\5632D52771000\rdbss.sys
Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
Image name: rdbss.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:25:43 2015 (5632D527)
CheckSum: 00069AF0
ImageSize: 00071000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: rdbss.sys
OriginalFilename: RDBSS.Sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Redirected Drive Buffering SubSystem Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`572f0000 fffff800`57300000 nsiproxy (deferred)
Mapped memory image file: c:\symbols\nsiproxy.sys\5632D80810000\nsiproxy.sys
Image path: \SystemRoot\system32\drivers\nsiproxy.sys
Image name: nsiproxy.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:00 2015 (5632D808)
CheckSum: 00016604
ImageSize: 00010000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: nsiproxy.sys
OriginalFilename: nsiproxy.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NSI Proxy
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57300000 fffff800`5730d000 npsvctrig (deferred)
Mapped memory image file: c:\symbols\npsvctrig.sys\5632D897d000\npsvctrig.sys
Image path: \SystemRoot\System32\drivers\npsvctrig.sys
Image name: npsvctrig.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:40:23 2015 (5632D897)
CheckSum: 000161CC
ImageSize: 0000D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: npsvctrig.sys
OriginalFilename: npsvctrig.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Named pipe service triggers
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57890000 fffff800`578a0000 mssmbios (deferred)
Mapped memory image file: c:\symbols\mssmbios.sys\5632D80F10000\mssmbios.sys
Image path: \SystemRoot\System32\drivers\mssmbios.sys
Image name: mssmbios.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:07 2015 (5632D80F)
CheckSum: 00017702
ImageSize: 00010000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: smbios.sys
OriginalFilename: smbios.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: System Management BIOS Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`578a0000 fffff800`578aa000 gpuenergydrv (deferred)
Mapped memory image file: c:\symbols\gpuenergydrv.sys\5632D87Aa000\gpuenergydrv.sys
Image path: \SystemRoot\System32\drivers\gpuenergydrv.sys
Image name: gpuenergydrv.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:39:54 2015 (5632D87A)
CheckSum: 0000ECBE
ImageSize: 0000A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: gpuenergydrv.sys
OriginalFilename: gpuenergydrv.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: GPU Energy Kernel Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`578b0000 fffff800`578da000 dfsc (deferred)
Mapped memory image file: c:\symbols\dfsc.sys\5632D5122a000\dfsc.sys
Image path: \SystemRoot\System32\Drivers\dfsc.sys
Image name: dfsc.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:25:22 2015 (5632D512)
CheckSum: 0002A1D3
ImageSize: 0002A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: dfsclient.sys
OriginalFilename: dfsclient.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: DFS Namespace Client Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57900000 fffff800`5793c000 ahcache (deferred)
Mapped memory image file: c:\symbols\ahcache.sys\5632D1693c000\ahcache.sys
Image path: \SystemRoot\system32\DRIVERS\ahcache.sys
Image name: ahcache.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:45 2015 (5632D169)
CheckSum: 0003F251
ImageSize: 0003C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ahcache.sys
OriginalFilename: ahcache.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Application Compatibility Cache
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57940000 fffff800`57951000 CompositeBus (deferred)
Mapped memory image file: c:\symbols\CompositeBus.sys\5632D8E011000\CompositeBus.sys
Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
Image name: CompositeBus.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:36 2015 (5632D8E0)
CheckSum: 000178FA
ImageSize: 00011000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: compositebus.sys
OriginalFilename: compositebus.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Multi-Transport Composite Bus Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57960000 fffff800`5796d000 kdnic (deferred)
Mapped memory image file: c:\symbols\kdnic.sys\5632D8E9d000\kdnic.sys
Image path: \SystemRoot\System32\drivers\kdnic.sys
Image name: kdnic.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:41:45 2015 (5632D8E9)
CheckSum: 0000629D
ImageSize: 0000D000
File version: 6.1.0.0
Product version: 6.1.0.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft Kernel Debugger Network Adapter (NDIS 6.20 Miniport)
InternalName: kdnic.sys
OriginalFilename: kdnic.sys
ProductVersion: 6.01.00.0000
FileVersion: 6.01.00.0000 (th2_release.151029-1700)
FileDescription: Microsoft Kernel Debugger Network Miniport
LegalCopyright: Copyright (C) Microsoft Corporation. All rights reserved.
fffff800`57970000 fffff800`57985000 umbus (deferred)
Mapped memory image file: c:\symbols\umbus.sys\5632D7E515000\umbus.sys
Image path: \SystemRoot\System32\drivers\umbus.sys
Image name: umbus.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:25 2015 (5632D7E5)
CheckSum: 0001D1BC
ImageSize: 00015000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: umbus.sys
OriginalFilename: umbus.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: User-Mode Bus Enumerator
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57990000 fffff800`579f1000 USBXHCI (deferred)
Mapped memory image file: c:\symbols\USBXHCI.SYS\5632D6A061000\USBXHCI.SYS
Image path: \SystemRoot\System32\drivers\USBXHCI.SYS
Image name: USBXHCI.SYS
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:32:00 2015 (5632D6A0)
CheckSum: 00060E1E
ImageSize: 00061000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: usbxhci.sys
OriginalFilename: usbxhci.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: USB XHCI Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57a00000 fffff800`57a1d000 WudfPf (deferred)
Mapped memory image file: c:\symbols\WudfPf.sys\5632D1701d000\WudfPf.sys
Image path: \SystemRoot\system32\drivers\WudfPf.sys
Image name: WudfPf.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:09:52 2015 (5632D170)
CheckSum: 00023E07
ImageSize: 0001D000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: WUDFPf.sys
OriginalFilename: WUDFPf.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Driver Foundation - User-mode Driver Framework Platform Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57a20000 fffff800`57a43000 bowser (deferred)
Mapped memory image file: c:\symbols\bowser.sys\5632D89D23000\bowser.sys
Image path: \SystemRoot\system32\DRIVERS\bowser.sys
Image name: bowser.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:40:29 2015 (5632D89D)
CheckSum: 0002375D
ImageSize: 00023000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: browser.sys
OriginalFilename: browser.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: NT Lan Manager Datagram Receiver Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57a50000 fffff800`57ac2000 mrxsmb (deferred)
Mapped memory image file: c:\symbols\mrxsmb.sys\5632D56272000\mrxsmb.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
Image name: mrxsmb.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:26:42 2015 (5632D562)
CheckSum: 0006A4A2
ImageSize: 00072000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb.sys
OriginalFilename: MRXSMB.Sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows NT SMB Minirdr
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57ad0000 fffff800`57b0a000 mrxsmb20 (deferred)
Mapped memory image file: c:\symbols\mrxsmb20.sys\5632D58D3a000\mrxsmb20.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Image name: mrxsmb20.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:27:25 2015 (5632D58D)
CheckSum: 00040BD5
ImageSize: 0003A000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb20.sys
OriginalFilename: MRXSMB20.Sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Longhorn SMB 2.0 Redirector
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57b10000 fffff800`57b29000 mpsdrv (deferred)
Mapped memory image file: c:\symbols\mpsdrv.sys\5632D7F719000\mpsdrv.sys
Image path: \SystemRoot\System32\drivers\mpsdrv.sys
Image name: mpsdrv.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:43 2015 (5632D7F7)
CheckSum: 0001E0D1
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mpsdrv.sys
OriginalFilename: mpsdrv.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Protection Service Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57b30000 fffff800`57b56000 Ndu (deferred)
Mapped memory image file: c:\symbols\Ndu.sys\5632D7E726000\Ndu.sys
Image path: \SystemRoot\system32\drivers\Ndu.sys
Image name: Ndu.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:27 2015 (5632D7E7)
CheckSum: 0002B24E
ImageSize: 00026000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ndu.sys
OriginalFilename: ndu.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Windows Network Data Usage Monitoring Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57b60000 fffff800`57c20000 peauth (deferred)
Image path: \SystemRoot\system32\drivers\peauth.sys
Image name: peauth.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:32:55 2015 (5632D6D7)
CheckSum: 000B45A5
ImageSize: 000C0000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`57c20000 fffff800`57c61000 srvnet (deferred)
Mapped memory image file: c:\symbols\srvnet.sys\5632D60841000\srvnet.sys
Image path: \SystemRoot\System32\DRIVERS\srvnet.sys
Image name: srvnet.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:29:28 2015 (5632D608)
CheckSum: 00048A50
ImageSize: 00041000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRVNET.SYS
OriginalFilename: SRVNET.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Server Network driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57c70000 fffff800`57c84000 tcpipreg (deferred)
Mapped memory image file: c:\symbols\tcpipreg.sys\5632D81114000\tcpipreg.sys
Image path: \SystemRoot\System32\drivers\tcpipreg.sys
Image name: tcpipreg.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:09 2015 (5632D811)
CheckSum: 0001A8D1
ImageSize: 00014000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tcpipreg.sys
OriginalFilename: tcpipreg.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: TCP/IP Registry Compatibility Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57c90000 fffff800`57cde000 mrxsmb10 (deferred)
Mapped memory image file: c:\symbols\mrxsmb10.sys\5632D58A4e000\mrxsmb10.sys
Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Image name: mrxsmb10.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:27:22 2015 (5632D58A)
CheckSum: 0004F54A
ImageSize: 0004E000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: MRxSmb0.sys
OriginalFilename: MRXSMB0.Sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Longhorn SMB Downlevel SubRdr
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57ce0000 fffff800`57cf4000 mmcss (deferred)
Mapped memory image file: c:\symbols\mmcss.sys\5632D84114000\mmcss.sys
Image path: \SystemRoot\system32\drivers\mmcss.sys
Image name: mmcss.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:38:57 2015 (5632D841)
CheckSum: 0001793D
ImageSize: 00014000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: mmcss.sys
OriginalFilename: mmcss.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: MMCSS Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57d00000 fffff800`57daf000 srv2 (deferred)
Mapped memory image file: c:\symbols\srv2.sys\5632D640af000\srv2.sys
Image path: \SystemRoot\System32\DRIVERS\srv2.sys
Image name: srv2.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:30:24 2015 (5632D640)
CheckSum: 000B3A54
ImageSize: 000AF000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRV2.SYS
OriginalFilename: SRV2.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Smb 2.0 Server driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57db0000 fffff800`57e3c000 srv (deferred)
Mapped memory image file: c:\symbols\srv.sys\5632D6448c000\srv.sys
Image path: \SystemRoot\System32\DRIVERS\srv.sys
Image name: srv.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:30:28 2015 (5632D644)
CheckSum: 0006BBD6
ImageSize: 0008C000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: SRV.SYS
OriginalFilename: SRV.SYS
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: Server driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
fffff800`57e40000 fffff800`57e62000 WdNisDrv (deferred)
Mapped memory image file: c:\symbols\WdNisDrv.sys\5632D7C922000\WdNisDrv.sys
Image path: \SystemRoot\system32\Drivers\WdNisDrv.sys
Image name: WdNisDrv.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:36:57 2015 (5632D7C9)
CheckSum: 00021760
ImageSize: 00022000
File version: 4.9.10586.0
Product version: 4.9.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: NisDrvWFP.sys
OriginalFilename: NisDrvWFP.sys
ProductVersion: 4.9.10586.0
FileVersion: 4.9.10586.0 (th2_release.151029-1700)
FileDescription: Microsoft Network Realtime Inspection Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
^ User interrupted operation error in 'lmDv'
1: kd> kd
ffffd000`243b13a0 243b14e8
ffffd000`243b13a4 ffffd000
ffffd000`243b13a8 6a27b064
ffffd000`243b13ac fffff803
ffffd000`243b13b0 243b15c0
ffffd000`243b13b4 ffffd000
ffffd000`243b13b8 00000000
ffffd000`243b13bc ffffd000
ffffd000`243b13c0 243b15c0
ffffd000`243b13c4 ffffd000
ffffd000`243b13c8 3a912150
ffffd000`243b13cc ffffc000
ffffd000`243b13d0 60800400
ffffd000`243b13d4 c0003a55
ffffd000`243b13d8 60880400
ffffd000`243b13dc c0003a55
ffffd000`243b13e0 60900400
ffffd000`243b13e4 c0003a55
ffffd000`243b13e8 60980400
ffffd000`243b13ec c0003a55
ffffd000`243b13f0 60a00400
ffffd000`243b13f4 c0003a55
ffffd000`243b13f8 60a80400
ffffd000`243b13fc c0003a55
ffffd000`243b1400 60b00400
ffffd000`243b1404 c0003a55
ffffd000`243b1408 60b80400
ffffd000`243b140c c0003a55
ffffd000`243b1410 60c00400
ffffd000`243b1414 c0003a55
ffffd000`243b1418 60c80400
ffffd000`243b141c c0003a55
ffffd000`243b1420 60d00400
ffffd000`243b1424 c0003a55
ffffd000`243b1428 60d80400
ffffd000`243b142c c0003a55
ffffd000`243b1430 60e00400
ffffd000`243b1434 c0003a55
ffffd000`243b1438 60e80400
ffffd000`243b143c c0003a55
ffffd000`243b1440 60f00400
ffffd000`243b1444 c0003a55
ffffd000`243b1448 60f80400
ffffd000`243b144c c0003a55
ffffd000`243b1450 61000400
ffffd000`243b1454 c0003a55
ffffd000`243b1458 d091e9e8
ffffd000`243b145c ffffe000
ffffd000`243b1460 00000706
ffffd000`243b1464 00000000
ffffd000`243b1468 00000000
ffffd000`243b146c 00000000
ffffd000`243b1470 00000000
ffffd000`243b1474 00000000
ffffd000`243b1478 00000000
ffffd000`243b147c 00000000
ffffd000`243b1480 00000000
ffffd000`243b1484 00000000
ffffd000`243b1488 243b15c0
ffffd000`243b148c ffffd000
ffffd000`243b1490 243b14e0
ffffd000`243b1494 ffffd000
ffffd000`243b1498 5537c245
ffffd000`243b149c fffff800
ffffd000`243b14a0 61500400
ffffd000`243b14a4 c0003a55
ffffd000`243b14a8 61580400
ffffd000`243b14ac c0003a55
ffffd000`243b14b0 00000000
ffffd000`243b14b4 00000000
ffffd000`243b14b8 00000000
ffffd000`243b14bc 00000000
ffffd000`243b14c0 61700400
ffffd000`243b14c4 c0003a55
ffffd000`243b14c8 61780400
ffffd000`243b14cc c0003a55
ffffd000`243b14d0 61800400
ffffd000`243b14d4 c0003a55
ffffd000`243b14d8 61880400
ffffd000`243b14dc c0003a55
ffffd000`243b14e0 61900400
ffffd000`243b14e4 c0003a55
ffffd000`243b14e8 0000000d
ffffd000`243b14ec 00000003
ffffd000`243b14f0 00000001
ffffd000`243b14f4 00000000
ffffd000`243b14f8 243b1510
ffffd000`243b14fc ffffd000
ffffd000`243b1500 61b00400
ffffd000`243b1504 c0003a55
ffffd000`243b1508 61b80400
ffffd000`243b150c c0003a55
ffffd000`243b1510 00000000
ffffd000`243b1514 00000000
ffffd000`243b1518 ce0c6030
ffffd000`243b151c ffffe000
ffffd000`243b1520 3a912150
ffffd000`243b1524 ffffc000
ffffd000`243b1528 30f370e0
ffffd000`243b152c ffffc000
ffffd000`243b1530 00b70017
ffffd000`243b1534 ffffe000
ffffd000`243b1538 1b60ef88
ffffd000`243b153c 0001b530
ffffd000`243b1540 00000001
ffffd000`243b1544 c0003a55
ffffd000`243b1548 61f80400
ffffd000`243b154c c0003a55
ffffd000`243b1550 32bfd7b0
ffffd000`243b1554 ffffc000
ffffd000`243b1558 c8948a90
ffffd000`243b155c ffffe000
ffffd000`243b1560 d091e9e8
ffffd000`243b1564 ffffe000
ffffd000`243b1568 553717aa
ffffd000`243b156c fffff800
ffffd000`243b1570 00000000
ffffd000`243b1574 00000000
ffffd000`243b1578 f159090a
ffffd000`243b157c ffff2f17
ffffd000`243b1580 c9fd33f0
ffffd000`243b1584 ffffe000
ffffd000`243b1588 00000000
ffffd000`243b158c 00000000
ffffd000`243b1590 54700000
ffffd000`243b1594 fffff800
ffffd000`243b1598 5537bb3f
ffffd000`243b159c fffff800
ffffd000`243b15a0 00000000
ffffd000`243b15a4 ffffe000
ffffd000`243b15a8 3a8ff760
ffffd000`243b15ac ffffc000
ffffd000`243b15b0 c9fd33f0
ffffd000`243b15b4 ffffe000
ffffd000`243b15b8 00000000
ffffd000`243b15bc 00000000
ffffd000`243b15c0 00000019
ffffd000`243b15c4 00000000
ffffd000`243b15c8 3a8ff760
ffffd000`243b15cc ffffc000
ffffd000`243b15d0 00000003
ffffd000`243b15d4 ffffe000
ffffd000`243b15d8 3a8ff790
ffffd000`243b15dc ffffc000
ffffd000`243b15e0 00000000
ffffd000`243b15e4 00000000
ffffd000`243b15e8 00000000
ffffd000`243b15ec 00000000
ffffd000`243b15f0 3a8ff700
ffffd000`243b15f4 ffffc000
ffffd000`243b15f8 5470a5d8
ffffd000`243b15fc fffff800
ffffd000`243b1600 d1be5658
ffffd000`243b1604 ffffe000
ffffd000`243b1608 00000001
ffffd000`243b160c fffff800
ffffd000`243b1610 d1be5658
ffffd000`243b1614 ffffe000
ffffd000`243b1618 00000706
ffffd000`243b161c 00000000
ffffd000`243b1620 ffffffff
ffffd000`243b1624 ffffffff
ffffd000`243b1628 d1be5658
ffffd000`243b162c ffffe000
ffffd000`243b1630 3a8ff718
ffffd000`243b1634 ffffc000
ffffd000`243b1638 547366bf
ffffd000`243b163c fffff800
ffffd000`243b1640 d1be5660
ffffd000`243b1644 ffffe000
ffffd000`243b1648 00000000
ffffd000`243b164c 00000000
ffffd000`243b1650 00000000
ffffd000`243b1654 00000000
ffffd000`243b1658 cc9db588
ffffd000`243b165c ffffe000
ffffd000`243b1660 d1be5610
ffffd000`243b1664 ffffe000
ffffd000`243b1668 5473871a
ffffd000`243b166c fffff800
ffffd000`243b1670 d1be5658
ffffd000`243b1674 ffffe000
ffffd000`243b1678 00000705
ffffd000`243b167c 00000000
ffffd000`243b1680 ffffffff
ffffd000`243b1684 ffffffff
ffffd000`243b1688 cc9db010
ffffd000`243b168c ffffe000
ffffd000`243b1690 ce0c6180
ffffd000`243b1694 ffffe000
ffffd000`243b1698 d1be5610
ffffd000`243b169c ffffe000
ffffd000`243b16a0 cc9db010
ffffd000`243b16a4 ffffe000
ffffd000`243b16a8 5473a032
ffffd000`243b16ac fffff800
ffffd000`243b16b0 d1be5610
ffffd000`243b16b4 ffffe000
ffffd000`243b16b8 ce0c6180
ffffd000`243b16bc ffffe000
ffffd000`243b16c0 00000702
ffffd000`243b16c4 00000000
ffffd000`243b16c8 00000000
ffffd000`243b16cc 00000000
ffffd000`243b16d0 29d94fa8
ffffd000`243b16d4 ffffc000
ffffd000`243b16d8 6a2f0e0d
ffffd000`243b16dc fffff803
ffffd000`243b16e0 3a912150
ffffd000`243b16e4 ffffc000
ffffd000`243b16e8 6a68c1ea
ffffd000`243b16ec fffff803
ffffd000`243b16f0 00000000
ffffd000`243b16f4 00000000
ffffd000`243b16f8 6f725346
ffffd000`243b16fc ffffc000
ffffd000`243b1700 55e39000
ffffd000`243b1704 fffff800
ffffd000`243b1708 55dc533b
ffffd000`243b170c fffff800
ffffd000`243b1710 243b17f0
ffffd000`243b1714 ffffd000
ffffd000`243b1718 243b1a00
ffffd000`243b171c ffffd000
ffffd000`243b1720 d091e9e8
ffffd000`243b1724 ffffe000
ffffd000`243b1728 00000706
ffffd000`243b172c 00000000
ffffd000`243b1730 00000705
ffffd000`243b1734 00000000
ffffd000`243b1738 55e9d0f5
ffffd000`243b173c fffff800
ffffd000`243b1740 3a912150
ffffd000`243b1744 ffffc000
ffffd000`243b1748 d1be5618
ffffd000`243b174c ffffe000
ffffd000`243b1750 243b1828
ffffd000`243b1754 ffffd000
ffffd000`243b1758 ce0c6180
ffffd000`243b175c ffffe000
ffffd000`243b1760 00016e01
ffffd000`243b1764 00010000
ffffd000`243b1768 00000000
ffffd000`243b176c 00000000
ffffd000`243b1770 00000000
ffffd000`243b1774 00000000
ffffd000`243b1778 ce0c6180
ffffd000`243b177c ffffe000
ffffd000`243b1780 00000000
ffffd000`243b1784 00000000
ffffd000`243b1788 3a911400
ffffd000`243b178c ffffc000
ffffd000`243b1790 d2e45018
ffffd000`243b1794 ffffe000
ffffd000`243b1798 3a911010
ffffd000`243b179c ffffc000
1: kd> g
^ No runnable debuggees error in 'g'
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8036a5f656a, The address that the exception occurred at
Arg3: ffffd000243b10f8, Exception Record Address
Arg4: ffffd000243b0910, Context Record Address
Debugging Details:
------------------
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: To Be Filled By O.E.M.
BIOS_DATE: 10/13/2015
BASEBOARD_PRODUCT: Z97 Anniversary
BASEBOARD_VERSION:
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8036a5f656a
BUGCHECK_P3: ffffd000243b10f8
BUGCHECK_P4: ffffd000243b0910
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i 0x%p refererte minne ved adressen 0x%p. Minnet kunne ikke v re %s.
FAULTING_IP:
nt!PfpRpFileKeyUpdate+41a
fffff803`6a5f656a 488b4108 mov rax,qword ptr [rcx+8]
EXCEPTION_RECORD: ffffd000243b10f8 -- (.exr 0xffffd000243b10f8)
ExceptionAddress: fffff8036a5f656a (nt!PfpRpFileKeyUpdate+0x000000000000041a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: ffffd000243b0910 -- (.cxr 0xffffd000243b0910)
rax=004f004f004c0054 rbx=ffffffffffffffff rcx=0055004f0067006e
rdx=ffffc0003c63b7a0 rsi=8000000000000002 rdi=0000000000000000
rip=fffff8036a5f656a rsp=ffffd000243b1330 rbp=ffffd000243b1439
r8=0f505d821ea9f122 r9=0000000000008000 r10=ffffc0003a912150
r11=ffffffffffffffff r12=0000000000000000 r13=ffffc0003a912150
r14=0000000000000000 r15=fffff8036a51bf18
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!PfpRpFileKeyUpdate+0x41a:
fffff803`6a5f656a 488b4108 mov rax,qword ptr [rcx+8] ds:002b:0055004f`00670076=????????????????
Resetting default scope
CPU_COUNT: 4
CPU_MHZ: cdc
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - Instruksjonen i 0x%p refererte minne ved adressen 0x%p. Minnet kunne ikke v re %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: fffff8036a59a520: Unable to get MiVisibleState
ffffffffffffffff
FOLLOWUP_IP:
fileinfo!FIStreamLog+155
fffff800`5537c245 4c8b5d18 mov r11,qword ptr [rbp+18h]
BUGCHECK_STR: AV
ANALYSIS_VERSION: 10.0.10240.9 amd64fre
LAST_CONTROL_TRANSFER: from fffff8036a27b064 to fffff8036a5f656a
STACK_TEXT:
ffffd000`243b1330 fffff803`6a27b064 : ffffd000`243b15c0 ffffd000`00000000 ffffd000`243b15c0 ffffc000`3a912150 : nt!PfpRpFileKeyUpdate+0x41a
ffffd000`243b13b0 fffff800`5537c245 : c0003a55`61500400 c0003a55`61580400 00000000`00000000 00000000`00000000 : nt!PfFileInfoNotify+0x5e4
ffffd000`243b14a0 fffff800`5537bb3f : ffffe000`00000000 ffffc000`3a8ff760 ffffe000`c9fd33f0 00000000`00000000 : fileinfo!FIStreamLog+0x155
ffffd000`243b15a0 fffff800`5470a5d8 : ffffe000`d1be5658 fffff800`00000001 ffffe000`d1be5658 00000000`00000706 : fileinfo!FIStreamCleanup+0x9f
ffffd000`243b1600 fffff800`547366bf : ffffe000`d1be5660 00000000`00000000 00000000`00000000 ffffe000`cc9db588 : FLTMGR!DoReleaseContext+0x78
ffffd000`243b1640 fffff800`5473871a : ffffe000`d1be5658 00000000`00000705 ffffffff`ffffffff ffffe000`cc9db010 : FLTMGR!FltpDeleteContextList+0xaf
ffffd000`243b1670 fffff800`5473a032 : ffffe000`d1be5610 ffffe000`ce0c6180 00000000`00000702 00000000`00000000 : FLTMGR!CleanupStreamListCtrl+0x4a
ffffd000`243b16b0 fffff803`6a68c1ea : 00000000`00000000 ffffc000`6f725346 fffff800`55e39000 fffff800`55dc533b : FLTMGR!DeleteStreamListCtrlCallback+0x92
ffffd000`243b16f0 fffff800`55e9d0f5 : ffffc000`3a912150 ffffe000`d1be5618 ffffd000`243b1828 ffffe000`ce0c6180 : nt!FsRtlTeardownPerStreamContexts+0x5a
ffffd000`243b1740 fffff800`55e9cee2 : ffffe001`01000000 00000000`00000000 ffffe000`ce0c6180 fffff800`55dcdb26 : NTFS!NtfsDeleteScb+0x145
ffffd000`243b17e0 fffff800`55dd5a83 : 00000000`00000000 ffffc000`3a912150 00000000`00000000 ffffc000`3a912048 : NTFS!NtfsRemoveScb+0x62
ffffd000`243b1820 fffff800`55e9cc60 : ffffc000`3a912010 ffffd000`243b1a80 ffffe000`d091e9e8 fffff800`55dcd66d : NTFS!NtfsPrepareFcbForRemoval+0x63
ffffd000`243b1860 fffff800`55dcca80 : ffffe000`d091e9e8 ffffd000`243b1963 ffffc000`3a912420 ffffc000`3a912010 : NTFS!NtfsTeardownStructures+0x90
ffffd000`243b18e0 fffff800`55e84aeb : ffffd000`243b1ab8 ffffd000`00000001 ffffd000`243b1a80 ffffc000`3a912010 : NTFS!NtfsDecrementCloseCounts+0xd0
ffffd000`243b1920 fffff800`55ec0112 : ffffe000`d091e9e8 ffffc000`3a912150 ffffc000`3a912010 ffffe000`ce0c6180 : NTFS!NtfsCommonClose+0x40b
ffffd000`243b19f0 fffff803`6a286b79 : fffff803`6a5af200 ffffe000`cd5d4040 00000000`00000000 fffff803`6a51daa8 : NTFS!NtfsFspCloseInternal+0x1a6
ffffd000`243b1b80 fffff803`6a225125 : 00000000`00000000 00000000`00000080 ffffe000`c8892700 ffffe000`cd5d4040 : nt!ExpWorkerThread+0xe9
ffffd000`243b1c10 fffff803`6a363606 : ffffd000`795b6180 ffffe000`cd5d4040 fffff803`6a2250e4 fffff800`55ae205e : nt!PspSystemThreadStartup+0x41
ffffd000`243b1c60 00000000`00000000 : ffffd000`243b2000 ffffd000`243ac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: fileinfo!FIStreamLog+155
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5632d7dd
IMAGE_VERSION: 10.0.10586.0
STACK_COMMAND: .cxr 0xffffd000243b0910 ; kb
BUCKET_ID_FUNC_OFFSET: 155
FAILURE_BUCKET_ID: AV_fileinfo!FIStreamLog
BUCKET_ID: AV_fileinfo!FIStreamLog
PRIMARY_PROBLEM_CLASS: AV_fileinfo!FIStreamLog
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_fileinfo!fistreamlog
FAILURE_ID_HASH: {fe921cf1-eb48-5a69-fae6-1cebd1abe45d}
Followup: MachineOwner
---------
1: kd> lmvm fileinfo
Browse full module list
start end module name
fffff800`55370000 fffff800`55389000 fileinfo (pdb symbols) c:\symbols\fileinfo.pdb\EDAC3E964274474F9DEBCB699A8AF6651\fileinfo.pdb
Loaded symbol image file: fileinfo.sys
Mapped memory image file: c:\symbols\fileinfo.sys\5632D7DD19000\fileinfo.sys
Image path: \SystemRoot\System32\drivers\fileinfo.sys
Image name: fileinfo.sys
Browse all global symbols functions data
Timestamp: Fri Oct 30 03:37:17 2015 (5632D7DD)
CheckSum: 000200B3
ImageSize: 00019000
File version: 10.0.10586.0
Product version: 10.0.10586.0
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: FileInfo.sys
OriginalFilename: FileInfo.sys
ProductVersion: 10.0.10586.0
FileVersion: 10.0.10586.0 (th2_release.151029-1700)
FileDescription: FileInfo Filter Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
1: kd> kb
# RetAddr : Args to Child : Call Site
00 fffff803`6a27b064 : ffffd000`243b15c0 ffffd000`00000000 ffffd000`243b15c0 ffffc000`3a912150 : nt!PfpRpFileKeyUpdate+0x41a
01 fffff800`5537c245 : c0003a55`61500400 c0003a55`61580400 00000000`00000000 00000000`00000000 : nt!PfFileInfoNotify+0x5e4
02 fffff800`5537bb3f : ffffe000`00000000 ffffc000`3a8ff760 ffffe000`c9fd33f0 00000000`00000000 : fileinfo!FIStreamLog+0x155
03 fffff800`5470a5d8 : ffffe000`d1be5658 fffff800`00000001 ffffe000`d1be5658 00000000`00000706 : fileinfo!FIStreamCleanup+0x9f
04 fffff800`547366bf : ffffe000`d1be5660 00000000`00000000 00000000`00000000 ffffe000`cc9db588 : FLTMGR!DoReleaseContext+0x78
05 fffff800`5473871a : ffffe000`d1be5658 00000000`00000705 ffffffff`ffffffff ffffe000`cc9db010 : FLTMGR!FltpDeleteContextList+0xaf
06 fffff800`5473a032 : ffffe000`d1be5610 ffffe000`ce0c6180 00000000`00000702 00000000`00000000 : FLTMGR!CleanupStreamListCtrl+0x4a
07 fffff803`6a68c1ea : 00000000`00000000 ffffc000`6f725346 fffff800`55e39000 fffff800`55dc533b : FLTMGR!DeleteStreamListCtrlCallback+0x92
08 fffff800`55e9d0f5 : ffffc000`3a912150 ffffe000`d1be5618 ffffd000`243b1828 ffffe000`ce0c6180 : nt!FsRtlTeardownPerStreamContexts+0x5a
09 fffff800`55e9cee2 : ffffe001`01000000 00000000`00000000 ffffe000`ce0c6180 fffff800`55dcdb26 : NTFS!NtfsDeleteScb+0x145
0a fffff800`55dd5a83 : 00000000`00000000 ffffc000`3a912150 00000000`00000000 ffffc000`3a912048 : NTFS!NtfsRemoveScb+0x62
0b fffff800`55e9cc60 : ffffc000`3a912010 ffffd000`243b1a80 ffffe000`d091e9e8 fffff800`55dcd66d : NTFS!NtfsPrepareFcbForRemoval+0x63
0c fffff800`55dcca80 : ffffe000`d091e9e8 ffffd000`243b1963 ffffc000`3a912420 ffffc000`3a912010 : NTFS!NtfsTeardownStructures+0x90
0d fffff800`55e84aeb : ffffd000`243b1ab8 ffffd000`00000001 ffffd000`243b1a80 ffffc000`3a912010 : NTFS!NtfsDecrementCloseCounts+0xd0
0e fffff800`55ec0112 : ffffe000`d091e9e8 ffffc000`3a912150 ffffc000`3a912010 ffffe000`ce0c6180 : NTFS!NtfsCommonClose+0x40b
0f fffff803`6a286b79 : fffff803`6a5af200 ffffe000`cd5d4040 00000000`00000000 fffff803`6a51daa8 : NTFS!NtfsFspCloseInternal+0x1a6
10 fffff803`6a225125 : 00000000`00000000 00000000`00000080 ffffe000`c8892700 ffffe000`cd5d4040 : nt!ExpWorkerThread+0xe9
11 fffff803`6a363606 : ffffd000`795b6180 ffffe000`cd5d4040 fffff803`6a2250e4 fffff800`55ae205e : nt!PspSystemThreadStartup+0x41
12 00000000`00000000 : ffffd000`243b2000 ffffd000`243ac000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
1: kd> .exr 0xffffd000243b10f8
ExceptionAddress: fffff8036a5f656a (nt!PfpRpFileKeyUpdate+0x000000000000041a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
1: kd> .cxr 0xffffd000243b0910
rax=004f004f004c0054 rbx=ffffffffffffffff rcx=0055004f0067006e
rdx=ffffc0003c63b7a0 rsi=8000000000000002 rdi=0000000000000000
rip=fffff8036a5f656a rsp=ffffd000243b1330 rbp=ffffd000243b1439
r8=0f505d821ea9f122 r9=0000000000008000 r10=ffffc0003a912150
r11=ffffffffffffffff r12=0000000000000000 r13=ffffc0003a912150
r14=0000000000000000 r15=fffff8036a51bf18
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!PfpRpFileKeyUpdate+0x41a:
fffff803`6a5f656a 488b4108 mov rax,qword ptr [rcx+8] ds:002b:0055004f`00670076=????????????????
1: kd> .ecxr
Unable to get exception context, HRESULT 0x8000FFFF
1: kd> .lastevent
Last event: Break instruction exception - code 80000003 (first/second chance not available)
debugger time: Sat Nov 28 12:25:16.422 2015 (UTC + 1:00)
Looks like a driver fault.