Wireshark-dev: Re: [Wireshark-dev] Npcap 0.03 call for test

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Mon, 27 Jul 2015 16:53:54 +0100
Hi Yang,

Finally, after removing the Nurago Web Meter, and its Gacela LSP stack (which is supposedly user-mode-only) (and upgrading VMware Player to 6.0.7, from 6.0.4), running CCleaner again, and quickly starting Wireshark, quitting it, and then restarting it, I am able to capture packets (14k, so far) using NPCap (including from loopback).

I think I'll need to keep things running for a couple of hours, to see if I have any other crashes - but since Gacela seems to be installed by a lot of third-party software, it may be worth investigating this incompatibility.

If it helps, I can provide you with a copy of the Nurago/Gacela software, for investigation. (Builds of this are personalised with a per-user ID, prior to downloading from a UK/Germany-based Internet activity research site, and it seems that the download server is currently offline).

Tyson.

2015-07-27 15:42 GMT+01:00 Tyson Key <tyson.key@xxxxxxxxx>:
After rebooting from uninstalling MS NetMon, I restarted Wireshark, and got the usual "NPF service not running; no interfaces available" note. This persists, even if I try "NPFInstall -r", and Wireshark still claims that no interfaces are available. 

Eventually, after uninstalling NPCap, removing all of the loopback interfaces, and running CCleaner to remove any residual registry data, and then rebooting yet again, I could start Wireshark, and list the installed interfaces - but unsurprisingly, a few moments later, I received another BSoD.

If it helps, my Wireshark version is:

Version 1.99.8-492-g3f0f49d (v1.99.8rc0-492-g3f0f49d from master)

Copyright 1998-2015 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8, with
WinPcap (unknown), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with
c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 22 2015), with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with locale English_United
Kingdom.1252, with Npcap version 0.01 (packet.dll version 0.03), based on
WinPcap version 4.1.3 (packet.dll version 4.1.0.3001), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
AMD A6-5200 APU with Radeon(TM) HD Graphics     (with SSE4.2), with 5577MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 31101

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

Other than NetMon (which I've removed), the only other things that I think could be causing a conflict are either the VMware host-only networking filters; the networking components included with whatever Bluetooth stack Lenovo shipped; the massive pile of hacks installed by the Gacela component of "Nurago Web Meter", or my Atheros WLAN drivers (which caused Acrylic Wi-Fi's NDIS filters to crash, when I briefly had that installed, a while ago).

In the meantime, I'm going to upgrade my VMware Player installation to the latest version, and see if it includes newer networking components.

Tyson.

2015-07-27 14:46 GMT+01:00 Tyson Key <tyson.key@xxxxxxxxx>:
Annoying, because Microsoft Network Monitor 3.4 is the only tool that can capture 802.11 traffic in monitor mode even semi-reliably (although it seems that the buffer gets full, and then it stops capturing, after about 30 minutes), with my Atheros WLAN adapter, under Windows - but it seems that if I disable the NetMon 3.4 driver on the NPCap Loopback Interface, I can then start Wireshark, and then capture for about a minute, before I receive another BSoD:

==================================================
Dump File         : 072715-30015-01.dmp
Crash Time        : 27/07/2015 02:14:04 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`d9c696f2
Parameter 4       : ffffe000`fad2a488
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\072715-30015-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 02:15:06 pm
==================================================

Usually, the NetMon, and WinPCap (and VMware passthrough) drivers can safely co-exist on a machine, without issues - but having had bad experiences with an "AppEx Networks Accelerator" (QoS) filter driver causing blue-screens, in the past, I'm starting to suspect that only a few filter drivers can safely hook the same points of the networking stack, before they trample over each other...

As an experiment, I'm going to see what happens if I remove both the NetMon driver, and the "Npcap Packet Driver (NPCAP)", and replace them with "Win10Pcap Packet Capture Driver", despite using Windows 8.1, instead of Windows 10:

I get prompted with "The file 'Win10Pcap.sys' on Win10Pcap Packet Capture Driver Installation Disk is needed. Type the path where the file is located, and then click OK", and the default search path is set to "C:\Program Files (x86)\Win10Pcap\x64\drivers\win78". Unsurprisingly, neither "C:\Program Files\Win10Pcap\x64\", nor "C:\Program Files (x86)\Win10Pcap\x64\" exist - so I'll have to scrap that idea, and try just reinstalling the regular NPCap driver, as a "service", using the .inf file in "C:\Program Files\Npcap".. 

Now, I get "The NPF driver isn't running.  You may have trouble capturing or listing interfaces", when restarting Wireshark, but at least it doesn't BSoD. I'll try rebooting, and see what happens...

2015-07-27 14:08 GMT+01:00 Tyson Key <tyson.key@xxxxxxxxx>:
Hi Yang,

I just tried this version on my machine (after uninstalling WinPCap, rebooting, installing NPCap, and then rebooting again), and it seems that during starting Wireshark, I still receive the BAD_POOL_CALLER BSoD:

==================================================
Dump File         : 072715-38828-01.dmp
Crash Time        : 27/07/2015 01:55:12 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`00000000
Parameter 4       : ffffe000`53e2a9c8
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\072715-38828-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 01:56:27 pm
==================================================

If it helps, here's the list of loaded drivers, and DLLs, at the time of crashing:

dump_diskdump.sys fffff800`bd725000 fffff800`bd731000 0x0000c000 0x5215f8a2 22/08/2013 12:40:18 pm
dump_amd_sata.sys fffff800`bd731000 fffff800`bd74e000 0x0001d000 0x50b875ba 30/11/2012 10:00:42 am
dump_dumpfve.sys fffff800`bd74e000 fffff800`bd764000 0x00016000 0x530894b8 22/02/2014 01:14:48 pm
X5XSEx_Pr148.Sys fffff800`bec00000 fffff800`bec12000 0x00012000 0x501a77cf 02/08/2012 01:51:27 pm
ATMFD.DLL fffff960`00a65000 fffff960`00ac4000 0x0005f000 0x00000000 Adobe Type Manager Windows NT OpenType/Type 1 Font Driver 5.1 Build 243 Adobe Systems Incorporated C:\WINDOWS\system32\ATMFD.DLL
amd_sata.sys fffff800`bab68000 fffff800`bab85000 0x0001d000 0x50b875ba 30/11/2012 10:00:42 am AHCI 1.3 Device Driver AHCI 1.3 Device Driver 1.3.001.0068 Advanced Micro Devices C:\WINDOWS\system32\drivers\amd_sata.sys
amd_xata.sys fffff800`babe3000 fffff800`babed000 0x0000a000 0x50b875be 30/11/2012 10:00:46 am Stor Filter Driver Stor Filter Driver 1.3.001.0068 Advanced Micro Devices C:\WINDOWS\system32\drivers\amd_xata.sys
usbfilter.sys fffff800`bcbe6000 fffff800`bcbf7000 0x00011000 0x503d6ff0 29/08/2012 02:27:12 am AMD USB Filter Driver AMD USB Filter Driver 2.0.10.273 built by: WinDDK Advanced Micro Devices C:\WINDOWS\system32\drivers\usbfilter.sys
AtihdW86.sys fffff800`bd2be000 fffff800`bd2d9000 0x0001b000 0x511d6100 14/02/2013 11:11:12 pm AMD HD Audio Driver AMD High Definition Audio Function Driver 8.0.0.8811 Advanced Micro Devices C:\WINDOWS\system32\drivers\AtihdW86.sys
atikmpag.sys fffff800`bbcec000 fffff800`bbd8b000 0x0009f000 0x52a58b19 09/12/2013 10:19:21 am AMD driver AMD multi-vendor Miniport Driver 8.14.01.6354 Advanced Micro Devices, Inc. C:\WINDOWS\system32\drivers\atikmpag.sys
atikmdag.sys fffff800`bbe8b000 fffff800`bcb79000 0x00cee000 0x52a598df 09/12/2013 11:18:07 am ATI Radeon Family ATI Radeon Kernel Mode Driver 8.01.01.1360 Advanced Micro Devices, Inc. C:\WINDOWS\system32\drivers\atikmdag.sys
AmdAS4.sys fffff800`bd1cf000 fffff800`bd1d8000 0x00009000 0x511370a9 07/02/2013 10:15:21 am Amd AS4 Device Driver AMD AS4 Driver 1.1.0.0017 Advanced Micro Devices, INC. C:\WINDOWS\system32\drivers\AmdAS4.sys
CHDRT64.sys fffff800`bd4f7000 fffff800`bd6a0000 0x001a9000 0x512c4346 26/02/2013 06:08:22 am Conexant HDAudio Driver 64-bit High Definition Audio Function Driver 8.64.49.0 built by: WinDDK Conexant Systems Inc. C:\WINDOWS\system32\drivers\CHDRT64.sys
cbfs3.sys fffff800`bbc11000 fffff800`bbc64000 0x00053000 0x4cf3f857 29/11/2010 08:00:39 pm Callback File System (TM) Callback File System Driver 3, 1, 83, 205 EldoS Corporation C:\WINDOWS\system32\drivers\cbfs3.sys
GEARAspiWDM.sys fffff800`bcff8000 fffff800`bcffec00 0x00006c00 0x4fa2e2e1 03/05/2012 08:56:17 pm CD DVD Filter CD DVD Filter 2.02.03.00 GEAR Software Inc. C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
npf.sys fffff800`bbbc1000 fffff800`bbbd2000 0x00011000 0x55b5ffcd 27/07/2015 10:54:21 am Npcap npf.sys (NT6 AMD64) Kernel Filter Driver 0.03 Insecure.Com LLC. C:\WINDOWS\system32\drivers\npf.sys
AcpiVpc.sys fffff800`bd1a6000 fffff800`bd1bc000 0x00016000 0x4fb1aefd 15/05/2012 02:18:53 am Lenovo ACPI Virtual Power Controller Driver 6.1.2601.3 Lenovo Corporation C:\WINDOWS\system32\drivers\AcpiVpc.sys
LhdX64.sys fffff800`bb25d000 fffff800`bb26b000 0x0000e000 0x4b4b3e92 11/01/2010 04:06:58 pm Disk Driver HD Disk Driver 1.10.0.1 Lenovo. C:\WINDOWS\system32\drivers\LhdX64.sys
secdrv.SYS fffff800`bed93000 fffff800`bed9e000 0x0000b000 0x4508052e 13/09/2006 02:18:38 pm Macrovision SECURITY Driver Macrovision SECURITY Driver 4.03.086 Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. C:\WINDOWS\system32\drivers\secdrv.SYS
ntoskrnl.exe ntoskrnl.exe+2a4ff2 fffff801`bc47b000 fffff801`bcc0f000 0x00794000 0x550f41a6 22/03/2015 11:26:46 pm Microsoft® Windows® Operating System NT Kernel & System 6.3.9600.17736 (winblue_r9.150322-1500) Microsoft Corporation C:\WINDOWS\system32\ntoskrnl.exe
hal.dll fffff801`bc40b000 fffff801`bc47b000 0x00070000 0x538bade8 01/06/2014 11:49:12 pm Microsoft® Windows® Operating System Hardware Abstraction Layer DLL 6.3.9600.17196 (winblue_gdr.140601-1505) Microsoft Corporation C:\WINDOWS\system32\hal.dll
kd.dll fffff801`bb54b000 fffff801`bb554000 0x00009000 0x5215f8bb 22/08/2013 12:40:43 pm Microsoft® Windows® Operating System Local Kernel Debugger 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\kd.dll
mcupdate_AuthenticAMD.dll fffff800`ba489000 fffff800`ba4a4000 0x0001b000 0x5216068e 22/08/2013 01:39:42 pm Microsoft® Windows® Operating System AMD Microcode Update Library 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\mcupdate_AuthenticAMD.dll
werkernel.sys fffff800`ba4a4000 fffff800`ba4b2000 0x0000e000 0x5215f8a8 22/08/2013 12:40:24 pm Microsoft® Windows® Operating System Windows Error Reporting Kernel Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\werkernel.sys
CLFS.SYS fffff800`ba4b2000 fffff800`ba514000 0x00062000 0x54f656f9 04/03/2015 01:51:05 am Microsoft® Windows® Operating System Common Log File System Driver 6.3.9600.17719 (winblue_r9.150303-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\CLFS.SYS
tm.sys fffff800`ba514000 fffff800`ba536000 0x00022000 0x5215f875 22/08/2013 12:39:33 pm Microsoft® Windows® Operating System Kernel Transaction Manager Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\tm.sys
PSHED.dll fffff800`ba536000 fffff800`ba54b000 0x00015000 0x52346b3f 14/09/2013 02:57:19 pm Microsoft® Windows® Operating System Platform Specific Hardware Error Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\PSHED.dll
BOOTVID.dll fffff800`ba54b000 fffff800`ba555000 0x0000a000 0x5215f8aa 22/08/2013 12:40:26 pm Microsoft® Windows® Operating System VGA Boot Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\BOOTVID.dll
CI.dll fffff800`ba555000 fffff800`ba5dd000 0x00088000 0x548276b0 06/12/2014 04:23:28 am Microsoft® Windows® Operating System Code Integrity Module (Test) 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\CI.dll
msrpc.sys fffff800`ba400000 fffff800`ba45d000 0x0005d000 0x5215f86a 22/08/2013 12:39:22 pm Microsoft® Windows® Operating System Kernel Remote Procedure Call Provider 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\msrpc.sys
Wdf01000.sys fffff800`ba649000 fffff800`ba718000 0x000cf000 0x5215f850 22/08/2013 12:38:56 pm Microsoft® Windows® Operating System Kernel Mode Driver Framework Runtime 1.13.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Wdf01000.sys
WDFLDR.SYS fffff800`ba718000 fffff800`ba729000 0x00011000 0x5215f857 22/08/2013 12:39:03 pm Microsoft® Windows® Operating System Kernel Mode Driver Framework Loader 1.13.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\WDFLDR.SYS
acpiex.sys fffff800`ba729000 fffff800`ba741000 0x00018000 0x5215f80b 22/08/2013 12:37:47 pm Microsoft® Windows® Operating System ACPIEx Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\acpiex.sys
WppRecorder.sys fffff800`ba741000 fffff800`ba74c000 0x0000b000 0x5215f87c 22/08/2013 12:39:40 pm Microsoft® Windows® Operating System WPP Trace Recorder 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\WppRecorder.sys
ACPI.sys fffff800`ba74c000 fffff800`ba7d4000 0x00088000 0x54335e2e 07/10/2014 04:29:50 am Microsoft® Windows® Operating System ACPI Driver for NT 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\ACPI.sys
WMILIB.SYS fffff800`ba7d4000 fffff800`ba7de000 0x0000a000 0x5215f8a7 22/08/2013 12:40:23 pm Microsoft® Windows® Operating System WMILIB WMI support library Dll 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\WMILIB.SYS
cng.sys fffff800`ba85b000 fffff800`ba8e6000 0x0008b000 0x55187b0d 29/03/2015 11:22:05 pm Microsoft® Windows® Operating System Kernel Cryptography, Next Generation 6.3.9600.17785 (winblue_r10.150329-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\cng.sys
msisadrv.sys fffff800`ba8f4000 ffffd800`ba8fe000 0xffffe0000000a000 0x5215f857 22/08/2013 12:39:03 pm Microsoft® Windows® Operating System ISA Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\msisadrv.sys
pci.sys fffff800`ba8fe000 fffff800`ba946000 0x00048000 0x53d0f1d4 24/07/2014 12:45:24 pm Microsoft® Windows® Operating System NT Plug and Play PCI Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\pci.sys
vdrvroot.sys fffff800`ba946000 fffff800`ba953000 0x0000d000 0x5215f849 22/08/2013 12:38:49 pm Microsoft® Windows® Operating System Virtual Drive Root Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\vdrvroot.sys
pdc.sys fffff800`ba953000 fffff800`ba96f000 0x0001c000 0x5434c9f7 08/10/2014 06:21:59 am Microsoft® Windows® Operating System Power Dependency Coordinator Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\pdc.sys
partmgr.sys fffff800`ba96f000 fffff800`ba987000 0x00018000 0x5434e912 08/10/2014 08:34:42 am Microsoft® Windows® Operating System Partition Management Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\partmgr.sys
spaceport.sys fffff800`ba987000 fffff800`ba9f0000 0x00069000 0x54505527 29/10/2014 03:47:03 am Microsoft® Windows® Operating System Storage Spaces Driver 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\spaceport.sys
volmgr.sys fffff800`ba800000 fffff800`ba815000 0x00015000 0x5215f889 22/08/2013 12:39:53 pm Microsoft® Windows® Operating System Volume Manager Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\volmgr.sys
volmgrx.sys fffff800`baabf000 fffff800`bab1e000 0x0005f000 0x5215f8a7 22/08/2013 12:40:23 pm Microsoft® Windows® Operating System Volume Manager Extension Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\volmgrx.sys
mountmgr.sys fffff800`bab4d000 fffff800`bab68000 0x0001b000 0x54333f58 07/10/2014 02:18:16 am Microsoft® Windows® Operating System Mount Point Manager 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\mountmgr.sys
storport.sys fffff800`bab85000 fffff800`babe3000 0x0005e000 0x5423822b 25/09/2014 03:47:07 am Microsoft® Windows® Operating System Microsoft Storage Port Driver 6.3.9600.17383 (winblue_r4.140924-1541) Microsoft Corporation C:\WINDOWS\system32\drivers\storport.sys
EhStorClass.sys fffff800`baa00000 fffff800`baa1a000 0x0001a000 0x5215f827 22/08/2013 12:38:15 pm Microsoft® Windows® Operating System Enhanced Storage Class driver for IEEE 1667 devices 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\EhStorClass.sys
fltmgr.sys fffff800`baa1a000 fffff800`baa76000 0x0005c000 0x53fbf00c 26/08/2014 03:25:16 am Microsoft® Windows® Operating System Microsoft Filesystem Filter Manager 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\fltmgr.sys
fileinfo.sys fffff800`baa76000 fffff800`baa8c000 0x00016000 0x53089456 22/02/2014 01:13:10 pm Microsoft® Windows® Operating System FileInfo Filter Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\fileinfo.sys
Wof.sys fffff800`baa8c000 fffff800`baab7000 0x0002b000 0x53216bf1 13/03/2014 09:27:29 am Microsoft® Windows® Operating System Windows Overlay Filter 6.3.9600.17050 (winblue_gdr.140312-1703) Microsoft Corporation C:\WINDOWS\system32\drivers\Wof.sys
WdFilter.sys fffff800`ba815000 ffffd800`ba858000 0xffffe00000043000 0x54cb5b0a 30/01/2015 11:20:58 am Microsoft Malware Protection Microsoft antimalware file system filter driver 4.7.0205.0 Microsoft Corporation C:\WINDOWS\system32\drivers\WdFilter.sys
Ntfs.sys fffff800`bac65000 fffff800`bae5f000 0x001fa000 0x54387b6b 11/10/2014 01:35:55 am Microsoft® Windows® Operating System NT File System Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\Ntfs.sys
ksecdd.sys fffff800`bae5f000 fffff800`bae7b000 0x0001c000 0x54505548 29/10/2014 03:47:36 am Microsoft® Windows® Operating System Kernel Security Support Provider Interface 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\ksecdd.sys
pcw.sys fffff800`bae7b000 fffff800`bae8b000 0x00010000 0x5215cfea 22/08/2013 09:46:34 am Microsoft® Windows® Operating System Performance Counters for Windows Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\pcw.sys
Fs_Rec.sys fffff800`bae8b000 fffff800`bae96000 0x0000b000 0x5215cfe9 22/08/2013 09:46:33 am Microsoft® Windows® Operating System File System Recognizer Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Fs_Rec.sys
ndis.sys fffff800`bae96000 fffff800`bafad000 0x00117000 0x54d01043 03/02/2015 01:03:15 am Microsoft® Windows® Operating System Network Driver Interface Specification (NDIS) 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\ndis.sys
NETIO.SYS fffff800`bb046000 fffff800`bb0be000 0x00078000 0x540ebbe6 09/09/2014 09:35:50 am Microsoft® Windows® Operating System Network I/O Subsystem 6.3.9600.17337 (winblue_r3.140908-1537) Microsoft Corporation C:\WINDOWS\system32\drivers\NETIO.SYS
ksecpkg.sys fffff800`bb0be000 fffff800`bb0ef000 0x00031000 0x558e14bf 27/06/2015 04:13:03 am Microsoft® Windows® Operating System Kernel Security Support Provider Interface Packages 6.3.9600.17918 (winblue_ltsb.150626-1534) Microsoft Corporation C:\WINDOWS\system32\drivers\ksecpkg.sys
tcpip.sys fffff800`bb286000 fffff800`bb4f2000 0x0026c000 0x54505542 29/10/2014 03:47:30 am Microsoft® Windows® Operating System TCP/IP Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\tcpip.sys
fwpkclnt.sys fffff800`bb4f2000 fffff800`bb55e000 0x0006c000 0x545054f3 29/10/2014 03:46:11 am Microsoft® Windows® Operating System FWP/IPsec Kernel-Mode API 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\fwpkclnt.sys
wfplwfs.sys fffff800`bb55e000 fffff800`bb583000 0x00025000 0x545054e1 29/10/2014 03:45:53 am Microsoft® Windows® Operating System WFP NDIS 6.30 Lightweight Filter Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\wfplwfs.sys
fvevol.sys fffff800`bb0ef000 fffff800`bb184000 0x00095000 0x534325db 07/04/2014 11:25:31 pm Microsoft® Windows® Operating System BitLocker Drive Encryption Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\fvevol.sys
volsnap.sys fffff800`bb583000 fffff800`bb5d2000 0x0004f000 0x53a21598 18/06/2014 11:41:28 pm Microsoft® Windows® Operating System Volume Shadow Copy Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\volsnap.sys
rdyboost.sys fffff800`bb200000 fffff800`bb246000 0x00046000 0x53089474 22/02/2014 01:13:40 pm Microsoft® Windows® Operating System ReadyBoost Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\rdyboost.sys
mup.sys fffff800`bb246000 fffff800`bb25d000 0x00017000 0x5215f8ac 22/08/2013 12:40:28 pm Microsoft® Windows® Operating System Multiple UNC Provider Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\mup.sys
intelpep.sys fffff800`bb26b000 fffff800`bb27a000 0x0000f000 0x5434e8d8 08/10/2014 08:33:44 am Microsoft® Windows® Operating System Intel Power Engine Plugin 6.3.9600.17396 (winblue_r4.141007-2030) Microsoft Corporation C:\WINDOWS\system32\drivers\intelpep.sys
disk.sys fffff800`bb5d2000 fffff800`bb5ee000 0x0001c000 0x5215f883 22/08/2013 12:39:47 pm Microsoft® Windows® Operating System PnP Disk Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\disk.sys
CLASSPNP.SYS fffff800`bb184000 fffffa46`bb1da000 0x0000024600056000 0x5434c9ff 08/10/2014 06:22:07 am Microsoft® Windows® Operating System SCSI Class System Dll 6.3.9600.17396 (winblue_r4.141007-2030) Microsoft Corporation C:\WINDOWS\system32\drivers\CLASSPNP.SYS
crashdmp.sys fffff800`bb1da000 ffffc800`bb1ef000 0xffffd00000015000 0x5215f893 22/08/2013 12:40:03 pm Microsoft® Windows® Operating System Crash Dump Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\crashdmp.sys
cdrom.sys fffff800`bafad000 fffff800`bafdb000 0x0002e000 0x5215cfeb 22/08/2013 09:46:35 am Microsoft® Windows® Operating System SCSI CD-ROM Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\cdrom.sys
Null.SYS fffff800`bb27a000 fffff800`bb283000 0x00009000 0x5215f8a8 22/08/2013 12:40:24 pm Microsoft® Windows® Operating System NULL Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Null.SYS
Beep.SYS fffff800`bb033000 fffff800`bb03b000 0x00008000 0x5215f8a8 22/08/2013 12:40:24 pm Microsoft® Windows® Operating System BEEP Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Beep.SYS
BasicRender.sys fffff800`bb1ef000 fffff800`bb1fd000 0x0000e000 0x5308948a 22/02/2014 01:14:02 pm Microsoft® Windows® Operating System Microsoft Basic Render Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\BasicRender.sys
dxgkrnl.sys fffff800`bb80e000 fffff800`bb98e000 0x00180000 0x54505515 29/10/2014 03:46:45 am Microsoft® Windows® Operating System DirectX Graphics Kernel 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\dxgkrnl.sys
watchdog.sys fffff800`bb98e000 fffff800`bb9a0000 0x00012000 0x530894af 22/02/2014 01:14:39 pm Microsoft® Windows® Operating System Watchdog Driver 6.3.9600.17031 (winblue_gdr.140221-1952) Microsoft Corporation C:\WINDOWS\system32\drivers\watchdog.sys
dxgmms1.sys fffff800`bac00000 fffff800`bac63000 0x00063000 0x54505506 29/10/2014 03:46:30 am Microsoft® Windows® Operating System DirectX Graphics MMS 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\dxgmms1.sys
BasicDisplay.sys fffff800`bb9a0000 fffff800`bb9b2000 0x00012000 0x5215f873 22/08/2013 12:39:31 pm Microsoft® Windows® Operating System Microsoft Basic Display Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\BasicDisplay.sys
Npfs.SYS fffff800`bb9b2000 fffff800`bb9c6000 0x00014000 0x5215f8a9 22/08/2013 12:40:25 pm Microsoft® Windows® Operating System NPFS Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Npfs.SYS
Msfs.SYS fffff800`bb9c6000 fffff800`bb9d2000 0x0000c000 0x5215f8a8 22/08/2013 12:40:24 pm Microsoft® Windows® Operating System Mailslot driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\Msfs.SYS
tdx.sys fffff800`bb9d2000 fffff800`bb9f2000 0x00020000 0x5215f7c2 22/08/2013 12:36:34 pm Microsoft® Windows® Operating System TDI Translation Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\tdx.sys
TDI.SYS fffff800`bb9f2000 fffff800`bba00000 0x0000e000 0x5215f855 22/08/2013 12:39:01 pm Microsoft® Windows® Operating System TDI Wrapper 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\TDI.SYS
ws2ifsl.sys fffff800`bb800000 fffff800`bb80b000 0x0000b000 0x5215f893 22/08/2013 12:40:03 pm Microsoft® Windows® Operating System Winsock2 IFS Layer 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\ws2ifsl.sys
netbt.sys fffff800`bba92000 fffff800`bbade000 0x0004c000 0x5215f7dd 22/08/2013 12:37:01 pm Microsoft® Windows® Operating System MBT Transport driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\netbt.sys
afd.sys fffff800`bbade000 fffff800`bbb70000 0x00092000 0x5387f4e5 30/05/2014 04:03:01 am Microsoft® Windows® Operating System Ancillary Function Driver for WinSock 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\afd.sys
pacer.sys fffff800`bbb70000 fffff800`bbb9a000 0x0002a000 0x545054ca 29/10/2014 03:45:30 am Microsoft® Windows® Operating System QoS Packet Scheduler 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\pacer.sys
vwififlt.sys fffff800`bbb9a000 fffff800`bbbb2000 0x00018000 0x53609ba2 30/04/2014 07:43:46 am Microsoft® Windows® Operating System Virtual WiFi Filter Driver 6.3.9600.17111 (winblue_gdr.140429-1523) Microsoft Corporation C:\WINDOWS\system32\drivers\vwififlt.sys
nm3.sys fffff800`bbbb2000 fffff800`bbbc1000 0x0000f000 0x4c102c5f 10/06/2010 01:05:51 am Microsoft Network Monitor 3 Driver Netmon -- NDIS 6.0 Monitoring Filter Driver 3.4.2350.0 Microsoft Corporation C:\WINDOWS\system32\drivers\nm3.sys
netbios.sys fffff800`bbbd2000 fffff800`bbbe3000 0x00011000 0x5450553b 29/10/2014 03:47:23 am Microsoft® Windows® Operating System NetBIOS interface driver 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\netbios.sys
rdbss.sys fffff800`bba00000 fffff800`bba70000 0x00070000 0x52affb72 17/12/2013 08:21:22 am Microsoft® Windows® Operating System Redirected Drive Buffering SubSystem Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\rdbss.sys
wanarp.sys fffff800`bba70000 fffff800`bba89000 0x00019000 0x545054c2 29/10/2014 03:45:22 am Microsoft® Windows® Operating System MS Remote Access and Routing ARP Driver 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\wanarp.sys
nsiproxy.sys fffff800`bbbe3000 fffff800`bbbf1000 0x0000e000 0x545054eb 29/10/2014 03:46:03 am Microsoft® Windows® Operating System NSI Proxy 6.3.9600.17415 (winblue_r4.141028-1500) Microsoft Corporation C:\WINDOWS\system32\drivers\nsiproxy.sys
npsvctrig.sys fffff800`bbbf1000 fffff800`bbbfd000 0x0000c000 0x5215f82e 22/08/2013 12:38:22 pm Microsoft® Windows® Operating System Named pipe service triggers 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\npsvctrig.sys
mssmbios.sys fffff800`bafdb000 fffff800`bafe7000 0x0000c000 0x5215f87d 22/08/2013 12:39:41 pm Microsoft® Windows® Operating System System Management BIOS Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\mssmbios.sys
dfsc.sys fffff800`ba600000 fffff800`ba626000 0x00026000 0x53183e6a 06/03/2014 10:22:50 am Microsoft® Windows® Operating System DFS Namespace Client Driver 6.3.9600.17041 (winblue_gdr.140305-1710) Microsoft Corporation C:\WINDOWS\system32\drivers\dfsc.sys
ahcache.sys fffff800`bbc64000 fffff800`bbc7d000 0x00019000 0x550b7e3a 20/03/2015 02:56:10 am Microsoft® Windows® Operating System Application Compatibility Cache 6.3.9600.17734 (winblue_r9.150319-1700) Microsoft Corporation C:\WINDOWS\system32\drivers\ahcache.sys
loop.sys fffff800`bbc87000 fffff800`bbc91000 0x0000a000 0x5215f841 22/08/2013 12:38:41 pm Microsoft® Windows® Operating System Loopback Network Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\loop.sys
CompositeBus.sys fffff800`bbca3000 fffff800`bbcb2000 0x0000f000 0x5215f848 22/08/2013 12:38:48 pm Microsoft® Windows® Operating System Multi-Transport Composite Bus Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\CompositeBus.sys
kdnic.sys fffff800`bbcb2000 fffff800`bbcbd000 0x0000b000 0x5215f832 22/08/2013 12:38:26 pm Microsoft Kernel Debugger Network Adapter (NDIS 6.20 Miniport) Microsoft Kernel Debugger Network Miniport 6.01.00.0000 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\kdnic.sys
umbus.sys fffff800`bbcbd000 fffff800`bbcce000 0x00011000 0x5215f853 22/08/2013 12:38:59 pm Microsoft® Windows® Operating System User-Mode Bus Enumerator 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\umbus.sys
amdppm.sys fffff800`bbcce000 00001780`bbcec000 0x00001f800001e000 0x5215cfea 22/08/2013 09:46:34 am Microsoft® Windows® Operating System Processor Device Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\amdppm.sys
HDAudBus.sys fffff800`bcb79000 fffff800`bcb92000 0x00019000 0x53d0f1e3 24/07/2014 12:45:39 pm Microsoft® Windows® Operating System High Definition Audio Bus Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\HDAudBus.sys
vwifibus.sys fffff800`bcc00000 fffff800`bcc0d000 0x0000d000 0x5215f854 22/08/2013 12:39:00 pm Microsoft® Windows® Operating System Virtual WiFi Bus Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\vwifibus.sys
USBXHCI.SYS fffff800`bcc0d000 fffff800`bcc62000 0x00055000 0x5527309b 10/04/2015 03:08:27 am Microsoft® Windows® Operating System USB XHCI Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\USBXHCI.SYS
ucx01000.sys fffff800`bcbb4000 fffff800`bcbe6000 0x00032000 0x54337387 07/10/2014 06:00:55 am Microsoft® Windows® Operating System USB Controller Extension 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\ucx01000.sys
usbohci.sys fffff800`bcc62000 fffff800`bcc6f000 0x0000d000 0x5215f86f 22/08/2013 12:39:27 pm Microsoft® Windows® Operating System OHCI USB Miniport Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\usbohci.sys
USBPORT.SYS fffff800`bbe0e000 fffff800`bbe7d000 0x0006f000 0x53897701 31/05/2014 07:30:25 am Microsoft® Windows® Operating System USB 1.1 & 2.0 Port Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\USBPORT.SYS
usbehci.sys fffff800`bbd8b000 fffff800`bbda3000 0x00018000 0x538976e2 31/05/2014 07:29:54 am Microsoft® Windows® Operating System EHCI eUSB Miniport Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\usbehci.sys
i8042prt.sys fffff800`bbda3000 fffff800`bbdc2000 0x0001f000 0x5458783e 04/11/2014 07:54:54 am Microsoft® Windows® Operating System i8042 Port Driver 6.3.9600.16384 (winblue_rtm.130821-1623) Microsoft Corporation C:\WINDOWS\system32\drivers\i8042prt.sys
USBD.SYS fffff800`bd16d000 fffff800`bd179000 0x0000c000 0x53897735 31/05/2014 07:31:17 am Microsoft® Windows® Operating System Universal Serial Bus Driver 6.3.9600.17195 (winblue_gdr.140530-1506) Microsoft Corporation C:\WINDOWS\system32\drivers\USBD.SYS
kbdclass.sys fffff800`bd179000 fffff800`bd18b000 0x00012000 0x5458783e 04/11/2014 07:54:54 am Microsoft® Windows® Operating System Keyboard Class Driver 6.3.9600.16384 (winblue_rtm.130821-1623)
...

[クリップしたメッセージ]  



-- 
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844



--
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844



--
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844