Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with diagnosing a dos or ddos attack please


  • Please log in to reply
7 replies to this topic

#1 auto1571

auto1571

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 12 March 2015 - 05:46 PM

I am on a laptop right now but connected to my the Modem attatched to my desktop. However I went offline for two times in a row tonight. It happened on both laptop and desktop. I also have GlassWire installed and sometimes it keeps coming with an alert saying "dns address connection Broadcom 802.11n Network adpater was changed." Furthermore I sometimes have seen SYN Flood messages in my router logs. 

 

Also note that I am on about home user computer; not servers. The MiniToolBox Log is as follows:

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Jack (administrator) on 12-03-2015 at 22:29:50
Running from "C:\Users\Jack\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: RV420/RV520/RV720/E3530/S3530/E3420/E3520 Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http_port", 80

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
StrongVPN Adapter = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.177.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.162.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.191.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jack-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : StrongVPN Adapter
   Physical Address. . . . . . . . . : 00-FF-C0-CF-F6-15
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-11-32-C6-BF-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 90-A4-DE-AE-18-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a17e:3348:7ac7:12a1%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 March 2015 22:26:43
   Lease Expires . . . . . . . . . . : 12 March 2015 23:26:40
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 294692062
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FE-95-79-90-A4-DE-AE-18-EB
   DNS Servers . . . . . . . . . . . : 194.168.4.100
                                       194.168.8.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 90-A4-DE-6F-73-D5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {7CB90D58-5A9F-4B94-BC8F-3E981A72C29A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C0CFF615-8D06-4DE0-B705-DDCB1322AFBC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {8683D872-DD93-4220-A40D-4C862A062F21}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {166D95D1-5F6E-4AAD-A36A-5A6D4495A4E4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cache1.service.virginmedia.net
Address:  194.168.4.100

Name:    google.com
Addresses:  2a00:1450:4009:80c::200e
      62.253.72.167
      62.253.72.148
      62.253.72.172
      62.253.72.162
      62.253.72.157
      62.253.72.168
      62.253.72.182
      62.253.72.183
      62.253.72.158
      62.253.72.152
      62.253.72.163
      62.253.72.187
      62.253.72.177
      62.253.72.153
      62.253.72.173
      62.253.72.178


Pinging google.com [216.58.210.78] with 32 bytes of data:
Reply from 216.58.210.78: bytes=32 time=21ms TTL=55
Reply from 216.58.210.78: bytes=32 time=18ms TTL=55

Ping statistics for 216.58.210.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 21ms, Average = 19ms
Server:  cache1.service.virginmedia.net
Address:  194.168.4.100

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=197ms TTL=49
Reply from 206.190.36.45: bytes=32 time=195ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 195ms, Maximum = 197ms, Average = 196ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...00 ff c0 cf f6 15 ......StrongVPN Adapter
 15...e8 11 32 c6 bf 81 ......Realtek PCIe GBE Family Controller
 13...90 a4 de ae 18 eb ......Broadcom 802.11n Network Adapter
 12...90 a4 de 6f 73 d5 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    281
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    281 fe80::/64                On-link
 13    281 fe80::a17e:3348:7ac7:12a1/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2015 03:55:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
The system cannot find the file specified.
.

Error: (02/28/2015 03:21:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/28/2015 03:21:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/14/2015 05:43:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1870
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/14/2015 05:42:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x2214
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/05/2015 10:12:20 PM) (Source: vmauthd) (User: )
Description: Request by process 976 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 10:10:54 PM) (Source: vmauthd) (User: )
Description: Request by process 3184 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 10:05:38 PM) (Source: vmauthd) (User: )
Description: Request by process 7268 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 09:57:48 PM) (Source: vmauthd) (User: )
Description: Request by process 2604 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 09:54:41 PM) (Source: vmauthd) (User: )
Description: Request by process 6732 to open '\\.\VMCIDev\VMX': unrecognized pid


System errors:
=============
Error: (03/12/2015 04:32:16 PM) (Source: DCOM) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (03/12/2015 03:54:49 PM) (Source: DCOM) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (03/12/2015 03:43:37 PM) (Source: DCOM) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (03/12/2015 03:26:29 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x8007045b

Error: (03/12/2015 09:56:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3032323).

Error: (03/12/2015 09:56:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3033929).

Error: (03/12/2015 09:56:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3030377).

Error: (03/12/2015 09:41:56 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/12/2015 02:09:05 AM) (Source: DCOM) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)

Error: (03/11/2015 03:54:49 PM) (Source: DCOM) (User: Jack-PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jack-PCGuestS-1-5-21-489198973-519768537-2425427861-501LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (03/01/2015 03:55:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
The system cannot find the file specified.

Error: (02/28/2015 03:21:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jack\Downloads\esetsmartinstaller_enu.exe

Error: (02/28/2015 03:21:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jack\Downloads\esetsmartinstaller_enu.exe

Error: (02/14/2015 05:43:26 PM) (Source: Application Error)(User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425187001d0487daee86f31C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfa536ab2-b470-11e4-9ac3-90a4de6f73d5

Error: (02/14/2015 05:42:25 PM) (Source: Application Error)(User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425221401d048671f217139C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld5c54f8c-b470-11e4-9ac3-90a4de6f73d5

Error: (02/05/2015 10:12:20 PM) (Source: vmauthd)(User: )
Description: Request by process 976 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 10:10:54 PM) (Source: vmauthd)(User: )
Description: Request by process 3184 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 10:05:38 PM) (Source: vmauthd)(User: )
Description: Request by process 7268 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 09:57:48 PM) (Source: vmauthd)(User: )
Description: Request by process 2604 to open '\\.\VMCIDev\VMX': unrecognized pid

Error: (02/05/2015 09:54:41 PM) (Source: vmauthd)(User: )
Description: Request by process 6732 to open '\\.\VMCIDev\VMX': unrecognized pid


CodeIntegrity Errors:
===================================
  Date: 2014-07-29 18:03:48.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\Documents\System Analayses\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-29 18:03:48.405
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\Documents\System Analayses\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-11 23:25:42.368
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-11 23:25:42.306
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jack\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-11 23:25:41.558
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-11 23:25:41.496
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



=========================== Installed Programs ============================
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version:  - )
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.55 - Broadcom Corporation)
calibre (HKLM-x32\...\{3FABD0E8-EEEF-4BB9-BA19-2D73F5D8D3FA}) (Version: 1.46.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2728.0 - CyberLink Corp.)
Enforcer: Police Crime Action (HKLM-x32\...\Steam App 318220) (Version:  - Odin Game Studio)
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.38 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HostsMan 4.3.100 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.3.100.0 - abelhadigital.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.31.13 - Oracle Corporation) Hidden
KeyNote 1.6.5 (HKLM-x32\...\KeyNote_is1) (Version:  - )
LibreOffice 4.3.4.1 (HKLM-x32\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Server 5.1 (HKLM\...\{01FB752A-92D8-429A-8540-5A7838233443}) (Version: 5.1.72 - Oracle Corporation)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Online Support(S Service) (HKLM-x32\...\{E8336EA1-40A2-48A1-80E8-B78F9EEAB23F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Password Corral v4.0 (HKLM-x32\...\Password Corral v4.0_is1) (Version:  - Cygnus Productions)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
StrongVPN Client (HKLM-x32\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.4.0.7 - Black Oak Computers, Inc)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
tools-linux (x32 Version: 9.9.0.2305329 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.9.0.2305329 - VMware, Inc.) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
VMware Player (Version: 7.0.0 - VMware, Inc.) Hidden
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wireshark 1.12.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, http://www.wireshark.org)
Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version:  - Rob Caelers & Raymond Penners)
Wysigot (HKLM-x32\...\Wysigot_is1) (Version: 6.1 - Wysigot)

========================= Devices: ================================

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Device ID: ROOT\VMWARE\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Device ID: ROOT\VMWARE\0001
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 6057.55 MB
Available physical RAM: 3110.86 MB
Total Pagefile: 12113.28 MB
Available Pagefile: 8953.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3989.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:692.62 GB) (Free:568.81 GB) NTFS

========================= Users: ========================================

User accounts for \\JACK-PC

Administrator            Guest                    Jack                     

========================= Minidump Files ==================================

========================= Restore Points ==================================

04-03-2015 03:00:35 Windows Update
11-03-2015 17:30:55 Scheduled Checkpoint
12-03-2015 09:38:15 Windows Update

**** End of log ****
 

Thanks for your time.



BC AdBot (Login to Remove)

 


m

#2 JackCheng

JackCheng

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 PM

Posted 13 March 2015 - 02:27 AM

The denial of service (DoS) attack is statistically the most used malicious attack out of them all. This stems from the ease of use of the attack, as well as the alarming lethality. Literally anyone can bring down a website with a simple command prompt. The question is- how do you protect against an attack that can cripple your network or website in a matter of minutes?

Types of Denial of Service (DoS) Attack

If you are going to protect against an attack, you first have to know how it works. You must familiarize yourself with the different variations, methods, and plans of attacks that hackers use. Surprisingly, there are at least seven different classifications of denial of service (DoS) attacks known today.

Ping Flood

The most basic of attacks is the ping flood attack. It relies on the ICMP echo command, more popularly known as ping . In legitimate situations the ping command is used by network administrators to test connectivity between two computers. In the ping flood attack, it is used to flood large amounts of data packets to the victim’s computer in an attempt to overload it. You can see an example of the ping flood attack below.

ping-flood.gif

Two Exploitable Commands Using Ping
  • 1. The –n command tells the prompt to send the request a specified amount of times. The default is four packets, but we sent five.

     

  • 2. The –l command tells the prompt how much data to send for each packet. The maximum is 65,500 bytes, while the default is just 32.

This type of attack is generally useless on larger networks or websites. This is because only one computer is being used to flood the victim’s resources. If we were to use a group of computers, then the attack would become a distributed denial of service (DoS) attack, or DDoS.

The most common cure to the ping flood attack is to simply ban the IP address from accessing your network. A distributed denial of service (DoS) attack is a bit more complex, but we will take a look at them later on.

Ping of Death

The ping of death attack, or PoD, can cripple a network based on a flaw in the TCP/IP system. The maximum size for a packet is 65,535 bytes. If one were to send a packet larger than that, the receiving computer would ultimately crash from confusion.

Sending a ping of this size is against the rules of the TCP/IP protocol, but hackers can bypass this by cleverly sending the packets in fragments. When the fragments are assembled on the receiving computer, the overall packet size is too great. This will cause a buffer overlflow and crash the device.

ping-of-death.jpg

Luckily, most devices created after 1998 are immune to this kind of attack. If you are running a network with outdated devices this will indeed be a possible threat to your network. In this case, upgrade your devices if possible.

Smurf / Smurfing

When conducting a smurf attack, attackers will use spoof their IP address to be the same as the victim’s IP address. This will cause great confusion on the victim’s network, and a massive flood of traffic will be sent to the victim’s networking device, if done correctly.

Most firewalls protect against smurf attacks, but if you do notice one, there are several things you can do. If you have access to the router your network or website is on, simply tell it to not forward packets to broadcast addresses. In a Cisco router, simply use the command: no ip directed-broadcast.

This won’t necessarily nullify the smurf attack, but it will greatly reduce the impact and also prevent your network or website from attacking others by passing on the attack. Optionally, you could upgrade your router to newer Cisco routers, which automatically filter out the spoofed IP addresses that smurf attacks rely on.

Fraggle

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

If indeed you think you are being plagued by a fraggle attack, simply block the echo port, located at port 7. You may also wish to block port 19, which is another commonly used fraggle exploitable port. This attack is generally less powerful than the smurf attack, since the TCP protocol is much more widely used than the UDP protocol.

SYN Flood

The SYN flood attack takes advantage of the TCP three-way handshake. This method operates two separate ways. Both methods attempt to start a three-way handshake, but not complete it. You can view the proper three-way handshake below.

syn-flood.jpg

The first attack method can be achieved when the attacker sends a synchronize request, or SYN, with a spoofed IP address. When the server tries to send back a SYN-ACK request, or synchronize-acknowledge request, it will obviously not get a response. This means that the server never obtains the client’s ACK request, and resources are left half-open.

Alternatively, the attacker can just choose to not send the acknowledgement request. Both of these methods stall the server, who is patiently waiting for the ACK request. Thankfully, this hole in the three-way handshake has been patched for years, just like the ping of death attack. Should you suspect that your older devices are the subject of this attack, upgrade them immediately.

Teardrop

In the teardrop attack, packet fragments are sent in a jumbled and confused order. When the receiving device attempts to reassemble them, it obviously won’t know how to handle the request. Older versions of operating systems will simply just crash when this occurs.

Operating systems such as Windows NT, Windows 95, and even Linux versions prior to version 2.1.63 are vulnerable to the teardrop attack. As stated earlier, upgrading your network hardware and software is the best way to stay secure from these types of attacks.

Distributed Denial of Service (DDoS)

This is by far the most deadly of all denial of service (DoS) attacks, since an easy fix is hard to come by. Instead of just installing the latest hardware and software, network administrators will usually need extra help with these types of attacks.

A distributed denial of service (DoS) attack, or DDoS, is much like the ping flood method, only multiple computers are being used. In this instance, the computers that are being used may or may not be aware of the fact that they are attacking a website or network. Trojans and viruses commonly give the hacker control of a computer, and thus, the ability to use them for attack. In this case the victim computers are called zombies.

distributed-denial-of-service.jpg

A DDoS attack is very tough to overcome. The first thing to do is to contact your hosting provider or internet service provider, depending on what is under attack. They will usually be able to filter out the bulk of the traffic based on where it’s coming from. For more large-scale attacks, you’ll have to become more creative.

If you have access to your router, and are running a Cisco brand, enter the following command into your router command prompt: No ip verify unicast reverse-path.

This will ensure that attackers can’t spoof their IP address. This will still be a problem for zombie computers however, since those IP addresses aren’t spoofed at all. In this case, you can do one of several things.

Options in DDoS Prevention
  • 1. Hire a security company to assess and repair the damage

     

  • 2. Buy an intrusion detection system (IDS) ,For example, Ax3soft Sax2

As a last resort, the traffic can be routed to a sink hole, which will route all traffic elsewhere until a solution can be obtained. This will route good traffic and bad traffic- so this is usually not a good choice.

Closing Comments

As you can tell, the majority of denial of service (DoS) attacks can be prevented through simply upgrading to the latest hardware and software. In the case of distributed denial of service (DoS) attacks, we have less simplistic options to work with.

Even giants such as Microsoft have fallen victim to the DoS attack. Generally, it’s a good idea to not make many enemies- and keep a sharp watch on your network at all times. And in the event that you do track an attacker down, keep two things in mind. First, it may be a spoofed IP address, and thus, a false lead. Second, never attack back. Simply contact the authorities and wait for the justice system to do its work.



#3 auto1571

auto1571
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 13 March 2015 - 10:56 AM

Thank you for that informative post that I will read accordingly. But what information can you gather from what I have posted?

 

Thanks.



#4 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 13 March 2015 - 02:39 PM

the SYN flood thing, did your router just log them or did they respond? Because most routers aren't setup to respond. So unless you've changed that I wouldn't worry about it.

 

I would unplug your modem, reset your router, forget the wireless networks saved on your laptop, uninstall the wireless from device manager, flush the DNS, and plug it all back in.

 

Reset the router - there is a recessed button somewhere, normally near the power plug, a pen can reach it. Push and hold it for like 10 seconds then release it. surf in on the PC(not the laptop) to change the admin username and password(to something new), setup the wireless, and wireless security(to something new). Yes it will be a pain to re-enter a new password on other devices but I'd not make it the same as it was before the reset. Then unplug the router after it's all saved.

 

All of this is on the laptop

 

Forget wireless networks - open Network and Sharing, on the left will be Manage wireless networks click it, click your wireless network in the list and Remove at the top.

 

uninstall the wireless from Device Manager - Open Device Manager(windows key + pause/break, click DM on left), click the arrow by Network, right click the wireless, click uninstall, and Click OK.

 

do this on the desktop too

 

flush the DNS - click the windows button, type cmd in the search, right click cmd in the list, and click run as admin. In the box type ipconfig /flushdns and hit Enter

 

Reboot the laptop and desktop. While they are rebooting, plug the modem in and wait for the lights to settle. Then plug the router in and let the lights settle. Once it's all back up do the do to get online.

 

 

 

 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#5 auto1571

auto1571
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 13 March 2015 - 04:16 PM

 

the SYN flood thing, did your router just log them or did they respond? Because most routers aren't setup to respond. So unless you've changed that I wouldn't worry about it.

 

 

 

I am not quite sure what you mean by responding. All I did was go into the ISP gateway site, checked logs and once saw something about  a Syn flood somewhere underneath the Description tab.

 

 

 

I would unplug your modem, reset your router, forget the wireless networks saved on your laptop, uninstall the wireless from device manager, flush the DNS, and plug it all back in.

 

Reset the router - there is a recessed button somewhere, normally near the power plug, a pen can reach it. Push and hold it for like 10 seconds then release it. surf in on the PC(not the laptop) to change the admin username and password(to something new), setup the wireless, and wireless security(to something new). Yes it will be a pain to re-enter a new password on other devices but I'd not make it the same as it was before the reset. Then unplug the router after it's all saved.

 

 

 

It's a Modem and router combined I think as it's just one hardware device that connect to the desktop computer.

 

 

 

(windows key + pause/break, click DM on left)

 

 

 

I do not really understand this but I do know how to access the device manager on the Laptop if that's what your getting at.

 

 

 

Forget wireless networks - open Network and Sharing, on the left will be Manage wireless networks click it, click your wireless network in the list and Remove at the top.

 

 

 

Remove what exactly? I have a lot of networks listed. Should I just remove all of them? Also I will still be able to get connected to my home computer right?

 

 

 

uninstall the wireless from Device Manager - Open Device Manager(windows key + pause/break, click DM on left), click the arrow by Network, right click the wireless, click uninstall, and Click OK.

 

 

 

Again I will still be able to connect to my home computer right after doing this?

 

 

Sorry to ask so many questions but I just want to be completely clear.

 

Thanks for your time.



#6 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 13 March 2015 - 04:49 PM

 

 

the SYN flood thing, did your router just log them or did they respond? Because most routers aren't setup to respond. So unless you've changed that I wouldn't worry about it.

 

 

 

I am not quite sure what you mean by responding. All I did was go into the ISP gateway site, checked logs and once saw something about  a Syn flood somewhere underneath the Description tab.

 

Your device is seeing them and dropping them so don't worry about it.

 

 

 

I would unplug your modem, reset your router, forget the wireless networks saved on your laptop, uninstall the wireless from device manager, flush the DNS, and plug it all back in.

 

Reset the router - there is a recessed button somewhere, normally near the power plug, a pen can reach it. Push and hold it for like 10 seconds then release it. surf in on the PC(not the laptop) to change the admin username and password(to something new), setup the wireless, and wireless security(to something new). Yes it will be a pain to re-enter a new password on other devices but I'd not make it the same as it was before the reset. Then unplug the router after it's all saved.

 

 

 

It's a Modem and router combined I think as it's just one hardware device that connect to the desktop computer.

 

Ok.

 

 

 

(windows key + pause/break, click DM on left)

 

 

 

I do not really understand this but I do know how to access the device manager on the Laptop if that's what your getting at.

 

It's a keyboard shortcut. If you can get there it's fine.

 

 

 

Forget wireless networks - open Network and Sharing, on the left will be Manage wireless networks click it, click your wireless network in the list and Remove at the top.

 

 

 

Remove what exactly? I have a lot of networks listed. Should I just remove all of them? Also I will still be able to get connected to my home computer right?

 

If you want to remove them all that's fine. All you're doing is removing the saved password so when you connect again you'll have to enter the password again

 

 

 

uninstall the wireless from Device Manager - Open Device Manager(windows key + pause/break, click DM on left), click the arrow by Network, right click the wireless, click uninstall, and Click OK.

 

 

 

Again I will still be able to connect to my home computer right after doing this?

 

If you do that then the other stuff and reboot it should reinstall the drivers. It just refreshes them. 

 

 

Sorry to ask so many questions but I just want to be completely clear.

 

Thanks for your time.

 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#7 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 19 March 2015 - 09:04 PM

Hackers doing their usual ip range & port syn/ack scanning.



#8 auto1571

auto1571
  • Topic Starter

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 22 March 2015 - 07:53 AM

Thank you all. Everything is now fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users