Jump to content

erubbick

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes the Trial version was enabled while MBAM was installed and there was no malware found or removed. Thank you very much 1PW this is the text logs results: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-05-2016 Ran by Administrator (administrator) on WIN-UZZ5QO7CRZC (04-05-2016 01:38:27) Running from C:\Users\Administrator\Downloads Loaded Profiles: Administrator (Available Profiles: admin-backup & Administrator) Platform: Microsoft® Windows® Web Server 2008 Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (FileZilla Project) C:\Program Files\FileZilla Server\FileZilla server.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Alt-N Technologies, Ltd.) C:\MDaemon\App\MDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Alt-N Technologies, Ltd.) C:\MDaemon\App\CFEngine.exe (Alt-N Technologies, Ltd.) C:\MDaemon\WorldClient\WorldClient.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe (Alt-N Technologies, Ltd.) C:\MDaemon\WebAdmin\WebAdmin.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Alt-N Technologies LTD) C:\MDaemon\SpamAssassin\MDSpamD.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (SmartSync Software) C:\Program Files\SmartSync Software\SmartSync Pro 4\SmartSync.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE (FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe (SmartSync Software) C:\Program Files\SmartSync Software\SmartSync Pro 4\SmSrvc.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Alt-N Technologies, Ltd.) C:\MDaemon\App\MDaemon.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (The PHP Group) C:\Program Files\PHP\php-cgi.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2011-09-30] (Sun Microsystems, Inc.) HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.) HKLM\...\Run: [FileZilla Server Interface] => C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project) HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 HKU\S-1-5-21-4239682230-3492843484-3314453032-500\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [102400 2011-11-20] (Apache Software Foundation) Lsa: [Notification Packages] scecli RASSFM Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2012-01-24] ShortcutTarget: SQL Server.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{64CF9D91-34E4-4914-907D-416A921019CF}: [DhcpNameServer] 10.100.0.100 Tcpip\..\Interfaces\{67E94540-FD41-41E4-834C-7594B6AE1455}: [NameServer] 216.98.128.160,216.98.138.160 Internet Explorer: ================== BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2011-11-08] (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wutzf5je.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-16] () FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll [2011-11-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll [2011-11-08] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-17] [not signed] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [22016 2008-01-19] (Microsoft Corporation) R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed] R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation) R2 MDaemon; C:\MDaemon\APP\MDAEMON.EXE [6841112 2015-06-18] (Alt-N Technologies, Ltd.) [File not signed] S2 MongoDB; C:\Program Files\MongoDB 2.6 Standard\bin\mongod.exe [14719488 2014-05-05] () [File not signed] S4 MSFTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation) R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256 2008-07-10] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [40999448 2008-07-09] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8957 2013-09-24] () [File not signed] R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1106968 2008-07-10] (Microsoft Corporation) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [78336 2009-04-11] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [13312 2008-01-19] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-09] (Microsoft Corporation) R2 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [74752 2011-11-20] (Apache Software Foundation) [File not signed] R2 WebAdmin; C:\MDaemon\WebAdmin\WebAdmin.exe [215320 2015-06-18] (Alt-N Technologies, Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ioatdma; C:\Windows\system32\drivers\qd26032.sys [31232 2008-01-19] (Intel Corporation) S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [88632 2008-01-19] (Microsoft Corporation) R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed] S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X] S4 s3cap; \SystemRoot\system32\drivers\s3cap.sys [X] S0 storflt; system32\drivers\storflt.sys [X] S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-04 01:38 - 2016-05-04 01:38 - 00010692 _____ C:\Users\Administrator\Downloads\FRST.txt 2016-05-04 01:38 - 2016-05-04 01:38 - 00000000 ____D C:\FRST 2016-05-04 01:37 - 2016-05-04 01:36 - 01728000 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe 2016-05-04 00:39 - 2016-05-04 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\2 2016-05-03 23:16 - 2016-05-03 23:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-2.1.1.1001.exe 2016-05-03 23:15 - 2016-05-03 23:15 - 00000000 _____ C:\Users\Administrator\Downloads\mbam-clean-2_1_1_1001_exe.jefl248.partial 2016-05-03 19:45 - 2016-05-03 19:36 - 00721791 ____N C:\Users\Administrator\AppData\Local\Temp\_iu14D2N.tmp 2016-04-18 16:47 - 2016-05-04 00:00 - 00000000 ____D C:\Users\Administrator\Desktop\Respaldo App 02 de Abril 2016 2016-04-15 00:16 - 2016-04-15 00:16 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\Erick Rangel.bmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-04 01:35 - 2008-01-19 06:38 - 00002336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-04 01:35 - 2008-01-19 06:38 - 00002336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-04 00:34 - 2008-01-19 04:41 - 00000000 ____D C:\Windows\system32\inetsrv 2016-05-04 00:32 - 2008-01-19 06:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-04 00:31 - 2008-01-19 06:51 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-03 23:49 - 2014-04-24 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EditPlus 3 2016-04-26 09:49 - 2016-04-02 13:06 - 00000000 ____D C:\Users\Administrator\Desktop\Config Daemon 2016-04-18 11:34 - 2008-01-19 04:40 - 00000000 ____D C:\Windows\inf 2016-04-18 11:34 - 2008-01-19 03:56 - 00973458 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-15 00:16 - 2015-01-05 21:39 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\jeorozco.bmp 2016-04-15 00:16 - 2012-01-17 04:44 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp 2016-04-15 00:16 - 2012-01-16 18:25 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\admin-backup.bmp 2016-04-07 12:07 - 2014-09-01 20:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2015-05-04 11:36 - 2016-05-04 01:35 - 0001356 _____ () C:\Users\Administrator\AppData\Local\d3d9caps.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-04 00:43 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-05-2016 Ran by Administrator (2016-05-04 01:39:14) Running from C:\Users\Administrator\Downloads Microsoft® Windows® Web Server 2008 Service Pack 2 (X86) (2012-01-17 09:36:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin-backup (S-1-5-21-4239682230-3492843484-3314453032-1000 - Administrator - Enabled) => C:\Users\admin-backup Administrator (S-1-5-21-4239682230-3492843484-3314453032-500 - Administrator - Enabled) => C:\Users\Administrator Erick Rangel (S-1-5-21-4239682230-3492843484-3314453032-1022 - Administrator - Enabled) Guest (S-1-5-21-4239682230-3492843484-3314453032-501 - Limited - Disabled) IUSR_WIN-UZZ5QO7CRZC (S-1-5-21-4239682230-3492843484-3314453032-1001 - Limited - Enabled) jeorozco (S-1-5-21-4239682230-3492843484-3314453032-1018 - Administrator - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version: - ) AspPDF (HKLM\...\AspPDF) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) EditPlus 3 (HKLM\...\EditPlus 3) (Version: - ES-Computing) EMS SQL Manager 2007 for MySQL (HKLM\...\{11F7CDC1-2E99-413E-BF08-CABDA5436448}) (Version: 4.4.0.5 - EMS) FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project) IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation) iisnode for iis 7.x (x86) full (HKLM\...\{B1A92D0F-EBD5-4691-94F4-73C2ED4EC30E}) (Version: 0.2.11.0 - Microsoft Corporation) iisnode for iis 7.x dev package (HKLM\...\{5076E909-A669-4B8B-9FF9-A0F4A401EE4B}) (Version: 0.2.2.0 - Microsoft Corporation) Java(TM) 7 Update 2 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle) Java(TM) SE Development Kit 7 Update 2 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle) JavaFX 2.0.2 (HKLM\...\{1111706F-666A-4037-7777-202328764D10}) (Version: 2.0.2 - Oracle Corporation) JavaFX 2.0.2 SDK (HKLM\...\{2222706F-666A-4037-7777-202328764D10}) (Version: 2.0.2 - Oracle Corporation) MDaemon Server (HKLM\...\MDaemon Server) (Version: 15.0.3 - Alt-N Technologies) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation) Microsoft FrontPage Server Extensions 2002 for Windows Server 2008 (HKLM\...\{901D0409-6000-11D3-8CFE-005004830000}) (Version: 10.0.6819.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Books Online (English) (HKLM\...\{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Policies (HKLM\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 (x86) (HKLM\...\{C89B00A2-B72A-4935-96FC-38796E9554EC}) (Version: 2.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.21228 - Microsoft Corporation) Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation) Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation) MongoDB 2.6.1 (HKLM\...\{2B8738BA-B300-4CEE-B715-8B6C228088ED}) (Version: 2.6.1 - MongoDB) Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MySQL Server 5.5 (HKLM\...\{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}) (Version: 5.5.20 - Oracle Corporation) Node.js (HKLM\...\{CC272FC2-82D8-41BC-A670-878B0BE1A5FC}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors) Node.js (HKLM\...\{CDF1E1B0-0DBB-44CA-A174-64C5C0F50BE8}) (Version: 0.10.28 - Joyent, Inc. and other Node contributors) PHP 5.3.9 (HKLM\...\{95505508-5E3F-40D6-A1EA-008C75886E21}) (Version: 5.3.9 - The PHP Group) PowerISO (HKLM\...\PowerISO) (Version: - ) Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation) SmartSync Pro 4 (HKLM\...\SmartSync Pro 4) (Version: - ) Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation) WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E3992E5-AB7A-4EA3-B4FA-04098C043045} - System32\Tasks\SmartSync Pro 4-Administrator => C:\Program Files\SmartSync Software\SmartSync Pro 4\SmartSync.exe [2013-07-23] (SmartSync Software) Task: {10EB8BF5-F487-46FA-8DEE-35BF685EF740} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2009-04-11] (Microsoft Corporation) Task: {598F6221-D085-428D-B237-EB38360A56C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {D44C5CE6-3F4D-4E97-BE81-7F3ABC2AA22F} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2008-01-19] (Microsoft Corporation) Task: {F15BEA5A-B081-4BB5-9944-0B4DF4B11093} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2009-04-11] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat" ==================== Loaded Modules (Whitelisted) ============== 2012-01-17 04:15 - 2015-06-18 23:12 - 00169752 _____ () C:\MDaemon\App\MDBis.dll 2011-12-16 23:20 - 2011-12-16 23:20 - 08176640 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe 2016-04-02 13:46 - 2016-04-02 13:46 - 00032868 ____R () C:\Windows\TEMP\pdk-SYSTEM\59ec72304cd0a6f42c23b6ede626dbda\Socket.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\b788af3f2dc826a1c843dd0b2fa25dab\Util.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024670 ____R () C:\Windows\TEMP\pdk-SYSTEM\a4ea8128a0f7f797f229686fd2ef7851\IO.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024676 ____R () C:\Windows\TEMP\pdk-SYSTEM\6e0bf8c8309757b152b4963a02f40410\Fcntl.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00061540 ____R () C:\Windows\TEMP\pdk-SYSTEM\1c91cdf48b877467aed81911e62764aa\POSIX.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00184414 ____R () C:\Windows\TEMP\pdk-SYSTEM\b490471868545008ca92d46ccfc8df89\re.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024681 ____R () C:\Windows\TEMP\pdk-SYSTEM\051c4a2b9d70987df4b661649d1bd257\HiRes.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00020590 ____R () C:\Windows\TEMP\pdk-SYSTEM\b0533cc1da84763b72b44e561663000c\Hostname.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00028774 ____R () C:\Windows\TEMP\pdk-SYSTEM\0d82089d76ce52aa5bdb3aee21d47a26\Socket6.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00020589 ____R () C:\Windows\TEMP\pdk-SYSTEM\7851c3be5e38e8c0228572d9e1bc1c62\Base64.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\f44866edbf9e6d9cf85773e9e88f3a59\Glob.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00041080 ____R () C:\Windows\TEMP\pdk-SYSTEM\5fa2d292423193a9ed68085792f76501\Parser.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM\d883a9ddf918c1198e02c650d2cc4b23\Encode.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00036964 ____R () C:\Windows\TEMP\pdk-SYSTEM\e6713c662e109352e31e1a3c23e02d07\Win32.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00032881 ____R () C:\Windows\TEMP\pdk-SYSTEM\73963741749293cae915d1397a88a515\API.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00118918 ____R () C:\Windows\TEMP\pdk-SYSTEM\db038481bf43425bfe17504114aee974\Registry.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00082048 ____R () C:\Windows\TEMP\pdk-SYSTEM\16a7db7a43320c5d9bfa5bddd7e85c71\WinError.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00020576 ____R () C:\Windows\TEMP\pdk-SYSTEM\ea3303b52aca96f0c7322ba084b4a9ad\Cwd.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\be884bcc90749ea5d0865e6580c0d55a\MD5.dll 2016-04-02 13:46 - 2016-04-02 13:46 - 00049267 ____R () C:\Windows\TEMP\pdk-SYSTEM\aefc0e00332821ce0c3d6b53f70bb654\SHA.dll 2012-01-17 04:09 - 2011-05-29 01:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2015-01-26 11:57 - 2013-07-23 18:28 - 00504520 _____ () C:\Program Files\SmartSync Software\SmartSync Pro 4\SspMenus.dll 2014-04-24 16:09 - 2014-03-26 05:54 - 00061480 _____ () C:\Program Files\EditPlus 3\eppshell.dll 2013-04-08 08:08 - 2013-03-15 03:13 - 00097792 _____ () C:\Program Files\PHP\LIBPQ.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-01-19 03:46 - 2016-04-20 13:28 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost127.0.0.1 services.altn.com127.0.0.1 service.altn.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4239682230-3492843484-3314453032-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: 216.98.128.160 - 216.98.138.160 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe FirewallRules: [SLSVC-In-TCP] => (Allow) C:\Windows\system32\slsvc.exe FirewallRules: [{5EE7B173-33F6-4B39-B2AA-89B73E9F8624}] => (Allow) LPort=80 FirewallRules: [{B5C85341-1286-4D80-8888-18EF39594C04}] => (Allow) LPort=80 FirewallRules: [{FDFAD646-8344-40F5-84D5-7D6B3E2CC858}] => (Allow) LPort=80 FirewallRules: [{897E9265-D4F4-4BF7-97C2-FCBF034A9A50}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [IIS-WebServerRole-FTP-In-TCP] => (Allow) %windir%\system32\inetsrv\inetinfo.exe FirewallRules: [{1712A31E-EFCE-48A6-95BB-2D7CBE16B7B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{18A193CE-C8AC-492C-83EB-E96071988124}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E21BA067-DD5C-464A-89E5-94E6FC835ECC}] => (Allow) C:\Windows\system32\slsvc.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2016 01:16:15 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:14 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:13 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:12 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:11 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:10 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:09 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:08 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:07 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] Error: (05/04/2016 01:16:06 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: ) Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155] System errors: ============= Error: (05/04/2016 01:35:57 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 01:35:57 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver HP LJ300-400 color M351-M451 PCL6 Class Driver required for printer NPI92811A (HP LaserJet 400 color M451dw) is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 01:35:56 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 01:35:55 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver Samsung Universal Print Driver 2 XPS required for printer !!RECEPCION!Samsung Universal Print Driver 2 XPS is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 01:35:54 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 01:35:54 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Driver HP Deskjet 3540 Series Class Driver required for printer HP5DF956 (HP Deskjet 3540 series) is unknown. Contact the administrator to install the driver before you log in again. Error: (05/04/2016 12:35:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: cdrom storflt Error: (05/04/2016 12:35:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MongoDB 2.6 Standard1 Error: (05/04/2016 12:35:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: MySQL Error: (05/04/2016 12:32:16 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 1) (User: NT AUTHORITY) Description: 0 CodeIntegrity: =================================== Date: 2016-05-03 19:38:01.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 15:21:02.125 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:20.178 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:20.112 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:20.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:19.994 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:19.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:57:19.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:43:52.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-03 14:43:52.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz Percentage of memory in use: 65% Total physical RAM: 2035.12 MB Available physical RAM: 710.14 MB Total Virtual: 4339.55 MB Available Virtual: 2776.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:209.01 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1CF870BD) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  2. Please help!! I really really messed up! I install Malwarebytes free version on a server (Windows server 2008) with MDaemon email server running and after installing it I notice several notifications of inbound type connections on port 25 was being blocked. So every mail trying to reach my server was refused. Then decide to uninstall Malwarebytes with the cleaning tool but still have the same problem. I already disable the windows firewall but still blocking all inbound connections. This is critical, I really appreciate any help. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.