Jump to content

Problems with port 25 after uninstalling Malwarebytes


Recommended Posts

Please help!!

I really really messed up!

I install Malwarebytes free version on a server (Windows server 2008) with MDaemon email server running and after installing it I notice several notifications of inbound type connections on port 25 was being blocked. So every mail trying to reach my server was refused. Then decide to uninstall Malwarebytes with the cleaning tool but still have the same problem. I already disable the windows firewall but still blocking all inbound connections. 

 

This is critical, I really appreciate any help.

 

Thanks.

Link to post
Share on other sites

Hello erubbick and :welcome:

Please read Diagnostic Logs and individually attach the 2 requested logs only from Log Set 1 in a reply to this thread.

Those diagnostic output text logs to be posted are FRST.txt and Addition.txt.  While MBAM was installed, was the Trial version ever enabled?  Was any malware removed with MBAM while it was installed?

Thank you.

Edited by 1PW
Link to post
Share on other sites

Yes the Trial version was enabled while MBAM was installed and there was no malware found or removed.

Thank you very much 1PW this is the text logs results:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-05-2016
Ran by Administrator (administrator) on WIN-UZZ5QO7CRZC (04-05-2016 01:38:27)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: admin-backup & Administrator)
Platform: Microsoft® Windows® Web Server 2008  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla server.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Alt-N Technologies, Ltd.) C:\MDaemon\App\MDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Alt-N Technologies, Ltd.) C:\MDaemon\App\CFEngine.exe
(Alt-N Technologies, Ltd.) C:\MDaemon\WorldClient\WorldClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe
(Alt-N Technologies, Ltd.) C:\MDaemon\WebAdmin\WebAdmin.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Alt-N Technologies LTD) C:\MDaemon\SpamAssassin\MDSpamD.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(SmartSync Software) C:\Program Files\SmartSync Software\SmartSync Pro 4\SmartSync.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe
(SmartSync Software) C:\Program Files\SmartSync Software\SmartSync Pro 4\SmSrvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Alt-N Technologies, Ltd.) C:\MDaemon\App\MDaemon.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(The PHP Group) C:\Program Files\PHP\php-cgi.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2011-09-30] (Sun Microsystems, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.)
HKLM\...\Run: [FileZilla Server Interface] => C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-4239682230-3492843484-3314453032-500\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [102400 2011-11-20] (Apache Software Foundation)
Lsa: [Notification Packages] scecli RASSFM
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2012-01-24]
ShortcutTarget: SQL Server.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{64CF9D91-34E4-4914-907D-416A921019CF}: [DhcpNameServer] 10.100.0.100
Tcpip\..\Interfaces\{67E94540-FD41-41E4-834C-7594B6AE1455}: [NameServer] 216.98.128.160,216.98.138.160

Internet Explorer:
==================
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2011-11-08] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wutzf5je.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-16] ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll [2011-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll [2011-11-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-17] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [22016 2008-01-19] (Microsoft Corporation)
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation)
R2 MDaemon; C:\MDaemon\APP\MDAEMON.EXE [6841112 2015-06-18] (Alt-N Technologies, Ltd.) [File not signed]
S2 MongoDB; C:\Program Files\MongoDB 2.6 Standard\bin\mongod.exe [14719488 2014-05-05] () [File not signed]
S4 MSFTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-19] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256 2008-07-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [40999448 2008-07-09] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8957 2013-09-24] () [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1106968 2008-07-10] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [78336 2009-04-11] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [13312 2008-01-19] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-09] (Microsoft Corporation)
R2 Tomcat7; C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [74752 2011-11-20] (Apache Software Foundation) [File not signed]
R2 WebAdmin; C:\MDaemon\WebAdmin\WebAdmin.exe [215320 2015-06-18] (Alt-N Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ioatdma; C:\Windows\system32\drivers\qd26032.sys [31232 2008-01-19] (Intel Corporation)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [88632 2008-01-19] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S4 s3cap; \SystemRoot\system32\drivers\s3cap.sys [X]
S0 storflt; system32\drivers\storflt.sys [X]
S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 01:38 - 2016-05-04 01:38 - 00010692 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-05-04 01:38 - 2016-05-04 01:38 - 00000000 ____D C:\FRST
2016-05-04 01:37 - 2016-05-04 01:36 - 01728000 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2016-05-04 00:39 - 2016-05-04 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2016-05-03 23:16 - 2016-05-03 23:16 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-2.1.1.1001.exe
2016-05-03 23:15 - 2016-05-03 23:15 - 00000000 _____ C:\Users\Administrator\Downloads\mbam-clean-2_1_1_1001_exe.jefl248.partial
2016-05-03 19:45 - 2016-05-03 19:36 - 00721791 ____N C:\Users\Administrator\AppData\Local\Temp\_iu14D2N.tmp
2016-04-18 16:47 - 2016-05-04 00:00 - 00000000 ____D C:\Users\Administrator\Desktop\Respaldo App 02 de Abril 2016
2016-04-15 00:16 - 2016-04-15 00:16 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\Erick Rangel.bmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 01:35 - 2008-01-19 06:38 - 00002336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-04 01:35 - 2008-01-19 06:38 - 00002336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-04 00:34 - 2008-01-19 04:41 - 00000000 ____D C:\Windows\system32\inetsrv
2016-05-04 00:32 - 2008-01-19 06:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-04 00:31 - 2008-01-19 06:51 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-03 23:49 - 2014-04-24 16:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EditPlus 3
2016-04-26 09:49 - 2016-04-02 13:06 - 00000000 ____D C:\Users\Administrator\Desktop\Config Daemon
2016-04-18 11:34 - 2008-01-19 04:40 - 00000000 ____D C:\Windows\inf
2016-04-18 11:34 - 2008-01-19 03:56 - 00973458 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 00:16 - 2015-01-05 21:39 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\jeorozco.bmp
2016-04-15 00:16 - 2012-01-17 04:44 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2016-04-15 00:16 - 2012-01-16 18:25 - 00031832 _____ C:\Users\Administrator\AppData\Local\Temp\admin-backup.bmp
2016-04-07 12:07 - 2014-09-01 20:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-05-04 11:36 - 2016-05-04 01:35 - 0001356 _____ () C:\Users\Administrator\AppData\Local\d3d9caps.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-04 00:43

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-05-2016
Ran by Administrator (2016-05-04 01:39:14)
Running from C:\Users\Administrator\Downloads
Microsoft® Windows® Web Server 2008  Service Pack 2 (X86) (2012-01-17 09:36:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin-backup (S-1-5-21-4239682230-3492843484-3314453032-1000 - Administrator - Enabled) => C:\Users\admin-backup
Administrator (S-1-5-21-4239682230-3492843484-3314453032-500 - Administrator - Enabled) => C:\Users\Administrator
Erick Rangel (S-1-5-21-4239682230-3492843484-3314453032-1022 - Administrator - Enabled)
Guest (S-1-5-21-4239682230-3492843484-3314453032-501 - Limited - Disabled)
IUSR_WIN-UZZ5QO7CRZC (S-1-5-21-4239682230-3492843484-3314453032-1001 - Limited - Enabled)
jeorozco (S-1-5-21-4239682230-3492843484-3314453032-1018 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
AspPDF (HKLM\...\AspPDF) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
EditPlus 3 (HKLM\...\EditPlus 3) (Version:  - ES-Computing)
EMS SQL Manager 2007 for MySQL (HKLM\...\{11F7CDC1-2E99-413E-BF08-CABDA5436448}) (Version: 4.4.0.5 - EMS)
FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
iisnode for iis 7.x (x86) full (HKLM\...\{B1A92D0F-EBD5-4691-94F4-73C2ED4EC30E}) (Version: 0.2.11.0 - Microsoft Corporation)
iisnode for iis 7.x dev package (HKLM\...\{5076E909-A669-4B8B-9FF9-A0F4A401EE4B}) (Version: 0.2.2.0 - Microsoft Corporation)
Java(TM) 7 Update 2 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (HKLM\...\{1111706F-666A-4037-7777-202328764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (HKLM\...\{2222706F-666A-4037-7777-202328764D10}) (Version: 2.0.2 - Oracle Corporation)
MDaemon Server (HKLM\...\MDaemon Server) (Version: 15.0.3 - Alt-N Technologies)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft FrontPage Server Extensions 2002 for Windows Server 2008 (HKLM\...\{901D0409-6000-11D3-8CFE-005004830000}) (Version: 10.0.6819.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Books Online (English) (HKLM\...\{3431A7A3-6287-46B0-8AF1-BE2452A1FE62}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Policies (HKLM\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x86) (HKLM\...\{C89B00A2-B72A-4935-96FC-38796E9554EC}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.21228 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation)
MongoDB 2.6.1 (HKLM\...\{2B8738BA-B300-4CEE-B715-8B6C228088ED}) (Version: 2.6.1 - MongoDB)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MySQL Server 5.5 (HKLM\...\{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}) (Version: 5.5.20 - Oracle Corporation)
Node.js (HKLM\...\{CC272FC2-82D8-41BC-A670-878B0BE1A5FC}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)
Node.js (HKLM\...\{CDF1E1B0-0DBB-44CA-A174-64C5C0F50BE8}) (Version: 0.10.28 - Joyent, Inc. and other Node contributors)
PHP 5.3.9 (HKLM\...\{95505508-5E3F-40D6-A1EA-008C75886E21}) (Version: 5.3.9 - The PHP Group)
PowerISO (HKLM\...\PowerISO) (Version:  - )
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
SmartSync Pro 4 (HKLM\...\SmartSync Pro 4) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E3992E5-AB7A-4EA3-B4FA-04098C043045} - System32\Tasks\SmartSync Pro 4-Administrator => C:\Program Files\SmartSync Software\SmartSync Pro 4\SmartSync.exe [2013-07-23] (SmartSync Software)
Task: {10EB8BF5-F487-46FA-8DEE-35BF685EF740} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2009-04-11] (Microsoft Corporation)
Task: {598F6221-D085-428D-B237-EB38360A56C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {D44C5CE6-3F4D-4E97-BE81-7F3ABC2AA22F} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2008-01-19] (Microsoft Corporation)
Task: {F15BEA5A-B081-4BB5-9944-0B4DF4B11093} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 04:15 - 2015-06-18 23:12 - 00169752 _____ () C:\MDaemon\App\MDBis.dll
2011-12-16 23:20 - 2011-12-16 23:20 - 08176640 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2016-04-02 13:46 - 2016-04-02 13:46 - 00032868 ____R () C:\Windows\TEMP\pdk-SYSTEM\59ec72304cd0a6f42c23b6ede626dbda\Socket.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\b788af3f2dc826a1c843dd0b2fa25dab\Util.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024670 ____R () C:\Windows\TEMP\pdk-SYSTEM\a4ea8128a0f7f797f229686fd2ef7851\IO.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024676 ____R () C:\Windows\TEMP\pdk-SYSTEM\6e0bf8c8309757b152b4963a02f40410\Fcntl.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00061540 ____R () C:\Windows\TEMP\pdk-SYSTEM\1c91cdf48b877467aed81911e62764aa\POSIX.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00184414 ____R () C:\Windows\TEMP\pdk-SYSTEM\b490471868545008ca92d46ccfc8df89\re.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024681 ____R () C:\Windows\TEMP\pdk-SYSTEM\051c4a2b9d70987df4b661649d1bd257\HiRes.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00020590 ____R () C:\Windows\TEMP\pdk-SYSTEM\b0533cc1da84763b72b44e561663000c\Hostname.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00028774 ____R () C:\Windows\TEMP\pdk-SYSTEM\0d82089d76ce52aa5bdb3aee21d47a26\Socket6.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00020589 ____R () C:\Windows\TEMP\pdk-SYSTEM\7851c3be5e38e8c0228572d9e1bc1c62\Base64.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\f44866edbf9e6d9cf85773e9e88f3a59\Glob.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00041080 ____R () C:\Windows\TEMP\pdk-SYSTEM\5fa2d292423193a9ed68085792f76501\Parser.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00032878 ____R () C:\Windows\TEMP\pdk-SYSTEM\d883a9ddf918c1198e02c650d2cc4b23\Encode.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00036964 ____R () C:\Windows\TEMP\pdk-SYSTEM\e6713c662e109352e31e1a3c23e02d07\Win32.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00032881 ____R () C:\Windows\TEMP\pdk-SYSTEM\73963741749293cae915d1397a88a515\API.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00118918 ____R () C:\Windows\TEMP\pdk-SYSTEM\db038481bf43425bfe17504114aee974\Registry.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00082048 ____R () C:\Windows\TEMP\pdk-SYSTEM\16a7db7a43320c5d9bfa5bddd7e85c71\WinError.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00020576 ____R () C:\Windows\TEMP\pdk-SYSTEM\ea3303b52aca96f0c7322ba084b4a9ad\Cwd.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00024679 ____R () C:\Windows\TEMP\pdk-SYSTEM\be884bcc90749ea5d0865e6580c0d55a\MD5.dll
2016-04-02 13:46 - 2016-04-02 13:46 - 00049267 ____R () C:\Windows\TEMP\pdk-SYSTEM\aefc0e00332821ce0c3d6b53f70bb654\SHA.dll
2012-01-17 04:09 - 2011-05-29 01:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-26 11:57 - 2013-07-23 18:28 - 00504520 _____ () C:\Program Files\SmartSync Software\SmartSync Pro 4\SspMenus.dll
2014-04-24 16:09 - 2014-03-26 05:54 - 00061480 _____ () C:\Program Files\EditPlus 3\eppshell.dll
2013-04-08 08:08 - 2013-03-15 03:13 - 00097792 _____ () C:\Program Files\PHP\LIBPQ.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-01-19 03:46 - 2016-04-20 13:28 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost127.0.0.1     services.altn.com127.0.0.1     service.altn.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4239682230-3492843484-3314453032-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 216.98.128.160 - 216.98.138.160
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) C:\Windows\system32\slsvc.exe
FirewallRules: [{5EE7B173-33F6-4B39-B2AA-89B73E9F8624}] => (Allow) LPort=80
FirewallRules: [{B5C85341-1286-4D80-8888-18EF39594C04}] => (Allow) LPort=80
FirewallRules: [{FDFAD646-8344-40F5-84D5-7D6B3E2CC858}] => (Allow) LPort=80
FirewallRules: [{897E9265-D4F4-4BF7-97C2-FCBF034A9A50}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [IIS-WebServerRole-FTP-In-TCP] => (Allow) %windir%\system32\inetsrv\inetinfo.exe
FirewallRules: [{1712A31E-EFCE-48A6-95BB-2D7CBE16B7B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{18A193CE-C8AC-492C-83EB-E96071988124}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E21BA067-DD5C-464A-89E5-94E6FC835ECC}] => (Allow) C:\Windows\system32\slsvc.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2016 01:16:15 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:14 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:13 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:12 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:11 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:10 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:09 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:08 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:07 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]

Error: (05/04/2016 01:16:06 AM) (Source: MSSQLSERVER) (EventID: 17836) (User: )
Description: Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 210.36.16.155]


System errors:
=============
Error: (05/04/2016 01:35:57 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 01:35:57 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP LJ300-400 color M351-M451 PCL6 Class Driver required for printer NPI92811A (HP LaserJet 400 color M451dw) is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 01:35:56 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Bullzip PDF Printer required for printer Bullzip PDF Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 01:35:55 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Samsung Universal Print Driver 2 XPS required for printer !!RECEPCION!Samsung Universal Print Driver 2 XPS is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 01:35:54 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 01:35:54 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP Deskjet 3540 Series Class Driver required for printer HP5DF956 (HP Deskjet 3540 series) is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/04/2016 12:35:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom
storflt

Error: (05/04/2016 12:35:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MongoDB 2.6 Standard1

Error: (05/04/2016 12:35:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: MySQL

Error: (05/04/2016 12:32:16 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 1) (User: NT AUTHORITY)
Description: 0


CodeIntegrity:
===================================
  Date: 2016-05-03 19:38:01.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 15:21:02.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:20.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:20.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:20.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:19.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:19.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:57:19.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:43:52.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 14:43:52.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 65%
Total physical RAM: 2035.12 MB
Available physical RAM: 710.14 MB
Total Virtual: 4339.55 MB
Available Virtual: 2776.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:209.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1CF870BD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

As you've said there was no malware files detected. According to you MBAM did block some IP addresses. Unless you have the log from the install then we have no evidence of what was or was not blocked.
By uninstalling our software it removes all ability to block any ports.

Your Event Logs do show quite a few errors including many for the following

MSSQLSERVER EventID: 17836 Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library

This article can help you to track down that client and research it more to see why it's giving that error.

https://sqlserverposts.wordpress.com/2013/08/20/error-17836-length-specified-in-network-packet-payload-did-not-match-number-of-bytes-read/


You also have the following errors being logged in the Event Logs.

Error: (05/04/2016 12:35:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MongoDB 2.6 Standard1

Error: (05/04/2016 12:35:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: MySQL

Error: (05/04/2016 12:32:16 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 1) (User: NT AUTHORITY)
Description: 0


Have you restarted the computer to see if the issue  remains?
Do you have a backup of the system to previous time before there was any issue.


I'm happy to try to assist you but by removing MBAM any blocking we were doing would have been removed as well.

Thank you

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.