Hello. I've recently noticed strange issues when I restart my computer. I looked through the event logs and found something under system saying that remote calls to the SAM database were being restricted. No other information than that. Even though I just noticed the event a few days ago, according to Event Viewer it's been happening every restart since April 11th, which is also the first restart since downloading this month's Windows updates.
The Windows Malicious Software Removal Tool install failed according to update history, but it did download and run. Error Report says it crashed, and has crashed numerous times since even though it ran completely and seemed to close without problem. According to MRT's log, it's up to date and has run several times since, all reporting clean scans, but I'm not sure why it's running multiple times a week instead of once.
I googled the event ID (16962), Microsoft's website says it happens when a remote unauthorized attempt to log onto Windows Server (I'm on Windows 8.1). The thing is, I'm not running any version Windows Server. Another strange thing is that at the time of the event, I have no network connectivity, router/wifi is off so I'm not sure how anything remote can be attempting to log in. It happens during the boot, according to the time before I even log into the computer.
I've scanned with Malwarebytes, Malwarebytes Anti-Rootkit, HitmanPro, McAfee, Rkill, RogueKiller, Sophos, and all of them come up clean. My anti-virus/firewall is working, and I've been monitoring traffic with CurrPorts and not finding anything suspicious. I rarely download anything, a
I'm not sure if it's some well hidden infection, something gone wrong during the Windows update, a driver or service error, or what.
I hope someone here can give me some insight and help. I also hope this is the correct section to post, if not, please feel free to move it to the correct one.
Edited by quickq, 28 April 2017 - 06:57 PM.