Windows system32 drivers qlfcoei sys

In this article, I will cover the solution for SCCM OSD Error 0xc0000017 qlfcoei.sys. The error 0xc0000017 appears because the system does not have enough free RAM for the scratch partition required by the Boot Image.

During the operating system deployment, you can encounter several errors. Most of these errors appear with an error code and using that error code, you can find out the root cause. You can also use Configuration Manager error lookup tools to translate error codes to messages.

Recently, one of the users reported SCCM OSD error 0xc0000017. The error appeared on the hyper-v lab setup running Configuration Manager during a operating system deployment. The PXE client downloads the boot image and in few seconds it terminates with an error 0xc0000017 suggesting that hardware has changed and to reboot and try again. Note that since this happens outside WinPE, and therefore there are no logs to refer or troubleshoot this.

Install and Update Third Party Applications with Patch My PC

Картинка с сайта: www.prajwaldesai.com

Install and Update Third Party Applications with Patch My PC

If you encounter an error during task sequence progressing, you can review the smsts.log file. If the error appears even before the task sequence is initiated, it means the boot image has issues or there are network issues.

SCCM OSD Error 0xc0000017 qlfcoei.sys

During operating system deployment, if you come across SCCM error 0xc0000017 qlfcoei.sys, this post will help you. The SCCM OSD error code 0xc0000017 translates to there isn’t enough memory available to create a RAM disk device.

If you encounter error 0xc0000017, along with qlfcoei.sys, it is usually because the system does not have enough free RAM for the scratch partition required by the Boot Image.

SCCM OSD Error 0xc0000017 qlfcoei.sys

Картинка с сайта: www.prajwaldesai.com

SCCM OSD Error 0xc0000017 qlfcoei.sys

The qlfcoei.sys is a file located in Windows\System32\drivers folder. Typically, qlfcoei.sys errors manifest as a blue screen error (BSOD) and are caused by attempting to load a corrupt or missing Windows 64 bit device drivers, or having defective hardware associated with the driver.

Error Code 0xc0000017= There isn’t enough memory available to create a RAM disk device.

This error can be resolved by increasing the physical amount of RAM in the machine or virtual machine. At present, the scratch partition requires 500 MB+. Ensure your machine has at least 1 GB or more RAM before starting. UEFI/Windows 10 better represents this issue by simply reporting the issue as “not enough space to make a RAM disk drive”. I hope this helps.

Still Need Help?

If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.

Источник

Windows 10: What is QLFCOEI.SYS and how do I solve a 0X0000221

Discus and support What is QLFCOEI.SYS and how do I solve a 0X0000221 in Windows 10 Drivers and Hardware to solve the problem; Hi,
My win10 pro system with the follow (see pic) error message.

[img]

I tried to find QLFCOEI.SYS so as to identify its identity’ but failed. I…
Discussion in ‘Windows 10 Drivers and Hardware’ started by chermesh, Sep 23, 2017.

  1. What is QLFCOEI.SYS and how do I solve a 0X0000221

    Hi,
    My win10 pro system with the follow (see pic) error message.

    I tried to find QLFCOEI.SYS so as to identify its identity’ but failed. I can’t locate it.
    What’s wrong?

    :)

  2. it says i need an email program? were do i get it from?

    it tells me there is an email program needed that i dont have. were do i get it from

  3. What is a codec and how do i locate it on the internet in order to successfully install the proper codec for my windows 10 media player?

    Dear Microsoft Community,

    I cannot play my Microsoft Windows 10 Media Player due to a codec
    of which I’ve neither heard of nor are aware of its (function), applicable necessity
    as it (seemingly) applies to the proper performance of my
    Microsoft Windows 10 Media Player, of which, with much futility,
    I am trying to (first) locate it (the proper
    codec) and then with some anticipated success, configure, download,
    and/or sync it to my system for whatever plausible function
    I can achieve without further futile attempts or the
    risk     (like Russian roulette) of doing irreversible damage to my Desktop PC. Conclusively, thus far I see (unfortunately)
    no rhyme or reason for this Community interactive attempt at
    nothing, seeing as though my results have achieved just that,
    absolutely nothing!

    «Furiously Frustrated,»

    Mr.

  4. What is QLFCOEI.SYS and how do I solve a 0X0000221

    A google search turns up many hits.

    Here is one:
    What is qlfcoei.sys ? | System Explorer

  5. Thanks firebird,
    Your reference leads, even though not exclusively to a firm called QLogic (Contact Us For more information on Cavium’s products or services and Investor Relations ). Their home page shows a Support reference’ but when I try to reach it, it’s indicated and unsafe.
    I can’t identify a reference to QLogig in my system.

  6. What did you do to your PC before this problem start?

    Have you installed new hardware?

    We need to know much more to be able to help you! The .sys file in question is a miniport driver from QLogik.

    https://answers.microsoft.com/en-us/…3-71b984392990

Thema:

What is QLFCOEI.SYS and how do I solve a 0X0000221

  1. What is QLFCOEI.SYS and how do I solve a 0X0000221 — Similar Threads — QLFCOEI SYS solve

  2. How do I solve this?

    in Windows 10 Gaming

    How do I solve this?: I just sign in my microsoft account on my laptop and after I switch it off after sometime I switch it on and after switching on. The lockscreen appear after I press the lock creen the sign in button appear and I press it couple time it doesn’t work I even try recovery mode…

  3. How do I solve this?

    in Windows 10 Software and Apps

    How do I solve this?: I just sign in my microsoft account on my laptop and after I switch it off after sometime I switch it on and after switching on. The lockscreen appear after I press the lock creen the sign in button appear and I press it couple time it doesn’t work I even try recovery mode…

  4. how do I solve this??

    in Windows 10 Software and Apps

    how do I solve this??: My Windows Sandbox said failed to initialize and no mapping between account names and security IDs was done

    https://answers.microsoft.com/en-us/windows/forum/all/how-do-i-solve-this/cd1fe305-fcaf-4003-9a2f-45b57ca2c216

  5. how do i solve this

    in Windows 10 Gaming

    how do i solve this: everytime i turn off my pc all my files are gone and all my settings are gone, i also cant access most files and cant use the search bar, i cant log in to one drive as well…

  6. How do I solve this?

    in Windows 10 Software and Apps

    How do I solve this?: I have tried many ways, such as1. Using these codereg delete «HKLM\Software\Microsoft\Windows\CurrentVersion\Policies» /freg delete «HKLM\Software\Microsoft\WindowsSelfHost» /freg delete «HKLM\Software\Policies» /freg delete «HKLM\Software\WOW6432Node\Microsoft\Policies»…

  7. How do I solve this?

    in Windows 10 Gaming

    How do I solve this?: I have tried many ways, such as1. Using these codereg delete «HKLM\Software\Microsoft\Windows\CurrentVersion\Policies» /freg delete «HKLM\Software\Microsoft\WindowsSelfHost» /freg delete «HKLM\Software\Policies» /freg delete «HKLM\Software\WOW6432Node\Microsoft\Policies»…

  8. How Do I Solve This?

    in Windows 10 Gaming

    How Do I Solve This?: When I try to open this folder this pops up. I am not sure how to connect the disc/drive and for some reason It says that I am not connected to a network.

    https://answers.microsoft.com/en-us/windows/forum/all/how-do-i-solve-this/02d971ca-f039-4732-9ab6-c0742fe5ba84

  9. How do I solve this?

    in Windows 10 Software and Apps

    How do I solve this?: I was trying out some settings, and one of them was supposed to close. Now I’m stuck on a solid grey screen. My cursor still works, as well as my task manager, but I don’t know how to solve the issue….

  10. How do I solve this?

    in Windows 10 Ask Insider

    How do I solve this?: Okay so today I deleted my Manjaro Linux to switch back to Windows 10. When I try to run the installation from my bootable USB it tells me that:

    A media driver your computer needs is missing.

    I tried switching the port, checked the bios settings, but nothing seems to work….

Users found this page by searching for:

  1. qlfcoei.sys error installing windows 10

    ,

  2. qlfcoei.sys error code

    ,

  3. qlfcoei.sys

    ,

  4. error code 0x0000221

Источник

Sysnative Forums

Картинка с сайта: www.sysnative.com

  • Microsoft Support & Malware Removal

  • Windows Update

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Windows Server 2016 Standard Error Code 0x8024402f

  • Thread starter
    Thread starter

    ZeroEffect

  • Start date
    Start date

Joined
Jan 16, 2017
Posts
91




  • #1

Every time I run Windows Update I get this:

There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024402f)

I have run SFC:

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

I have run DISM:

C:\Windows\system32>Dism /Online /Cleanup-Image /RestoreHealth

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.0

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.

I have run SFCFix:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-06-12 11:23:04.940
Microsoft Windows Server 10 Build 14393 — amd64
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.

Failed to generate a complete zip file. Upload aborted.

SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-06-12 11:26:36.280
———————-EOF————————

Here are the CBS and DISM Log Files
View attachment CBS.zipView attachment dism.zip

Thank you

Joined
Oct 9, 2014
Posts
741




  • #2

Hello and welcome! Please attempt to install the updates again and attach CBS.log after the failure.

Joined
Jan 16, 2017
Posts
91




  • #3

Every time I click «Check for Updates» I get that message

Most current CBS.log has been attached above

Joined
Oct 9, 2014
Posts
741


Joined
Jan 16, 2017
Posts
91




  • #5

It is and still getting the error

Server was rebooted this morning at 5 am, just tried again and still getting the error

Both BITS and Windows Update Service are running

Joined
Oct 9, 2014
Posts
741




  • #6

Step#1 — FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case…the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Attachments


  • fixlist.txt

Joined
Jan 16, 2017
Posts
91




  • #7

Ran it and rebooted the server

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by tekadmin (13-06-2018 12:50:21) Run:1
Running from \\xxxxx\xxxxxx\xxxxxx\Desktop
Loaded Profiles: Admin & xxxxx & MSSQL$MICROSOFT##WID (Available Profiles: Admin & xxxxxx & xxxxxx & MSSQL$MICROSOFT##WID)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
EmptyTemp:
*****************


========= sc config trustedinstaller start=auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= net start trustedinstaller =========

The Windows Modules Installer service is starting.
The Windows Modules Installer service was started successfully.


========= End of CMD: =========


========= fsutil resource setautoreset true %SystemDrive%\ =========

The operation completed successfully.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\Config\TxR\* =========

C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y 
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========

Could Not Find C:\Windows\System32\SMI\Store\Machine\*.blf

========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========

Could Not Find C:\Windows\System32\SMI\Store\Machine\*.regtrans-ms

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7677125 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9248213 B
Edge => 0 B
Chrome => 0 B
Firefox => 215537142 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 128 B
admin => 7087347 B
xxxxxxx => 89100 B
xxxxxx => 54378272 B
MSSQL$MICROSOFT##WID => 0 B

RecycleBin => 60211 B
EmptyTemp: => 280.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:51:04 ====

Joined
Oct 9, 2014
Posts
741




  • #8

Let’s see if things are any better. Try searching for updates.

Joined
Jan 16, 2017
Posts
91


Joined
Oct 9, 2014
Posts
741




  • #10

Thank you. This may take a couple of rounds of fixing as I need to gather as much data as possible on the necessary WU services to determine the root cause of the failure.

Please execute the following fixlist.

Attachments


  • fixlist.txt

Joined
Oct 9, 2014
Posts
741




  • #11

You don’t need to reboot the server.

Joined
Jan 16, 2017
Posts
91




  • #12

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by xxxxxx (13-06-2018 13:38:21) Run:2
Running from C:\temp
Loaded Profiles: Admin & xxxxxxx & MSSQL$MICROSOFT##WID (Available Profiles: Admin & xxxxxx & xxxxx & MSSQL$MICROSOFT##WID)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: sc query netprofm
CMD: sc qc netprofm 
*****************


========= sc query netprofm =========


SERVICE_NAME: netprofm 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


========= sc qc netprofm =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: netprofm
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network List Service
        DEPENDENCIES       : RpcSs
                           : nlasvc
        SERVICE_START_NAME : NT AUTHORITY\LocalService

========= End of CMD: =========


==== End of Fixlog 13:38:22 ====

Thank you

Joined
Oct 9, 2014
Posts
741




  • #13

Step#1 — FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please attach the log back here.
7. Another log (Addition.txt — also located in the same directory as FRST64.exe) will be generated Please also attach that along with the FRST.txt in your reply.

Joined
Jan 16, 2017
Posts
91




  • #14

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by tekadmin (administrator) on ORCGA-SVR01 (13-06-2018 13:42:40)
Running from C:\temp
Loaded Profiles: Admin & tekadmin & MSSQL$MICROSOFT##WID (Available Profiles: Admin & tektonic & tekadmin & MSSQL$MICROSOFT##WID)
Platform: Windows Server 2016 Standard (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dns.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
() C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Hewlett Packard Enterprise Development LP) C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe
() C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe
(LabTech Software) C:\Windows\LTSvc\LTSVC.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(Hewlett Packard Enterprise) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\AMS\service\HpAmsStor.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\smhstart.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(Sophos Ltd.) C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\hpsmhd.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\hpsmhd.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.WindowsClient.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.WindowsClient.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(LabTech Software) C:\Windows\LTSvc\LTTray.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlwriter.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:\Program Files\ESET\ESET File Security\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> C:\Program Files\ESET\ESET File Security\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully
HKLM\...\Run: [QLogicSaveSystemInfo] => rundll32.exe qlco10011.dll,QLSaveSystemInfo
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2882760 2014-08-21] (ESET)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe [86016 2016-02-18] (PFU LIMITED)
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [454144 2016-09-06] (PFU Limited)
HKLM-x32\...\Winlogon: [Userinit] 
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\...\Policies\Explorer: [NoDrives] 8388608
HKU\S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\system: [SoftwareSASGeneration] 3
Lsa: [Notification Packages] rassfm scecli
SecurityProviders:     pwdssp.dll,    pwdssp.dll,   pwdssp.dll,  pwdssp.dll, credssp.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2018-06-05]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0a4aa5dd-b098-49fc-b9bb-2c7206bf3232}: [DhcpNameServer] 10.10.0.1 10.10.0.3
Tcpip\..\Interfaces\{4a8654ab-4f67-4d5a-8f25-12d053fb2cb6}: [NameServer] 192.168.2.3
Tcpip\..\Interfaces\{de0dac85-ac27-47c8-9955-629047d4ae69}: [DhcpNameServer] 10.10.0.1 10.10.0.3

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp

FireFox:
========
FF DefaultProfile: 99qfdyxx.default-1501265388445
FF ProfilePath: C:\Users\tekadmin\AppData\Roaming\Mozilla\Firefox\Profiles\99qfdyxx.default-1501265388445 [2018-06-13]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\tekadmin\AppData\Roaming\Mozilla\Firefox\Profiles\99qfdyxx.default-1501265388445\features\{3e0208ba-5cdf-4f78-ab89-7dada4acd28f}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Legacy]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Extension: (ESET File Security for Microsoft Windows Server Extension) - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2017-01-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [465920 2017-01-13] (Microsoft Corporation)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [36600 2015-03-20] (APC)
R2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [57160 2015-03-20] (APC)
R2 Dfs; C:\Windows\system32\dfssvc.exe [454144 2017-01-13] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3887104 2017-04-27] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [1052672 2017-09-07] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [2078720 2017-10-08] (Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [293376 2017-01-13] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43208 2014-08-21] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [963784 2014-08-21] (ESET)
S3 GwHMSvc; C:\Windows\System32\GatewayHealthMonitorService.dll [26624 2017-02-05] (Microsoft Corporation)
R2 HpAmsStor; C:\Program Files\Hewlett-Packard\AMS\service\HpAmsStor.exe [16736 2016-09-14] (Hewlett-Packard Company)
R2 hpqams; C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe [640352 2016-09-14] (Hewlett Packard Enterprise Development LP)
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2016-09-02] (Hewlett-Packard Company) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2017-03-14] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [69120 2017-01-13] (Microsoft Corporation)
R2 Kdc; C:\Windows\system32\kdcsvc.dll [564224 2018-02-12] (Microsoft Corporation)
S3 KdsSvc; C:\Windows\system32\KdsSvc.dll [37888 2017-01-13] (Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [177152 2016-07-16] (Microsoft Corporation)
R2 LTService; C:\Windows\LTSvc\LTSVC.exe [2318264 2018-06-07] (LabTech Software)
R2 LTSvcMon; C:\Windows\LTSvc\LTSvcMon.exe [190904 2018-06-11] (LabTech Software)
R3 MSSQL$MICROSOFT##WID; C:\Windows\WID\Binn\sqlservr.exe [370368 2017-02-05] (Microsoft Corporation)
R2 NTDS; C:\Windows\system32\ntdsa.dll [95744 2016-08-05] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1002496 2017-01-13] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [265360 2016-07-29] (Hewlett Packard Enterprise)
R2 RaMgmtSvc; C:\Windows\System32\ramgmtsvc.dll [811520 2017-02-05] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [42496 2017-02-05] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [97280 2016-07-16] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [83968 2016-07-16] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [16896 2016-07-16] (Microsoft Corporation)
R2 ScreenConnect Client (1f5c07f456f90ea6); C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe [89368 2017-11-14] ()
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4701448 2017-01-18] (StorageCraft Technology Corporation)
R2 Smart Storage Administrator; C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe [255488 2016-08-31] () [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [53248 2016-10-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47104 2016-10-14] (Microsoft Corporation)
R2 STAS; C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe [728816 2017-03-02] (Sophos Ltd.)
R2 stc_raw_agent; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe [4538160 2015-11-06] ()
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408008 2017-01-18] ()
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [759808 2016-09-17] (Hewlett Packard Enterprise) [File not signed]
R2 UALSVC; C:\Windows\System32\ualsvc.dll [261120 2016-07-16] (Microsoft Corporation)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2017-01-18] (StorageCraft Technology Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R3 WIDWriter; C:\Windows\WID\Binn\sqlwriter.exe [134336 2017-02-05] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06diag; C:\Windows\System32\drivers\bxdiaga.sys [91344 2014-06-23] (Broadcom Corporation)
S0 bchtsw64; C:\Windows\System32\drivers\bchtsw64.sys [90912 2011-05-20] (Broadcom Corporation)
S0 be2iscsi; C:\Windows\System32\drivers\be2iscsi.sys [267496 2016-09-21] (Emulex )
S0 bfad; C:\Windows\System32\drivers\bfad.sys [1976048 2014-09-29] (QLogic Corporation)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279264 2016-07-16] (QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279264 2016-07-16] (QLogic Corporation)
S0 bfad_up; C:\Windows\System32\drivers\bfad_up.sys [17648 2014-09-29] (QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [205152 2016-07-16] (QLogic Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [536416 2016-07-16] (QLogic Corporation)
S4 danlb; C:\Windows\System32\DRIVERS\danlb.sys [26112 2017-02-05] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [55648 2017-01-13] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [67424 2017-01-13] (Microsoft Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2014-08-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2014-08-21] (ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758624 2016-07-16] (Emulex)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2014-08-21] (ESET)
S0 HpAHCIsr; C:\Windows\System32\drivers\HpAHCIsr.sys [224536 2013-08-20] (Hewlett-Packard Company)
S0 HpCISSs2; C:\Windows\System32\drivers\HpCISSs2.sys [155536 2013-10-28] (Hewlett-Packard Company)
S0 HpCISSs3; C:\Windows\System32\drivers\HpCISSs3.sys [184880 2016-09-23] (PMC-Sierra, Inc.)
R0 HPpSA; C:\Windows\System32\drivers\HPpSA.sys [32440 2016-08-23] (PMC-Sierra Company)
R3 hpqilo3chif; C:\Windows\system32\DRIVERS\hpqilo3chif.sys [53064 2016-07-29] (Hewlett Packard Enterprise)
R3 hpqilo3core; C:\Windows\System32\drivers\hpqilo3core.sys [53408 2016-07-29] (Hewlett Packard Enterprise)
S0 HPSA2; C:\Windows\System32\drivers\HPSA2.sys [167248 2016-04-18] (Hewlett-Packard Company)
R0 HPSA3; C:\Windows\System32\drivers\HPSA3.sys [169656 2016-08-23] (PMC-Sierra Company)
S3 IPsecGW; C:\Windows\System32\drivers\ipsecgw.sys [18432 2016-07-16] (Microsoft Corporation)
R2 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [121344 2016-07-16] (Microsoft Corporation)
R3 MxG2hDO64; C:\Windows\system32\DRIVERS\MxG2hDO64.sys [580272 2016-08-29] (Matrox Graphics Inc.)
R3 q57nd60a; C:\Windows\System32\drivers\b57nd60a.sys [476472 2016-09-21] (Broadcom Corporation)
S0 qebdrv; C:\Windows\System32\drivers\qevbda.sys [1943752 2016-09-21] (QLogic Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1632608 2016-07-16] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2016-07-16] (QLogic Corporation)
S0 qlfcoe; C:\Windows\System32\drivers\qlfcoe.sys [1376048 2015-03-24] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2016-07-16] (QLogic Corporation)
R3 RasGre; C:\Windows\System32\drivers\rasgre.sys [45056 2016-07-16] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [95072 2016-09-15] (Microsoft Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2017-01-18] (StorageCraft Technology Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [159232 2016-09-15] (Microsoft Corporation)
R0 stcvsm; C:\Windows\System32\drivers\stcvsm.sys [283400 2017-01-18] (StorageCraft Technology Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
U4 warpview; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 12:55 - 2018-06-13 13:43 - 000000000 ____D C:\Users\tekadmin\AppData\Local\Temp\1
2018-06-13 12:50 - 2018-06-13 13:42 - 000000000 ____D C:\FRST
2018-06-13 09:03 - 2018-06-13 12:55 - 000003044 _____ C:\Users\tekadmin\AppData\Local\Temp\LTErrors.txt
2018-06-12 11:26 - 2018-06-12 11:26 - 000000000 ____D C:\SFCFix
2018-06-06 15:09 - 2018-06-06 15:09 - 000000000 ____D C:\Users\tekadmin\AppData\Roaming\PFU
2018-06-05 12:20 - 2018-06-05 12:21 - 000000000 ____D C:\Users\tektonic\AppData\Roaming\PFU
2018-06-05 12:20 - 2018-06-05 12:20 - 000000000 ____D C:\ProgramData\Nuance
2018-06-05 12:17 - 2018-06-05 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update
2018-06-05 12:17 - 2018-06-05 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals
2018-06-05 12:15 - 2018-06-05 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\Windows\SSDriver
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\ProgramData\PFU
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\Program Files (x86)\PFU
2018-06-05 12:15 - 2013-06-14 17:16 - 001453056 _____ (PFU LIMITED) C:\Windows\system32\SV600u-x64.dll
2018-06-05 12:15 - 2012-12-07 17:03 - 007983104 _____ (PFU LIMITED) C:\Windows\system32\ippiSV600-x64.dll
2018-06-05 12:15 - 2012-12-07 16:44 - 000901120 _____ (PFU LIMITED) C:\Windows\system32\ijlSV600-x64.dll
2018-06-05 12:15 - 2012-04-24 15:02 - 000031744 _____ (PFU) C:\Windows\system32\fj25usb-x64.dll
2018-06-05 12:15 - 2012-02-06 16:15 - 001065472 _____ (PFU LIMITED) C:\Windows\system32\s1300iu-x64.dll
2018-06-05 12:15 - 2010-08-03 18:55 - 000623104 _____ (PFU Limited) C:\Windows\system32\s1100u-x64.dll
2018-06-05 12:15 - 2010-07-23 12:50 - 003073024 _____ (PFU Limited) C:\Windows\system32\ijl5s1100-x64.dll
2018-06-05 12:15 - 2010-07-20 21:18 - 003073024 _____ (PFU Limited) C:\Windows\system32\ijl5s1300i-x64.dll
2018-06-05 12:15 - 2010-07-12 16:55 - 002467328 _____ (PFU Limited) C:\Windows\system32\ippi5s1100-x64.dll
2018-06-05 12:15 - 2010-02-04 02:44 - 002467328 _____ (PFU Limited) C:\Windows\system32\ippi5s1300i-x64.dll
2018-06-05 12:15 - 2009-09-18 22:01 - 000367616 _____ (PFU Limited) C:\Windows\system32\s1300u-x64.dll
2018-06-05 12:15 - 2009-04-23 20:29 - 002873856 _____ (PFU Limited) C:\Windows\system32\ijl5s1300-x64.dll
2018-06-05 12:15 - 2009-04-23 20:29 - 000695296 _____ (PFU Limited) C:\Windows\system32\ippi5s1300-x64.dll
2018-06-05 12:15 - 2008-04-03 08:08 - 000033280 _____ (PFU) C:\Windows\system32\fj52usb-x64.dll
2018-06-05 12:15 - 2007-08-17 16:33 - 000033280 _____ (PFU) C:\Windows\system32\fjmcusb-x64.dll
2018-06-05 12:15 - 2007-07-26 22:47 - 000351744 _____ (PFU Limited) C:\Windows\system32\s300u-x64.dll
2018-06-05 12:15 - 2007-05-23 19:57 - 002873856 _____ (PFU Limited) C:\Windows\system32\ijl5s300-x64.dll
2018-06-05 12:15 - 2007-05-23 19:57 - 000695296 _____ (PFU Limited) C:\Windows\system32\ippi5s300-x64.dll
2018-06-05 12:11 - 2018-06-05 12:11 - 012030008 _____ (Macrovision Corporation) C:\Users\tektonic\Downloads\WinSSInstiX500WW1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 13:42 - 2017-01-18 12:08 - 000000000 ____D C:\temp
2018-06-13 13:42 - 2017-01-13 19:23 - 000068792 _____ C:\Windows\system32\driverslist.csv
2018-06-13 13:03 - 2017-01-13 13:39 - 002104256 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 12:59 - 2017-01-16 15:08 - 000005504 _____ C:\Windows\system32\config\netlogon.dnb
2018-06-13 12:59 - 2017-01-16 15:08 - 000002039 _____ C:\Windows\system32\config\netlogon.dns
2018-06-13 12:56 - 2016-07-16 09:23 - 000000000 ____D C:\Windows\system32\inetsrv
2018-06-13 12:54 - 2017-01-16 15:12 - 000000000 ____D C:\Windows\system32\dhcp
2018-06-13 12:54 - 2017-01-13 17:27 - 000000000 ____D C:\Windows\system32\dns
2018-06-13 12:54 - 2017-01-13 13:39 - 000000000 ____D C:\ProgramData\ScreenConnect Client (1f5c07f456f90ea6)
2018-06-13 12:54 - 2017-01-13 13:38 - 000000000 ____D C:\Windows\LTSvc
2018-06-13 12:53 - 2017-01-16 15:04 - 000000000 ____D C:\Windows\NTDS
2018-06-13 12:53 - 2016-09-12 07:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 12:51 - 2016-07-16 02:04 - 000065536 _____ C:\Windows\system32\config\BBI
2018-06-13 05:03 - 2017-07-28 14:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-12 16:59 - 2017-07-28 14:09 - 000000000 ____D C:\Users\tekadmin\AppData\LocalLow\Mozilla
2018-06-12 16:39 - 2017-07-28 14:00 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-12 16:39 - 2017-07-28 14:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-12 11:15 - 2016-07-16 09:02 - 000000000 ____D C:\Windows\CbsTemp
2018-06-06 11:16 - 2018-02-16 15:32 - 000000000 ____D C:\Users\tektonic\AppData\LocalLow\Mozilla
2018-06-05 12:25 - 2017-01-13 13:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-05 12:21 - 2017-01-13 19:26 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-05 12:15 - 2016-07-16 09:21 - 000000000 ____D C:\Windows\INF
2018-05-31 05:31 - 2018-02-15 06:15 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-05 08:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by tekadmin (13-06-2018 13:43:29)
Running from C:\temp
Windows Server 2016 Standard (X64) (2017-01-13 17:26:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-783996073-3661138892-2859915239-500 - Administrator - Disabled)
Guest (S-1-5-21-783996073-3661138892-2859915239-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
DefaultAccount (S-1-5-21-783996073-3661138892-2859915239-503 - Limited - Disabled)
SM_61d62f9fe56348adb (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_ae0fb2e7b6004ce99 (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_085a822591b94535a (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_b1cb438c695e46f0a (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Standard User (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
WebWorkplaceTools (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Admin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
spfarm (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
spsearch (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
spwebapp (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SBSMonAcct (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Lori (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Brenda (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
office (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ian (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ORCGA.Office (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
jenniferp (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
tektonic (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
tekadmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
kim (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Colleen (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
keith (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
douglas (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MFP (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Ashleigh (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Saskia (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GROUNDHOG$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
LODOHERTY-DTXP$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
BDOBRINDT-DTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
JDLAPTOP-LTW7$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPARE-LTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
IAN-LTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-003$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-002$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-004$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-SVR01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-005$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ESET File Security (HKLM\...\{E52C532B-4733-4E80-BD85-B8A34DAC5949}) (Version: 4.5.12017.0 - ESET, spol. s r.o.)
HP Lights-Out Online Configuration Utility (HKLM\...\{BB0164BD-7152-418A-B2F4-C998695D4C3B}) (Version: 4.8.0.0 - Hewlett Packard Enterprise)
HPE Insight Management WBEM Providers (HKLM\...\{8350FDC7-CC18-470E-9C20-8777A138CD90}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP) Hidden
HPE Insight Management WBEM Providers for Windows Server x64 Editions (HKLM\...\HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}) (Version: 10.60.0.0 - Hewlett-Packard Company)
HPE ProLiant Agentless Management Service (HKLM\...\{E9B2359A-D58A-45BE-B5E3-7BF537984B96}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP) Hidden
HPE ProLiant Agentless Management Service (HKLM\...\HP-{EDE88CBB-3384-4DDA-B23B-7E54A3F4344F}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP)
HPE System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 7.6.0 - Hewlett Packard Enterprise Development LP)
iLO 3/4 Core Driver (X64) (HKLM\...\{1765AAA8-F827-4350-AA97-F788DF14EC5E}) (Version: 3.30.0.0 - Hewlett Packard Enterprise) Hidden
iLO 3/4 Management Controller Driver Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.30.0.0 - Hewlett Packard Enterprise)
Integrated Management Log Viewer (HKLM\...\{8336B287-BD7B-4C90-A698-B6DEC236F7E2}) (Version: 7.8.0.0 - Hewlett Packard Enterprise)
LabTech® Software Remote Agent (HKLM-x32\...\{3f460d4c-d217-46b4-80b6-b5ed50bd7cf5}) (Version: 11.0.345 - LabTech® Software, LLC) Hidden
LabTech® Software Remote Agent (HKLM-x32\...\{fd6de56a-340b-439b-8771-4e95b28e5a70}) (Version: 11.0.345 - LabTech® Software, LLC) Hidden
Matrox Graphics Software (remove only) (HKLM-x32\...\Matrox Vista Driver Uninstaller) (Version: 4.3.1.5 - Matrox Graphics Inc.)
MergeModule2012 (HKLM\...\{3E0D2B4B-CA5F-40D6-B0AE-648008897125}) (Version: 1.0.0 - Microsoft) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
PFA Server Registry Update (HKLM\...\{4EFD5C50-351F-4BA8-AC7C-9BF58DFADF0A}) (Version: 1.5.0.0 - Hewlett Packard Enterprise)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.2.0.604 - Schneider Electric)
PowerChute Business Edition Console (HKLM-x32\...\{0F86FD09-BA63-4E45-A70B-604C1106C2F2}) (Version: 9.2.0.604 - Schneider Electric)
PowerChute Business Edition Server (HKLM-x32\...\{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}) (Version: 9.2.0.604 - Schneider Electric)
ProLiant Monitor Service (X64) (HKLM\...\{24852FC1-8C73-4066-AB2C-88EBEBAF9309}) (Version: 3.30.0.0 - Hewlett Packard Enterprise) Hidden
ScanSnap Manager (HKLM-x32\...\{10849A02-8B94-4943-A0B9-6F198486239A}) (Version: 6.5.61.2.2 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{C3F4BE6A-B798-4B50-99CA-B8B8F17FE56B}) (Version: 6.5.40.4.6 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L61 - PFU)
ScreenConnect Client (1f5c07f456f90ea6) (HKLM-x32\...\{104F01F0-A0E1-4C3B-9BE7-0BD28D53C090}) (Version: 6.4.15361.6527 - ScreenConnect Software)
ShadowSnap (HKLM\...\ShadowSnap) (Version: 3.4.1. - )
Smart Storage Administrator (HKLM\...\{814FCDC8-00CF-4E2C-8FC3-D38ABAF2B745}) (Version: 2.60.18.0 - Hewlett Packard Enterprise Development LP)
Smart Storage Administrator Diagnostics and SmartSSD Wear Gauge Utility (HKLM\...\{7F765BEE-B5C9-4BFA-B51C-DBCE3AF25B54}) (Version: 2.60.18.0 - Hewlett Packard Enterprise Development LP)
STAS 2.2.1.0 Release (HKLM-x32\...\{F0E51076-0255-43F3-ABF3-172E097C9476}}_is1) (Version:  - Sophos Ltd.)
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 5.0.1.23057 - StorageCraft Technology Corporation (STC))
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers3: [ShellExt] -> {016EFC4B-2906-4687-B0AC-ACDF94097FEC} => C:\Program Files (x86)\StorageCraft\ShadowProtect\sbimgmnt.dll [2017-01-18] (StorageCraft Technology Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers6: [ShellExt] -> {016EFC4B-2906-4687-B0AC-ACDF94097FEC} => C:\Program Files (x86)\StorageCraft\ShadowProtect\sbimgmnt.dll [2017-01-18] (StorageCraft Technology Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task
Task: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {44A930C4-ABC4-4789-9A74-101F3A778685} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {5243CFA4-A58B-424F-8B30-3BD587AA7DB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {5F8FBF01-5B55-4809-A1C7-A32A71102A4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {6915DB72-09BF-422F-814A-B6BB29AE5D43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {A4383CAF-36FC-413F-B492-9B1DAA1098E6} - System32\Tasks\Microsoft\Windows\RemoteAccess\RaConfigTask
Task: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2016-07-16] (Microsoft Corporation)
Task: {E0A67649-21C8-4620-81A8-EACF01A98AC3} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:18 - 2016-07-16 09:18 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2018-05-03 10:44 - 2018-03-06 02:17 - 002681704 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000032768 _____ () C:\Program Files\HPWBEM\Storage\Service\CQMGSTOR.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000029696 _____ () C:\Program Files\HPWBEM\Storage\Service\cqstrutl.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000057856 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMSCSI.DLL
2016-09-02 01:53 - 2016-09-02 01:53 - 000041472 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMDISK.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000055808 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQSAS.DLL
2016-08-31 12:29 - 2016-08-31 12:29 - 000255488 _____ () C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe
2016-09-14 11:30 - 2016-09-14 11:30 - 000357216 _____ () C:\Program Files\Hewlett-Packard\AMS\service\w2kmgAMS.dll
2017-11-14 17:34 - 2017-11-14 17:34 - 000089368 _____ () C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe
2017-01-18 12:10 - 2017-01-18 12:10 - 004408008 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
2016-09-14 11:28 - 2016-09-14 11:28 - 000046432 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CQMGSTOR.dll
2016-09-14 11:27 - 2016-09-14 11:27 - 000041824 _____ () C:\Program Files\Hewlett-Packard\AMS\service\cqstrutl.dll
2016-09-14 11:29 - 2016-09-14 11:29 - 000058208 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQIDE.DLL
2016-09-14 11:28 - 2016-09-14 11:28 - 000055648 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQMDISK.dll
2016-09-14 11:29 - 2016-09-14 11:29 - 000069472 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQMSCSI.DLL
2016-09-14 11:29 - 2016-09-14 11:29 - 000067424 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQSAS.DLL
2017-01-13 19:27 - 2016-09-17 03:05 - 001406976 _____ () C:\hp\hpsmh\bin\libxml2.dll
2015-11-06 00:41 - 2015-11-06 00:41 - 004538160 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
2016-07-16 09:19 - 2017-02-05 12:56 - 000176832 _____ () C:\Windows\System32\sqlctrWID.dll
2017-01-13 19:27 - 2016-09-17 03:05 - 001406976 _____ () C:\hp\hpsmh\modules\libxml2.dll
2017-01-13 19:27 - 2016-09-17 03:04 - 000076288 _____ () C:\hp\hpsmh\modules\zlib1.dll
2017-01-13 14:20 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 03:09 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-05-03 10:42 - 2018-03-06 01:18 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-05-03 10:43 - 2018-03-06 01:07 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-03 10:44 - 2018-03-06 01:06 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-05-03 10:42 - 2018-03-06 01:07 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-05-03 10:42 - 2018-03-06 01:12 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-16 12:08 - 2015-03-20 13:04 - 000036864 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\ApcUsb_ul.dll
2014-06-01 17:17 - 2014-06-01 17:17 - 000087552 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ctypes.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000713216 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_hashlib.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000046080 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_socket.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 001159680 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ssl.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000098816 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32api.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000110080 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pywintypes27.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000358912 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pythoncom27.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000042496 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32service.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000027648 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\servicemanager.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000031232 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_psutil_mswindows.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000127488 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pyexpat.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000033792 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32evtlog.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000108544 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32security.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000018432 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32event.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000027136 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_multiprocessing.pyd
2013-10-30 20:23 - 2013-10-30 20:23 - 000010240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cprocessors.pyd
2013-10-30 20:23 - 2013-10-30 20:23 - 000011776 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cresultproxy.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000048128 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_sqlite3.pyd
2015-11-04 15:24 - 2015-11-04 15:24 - 000427008 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlite3.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000111616 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32file.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000024064 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32pipe.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000010240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\select.pyd
2015-11-04 14:33 - 2015-11-04 14:33 - 001802752 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\cryptography.hazmat.bindings._openssl.pyd
2015-11-04 14:33 - 2015-11-04 14:33 - 000105472 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_cffi_backend.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000098816 _____ () C:\Windows\TEMP\_MEI30282\win32api.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000110080 _____ () C:\Windows\TEMP\_MEI30282\pywintypes27.dll
2018-06-13 12:54 - 2018-06-13 12:54 - 000358912 _____ () C:\Windows\TEMP\_MEI30282\pythoncom27.dll
2018-06-13 12:54 - 2018-06-13 12:54 - 000042496 _____ () C:\Windows\TEMP\_MEI30282\win32service.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000027648 _____ () C:\Windows\TEMP\_MEI30282\servicemanager.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000018432 _____ () C:\Windows\TEMP\_MEI30282\win32event.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000040960 _____ () C:\Windows\TEMP\_MEI30282\_socket.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000721920 _____ () C:\Windows\TEMP\_MEI30282\_ssl.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000009728 _____ () C:\Windows\TEMP\_MEI30282\select.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000074240 _____ () C:\Windows\TEMP\_MEI30282\_ctypes.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000285184 _____ () C:\Windows\TEMP\_MEI30282\_hashlib.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000103424 _____ () C:\Windows\TEMP\_MEI30282\pyexpat.pyd
2018-06-05 12:15 - 2016-12-13 14:08 - 002016256 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2018-06-05 12:15 - 2016-07-07 13:45 - 001808384 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2018-06-05 12:15 - 2003-03-26 18:46 - 000135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2018-06-05 12:15 - 2010-08-24 16:56 - 000167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2018-06-05 12:15 - 2013-03-12 09:43 - 000888832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (1f5c07f456f90ea6) => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 09:23 - 2017-01-13 18:59 - 000000822 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{7B9059A3-9E51-4915-850A-5504604D1F97}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{AB2FCF12-9052-40E7-9DD9-835331ACB3C8}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{DAD2C735-1679-4F6A-93B8-380572FBE845}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [{F3F1739F-EC80-4BD8-BFC2-681B308374DE}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [{9494C56D-5BF0-4E04-915D-91A8BD4014AD}] => (Allow) LPort=25566
FirewallRules: [{72DAB2F8-36BB-44A6-95B6-C6115D225FD5}] => (Allow) LPort=25566
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe
FirewallRules: [Microsoft-Windows-RemoteAccess-RemRras-RPC-In] => (Allow) %systemroot%\system32\remrras.exe
FirewallRules: [Microsoft-Windows-RemoteAccess-IasHost-RPC-In] => (Allow) %systemroot%\system32\iashost.exe
FirewallRules: [{B2CF806A-DEB7-4AEF-8F97-017619E0A4FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB9F407E-7449-4383-88F9-DF97BDF5D020}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{482F19B4-1AFD-43C7-AE66-B8BD832C4EFA}] => (Allow) LPort=6677
FirewallRules: [{274D6D6B-8EC7-431A-89E9-7CD5826A8D0D}] => (Allow) LPort=50001
FirewallRules: [{F241F5BE-1D39-4D8A-91DE-9DC0EBAF4589}] => (Allow) LPort=27015
FirewallRules: [{42A8C905-5086-4FAD-A72C-93061B058C9F}] => (Allow) LPort=42004
FirewallRules: [{1529D743-2F0E-4CBC-B919-B4ACC0877AF1}] => (Allow) LPort=4999
FirewallRules: [{E8DCF8D0-1073-4015-A29F-B9A0ED3A3C2B}] => (Allow) C:\Windows\LTSvc\LTSVC.exe
FirewallRules: [{5D192A53-ED85-435F-99F2-BFCBAA5A118F}] => (Allow) C:\Windows\LTSvc\LTSVC.exe
FirewallRules: [{B609B263-FA37-4A5F-9AB9-82F96D869CB0}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe
FirewallRules: [{F060B312-2807-4D46-B696-ACBCBC304365}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe
FirewallRules: [{1A5EA1A9-60F3-4FF8-B34F-87D82083382A}] => (Allow) C:\Windows\LTSvc\LTTray.exe
FirewallRules: [{C2E044A9-EB50-4D23-BE4B-D4E0AD1BA2F9}] => (Allow) C:\Windows\LTSvc\LTTray.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2018 12:56:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {f2dabfbf-d405-4668-89e1-8727be724b02}

Error: (06/13/2018 12:56:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {8d5194e1-e455-434a-b2e5-51296cce67df}
   Writer Name: WIDWriter
   Writer Instance Name: Microsoft SQL Server 2014:SQLWriter
   Writer Instance ID: {82a6d582-0bb6-4086-9957-87e164778e27}

Error: (06/13/2018 12:55:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 12:54:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f041c420-64ab-4d73-96b0-f68349f4bcf5}

Error: (06/13/2018 12:45:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 10:08:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/13/2018 09:00:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 05:06:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {fe420382-6a71-48af-8f9d-b70240943285}


System errors:
=============
Error: (06/13/2018 01:24:17 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:24:15 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:24:13 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:16 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.4 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:11 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:09 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:07 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:22:45 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.4 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).


Windows Defender:
===================================
Date: 2018-04-23 20:08:45.493
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {431F8F8B-3131-4A3C-AFD5-2F2488736EA8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-07 05:31:21.866
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.865
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.861
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.861
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:13.806
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2018-05-31 05:31:32.605
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-31 05:31:32.603
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 22:56:05.455
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 22:56:05.446
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:44:50.243
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:44:50.241
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:14:14.247
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18038-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:14:14.246
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18038-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 7934.11 MB
Available physical RAM: 5052.25 MB
Total Virtual: 9214.11 MB
Available Virtual: 6015.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:833.6 GB) (Free:688.89 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:30.37 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Joined
Oct 9, 2014
Posts
741




  • #15

Okay, before we proceed I am going to ask you that you create a full system backup, because I see a couple of potential issues, however, some of the fixes will include registry fixes and these can be fairly unpredictable, so I’d rather we have something to fall back on just in case.

Thanks.

Joined
Jan 16, 2017
Posts
91




  • #16

Ok I run full backups each evening and I can run one just before any work done

Joined
Oct 9, 2014
Posts
741




  • #17

I will be sure to tell you when I begin fixing things, for now I’m just gathering data.

Are you having issues with System Restore?

When able, please do the following:

Step#1 — Capture Process Monitor Trace
 1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Cause the error just like you have in the past.
3. Stop Process Monitor as soon as Windows Update fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.

4. Select the File menu…Save… and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log.

Joined
Jan 16, 2017
Posts
91


Joined
Oct 9, 2014
Posts
741




  • #19

Thank you. Looks like you missed my question above :)

Joined
Jan 16, 2017
Posts
91




  • #20

Not aware of any issues with System Restore but reviewing event logs now

Has Sysnative Forums helped you? Please consider donating to help us support the site!

  • Microsoft Support & Malware Removal

  • Windows Update

Источник

Definition of qlfcoei.inf

qlfcoei.inf is a kind of INF error that is found in the Microsoft Windows operating systems. The latest version of the error is 1.0.0.0 and the file can be found in Windows 10 Pro. qlfcoei.inf has a popularity rating of 1 / 10.

What Is The qlfcoei.inf Error?

When there is a misfire within your system and the qlfcoei.inf file cannot be loaded, Windows will inform you with the error message. Below are a number of possible different error messages:

  • This application failed to start because qlfcoei.inf was not found.
  • A required INF, qlfcoei.inf was not found.
  • The code execution cannot proceed because qlfcoei.inf was not found.
  • Error loading qlfcoei.inf. The specified module could not be found.
  • Extract: error writing to qlfcoei.inf

What Causes INF errors?

INF errors like qlfcoei.inf can be caused by a number of factors. These can include not properly installing or uninstalling a specific software application such as Windows 10 Pro. Certain files can be missing or corrupt such as corrupted registry keys. In some cases, when viruses infiltrate your system, they can alter your computer settings and cause errors like qlfcoei.inf. In addition, out of date drivers are known to cause several INF errors including qlfcoei.inf.

How to Fix qlfcoei.inf Errors

Follow the step by step instructions below to fix the qlfcoei.inf problem. We recommend you do each in order. If you wish to skip these steps because they are too time consuming or you are not a computer expert, see our easier solution below.

Step 1 — Uninstall and Reinstall Windows 10 Pro

If the qlfcoei.inf is a result of using Windows 10 Pro, you may want to try reinstalling it and see if the problem is fixed. Please follow these steps:

Windows XP

  1. Click “Start Menu”.
  2. Click “Control Panel”.
  3. Select the “Add or Remove” program icon.
  4. Find the qlfcoei.inf associated program.
  5. Click the Change/Remove button on the right side.
  6. The uninstaller pop up will give you instructions. Click “okay” or “next”  or “yes” until it is complete.
  7. Reinstall the software.

Windows 7 and Windows Vista

  1. Click “Start Menu”.
  2. Click “Control Panel”.
  3. Click “Uninstall a Program” which is under the “Programs” header.
  4. Find the qlfcoei.inf associated program.
  5. Right click on it and select “Uninstall”.
  6. The uninstaller pop up will give you instructions. Click “okay” or “next”  or “yes” until it is complete.
  7. Reinstall the software and run the program.

Windows 8, 8.1, and 10

  1. Click “Start Menu”.
  2. Click “Programs and Features”.
  3. Find the software that is linked to qlfcoei.inf.
  4. Click Uninstall/Change.
  5. The uninstaller will pop up and give you instructions. Click “okay” and “next” until it is complete.
  6. Restart your computer.
  7. Reinstall the software and run the program.

Step 2 — Remove Registry Entry related to qlfcoei.inf

WARNING: Do NOT edit the Windows Registry unless you absolutely know what you are doing. You may end up causing more trouble than you start with. Proceed at your OWN RISK.

  1. Create a backup of registry files.
  2. Click “Start”.
  3. Type regedit, select it, and grant permission in order to proceed.
  4. Click HKEY LOCAL MACHINE>>SOFTWARE>>Microsoft>>Windows>>Current Version>>Uninstall.
  5. Find the qlfcoei.inf software from the list you wish to uninstall.
  6. Select the software and double click the UninstallString icon on the right side.
  7. Copy the highlighted text.
  8. Exit and go to the search field.
  9. Paste the data.
  10. Select Okay in order to uninstall the program.
  11. Reinstall the software.

Step 3 – Ensure Junk Isn’t Causing qlfcoei.inf

Any space that isn’t regularly cleaned out tends to accumulate junk. Your personal computer is no exception. Constant web browsing, installation of applications, and even browser thumbnail caches slow down your device and in the absence of adequate memory, can also trigger a qlfcoei.inf error.

So how do you get around this problem?

  • You can either use the Disk Cleanup Tool that comes baked into your Windows operating system.
  • Or you can use a more specialized hard drive clean up solution that does a thorough job and flushes the most stubborn temporary files from your system.

Both solutions may take several minutes to complete the processing of your system data if you haven’t conducted a clean up in a while.

The browser caches are almost a lost cause because they tend to fill up quite rapidly, thanks to our constantly connected and on the go lifestyle.

Here’s how you can run the Window’s Disk Cleanup Tool, without performance issues or surprises.

  • For Windows XP and Windows 7, the program can be ran from “Start” and from the “Command Prompt”.
    • Click “Start”, go to All Programs > Accessories > System Tools, click Disk Cleanup. Next choose the type of files you wish to remove, click OK, followed by “Delete Files”.
    • Open up the Command Prompt, type “c:\windows\cleanmgr.exe /d” for XP and “cleanmgr” for Windows 7. Finish by pressing “Enter”.
  • For Windows 8 and Windows 8.1, the Disk Cleanup Tool can be accessed directly from “Settings”. Click “Control Panel” and then “Administrative Tools”. You can select the drive that you want to run the clean up on. Select the files you want to get rid of and then click “OK” and “Delete Files”.
  • For Windows 10, the process is simplified further. Type Disk Cleanup directly in the search bar and press “Enter”. Choose the drive and then the files that you wish to wipe. Click “OK”, followed by “Delete Files”.

The progressive ease with which the Cleanup Tool can be used points to the growing importance of regularly deleting temporary files and its place in preventing qlfcoei.inf.

PRO TIP:
Remember to run the Disk Cleanup as an administrator.

Step 4 – Fix Infections and Eliminate Malware in Your PC

How do you gauge if your system is infected with a malware and virus?

Well, for one, you may find certain applications misbehaving.

And you may also see the occurrence of qlfcoei.inf.

Infections and malware are the result of:

  • Browsing the Internet using open or unencrypted public Wi-Fi connections
  • Downloading applications from unknown and untrustworthy sources
  • Intentional planting of viruses in your home and office networks

But thankfully, their impact can be contained.

  • Enter “safe mode” by pressing the F8 key repeatedly when your device is restarting. Choose “Safe Mode with Networking” from the Advanced Boot Options menu.
  • Back up all the data in your device to a secure location. This is preferably a storage unit that is not connected to your existing network.
  • Leave program files as is. They are where the infection generally spreads from and may have been compromised.
  • Run a thorough full-system scan or check of an on-demand scanner. If you already have an antivirus or anti-malware program installed, let it do the heavy lifting.
  • Restart your computer once the process has run its course.
  • Lastly, change all your passwords and update your drivers and operating system.

PRO TIP: Are you annoyed by the frequent updates to your antivirus program? Don’t be! These regular updates add new virus signatures to your software database for exponentially better protection.

Step 5 – Return to the Past to Eliminate qlfcoei.inf

The steps outlined up until this point in the tutorial should have fixed qlfcoei.inf error. But the process of tracking what has caused an error is a series of educated guesses. So in case the situation persists, move to Step 5.

Windows devices give users the ability to travel back in time and restore system settings to an uncorrupted, error free state.

This can be done through the convenient “System Restore” program. The best part of the process is the fact that using System Restore doesn’t affect your personal data. There is no need to take backups of new songs and pictures in your hard drive.

  • Open “Control Panel” and click on “System & Security”.
  • Choose the option “System”.
  • To the left of the modal, click on “System Protection”.
  • The System Properties window should pop-up. You’ll be able to see the option “System Restore”. Click on it.
  • Go with “Recommended restore” for the path of least hassles and surprises.
  • Choose a system restore point (by date) that will guarantee taking your device back to the time when qlfcoei.inf hasn’t been triggered yet.
  • Tap “Next” and wrap up by clicking “Finish”.

If you’re using Windows 7 OS, you can reach “System Restore” by following the path Start > All Programs > Accessories > System Tools.

Step 6 — qlfcoei.inf Caused by Outdated Drivers

Updating a driver is not as common as updating your operating system or an application used to run front-end interface tasks.

Drivers are software snippets in charge of the different hardware units that keep your device functional.

So when you detect an qlfcoei.inf error, updating your drivers may be a good bet. But it is time consuming and shouldn’t be viewed as a quick fix.

Here’s the step-by-step process you can go through to update drivers for Windows 8, Windows 8.1 and Windows 10.

  • Check the site of your hardware maker for the latest versions of all the drivers you need. Download and extract them. We strongly advice going with original drivers. In most cases, they are available for free on the vendor website. Installing an incompatible driver causes more problems than it can ever fix.
  • Open “Device Manager” from the Control Panel.
  • Go through the various hardware component groupings and choose the ones you would like to update.
  • On Windows 10 and Windows 8, right-click on the icon of the hardware you would like to update and click “Update Driver”.
  • On Windows 7 and Vista, you right-click the hardware icon, choose “Properties”, navigate to the Driver panel, and then click “Update Driver”.
  • Next you can let your device automatically search for the most compatible drivers, or you can choose to update the drivers from the versions you have on your hard drive. If you have an installer disk, then the latter should be your preferred course of action. The former may often get the driver selection incorrect.
  • You may need to navigate a host of warnings from the Windows OS as you finalize the driver update. These include “Windows can’t verify that the driver is compatible” and “Windows can’t verify the publisher of this driver”. If you know that you have the right one in line, click “Yes”.
  • Restart the system and hopefully the qlfcoei.inf error should have been fixed.

Step 7 – Call the Windows System File Checker into Action

By now the qlfcoei.inf plaguing your device should have been fixed. But if you haven’t resolved the issue yet, you can explore the Windows File Checker option.

With the Windows File Checker, you can audit all the system files your device needs to operate, locate missing ones, and restore them.

Sound familiar? It is almost like “System Restore”, but not quite. The System Restore essentially takes you back in time to a supposedly perfect set up of system files. The File Checker is more exhaustive.

It identifies what is amiss and fills the gaps.

  • First and foremost, open up an elevated command prompt.
  • Next, if you are using Windows 8, 8.1 or 10, enter “DISM.exe /Online /Cleanup-image /Restorehealth” into the window and press Enter.
  • The process of running the Deployment Image Servicing and Management (DISM) tool may take several minutes.
  • Once it completes, type the following command into the prompt “sfc /scannow”.
  • Your device will now go through all protected files and if it detects an anomaly, it will replace the compromised version with a cached version that resides at %WinDir%\System32\dllcache.

Step 8 – Is your RAM Corrupted? Find Out.

Is it possible? Can the memory sticks of your device trigger qlfcoei.inf?

It is unlikely – because the RAM chips have no moving parts and consume little power. But at this stage, if all else has failed, diagnosing your RAM may be a good move.

You can use the Windows Memory Diagnostics Tool to get the job done. Users who are on a Linux or Mac and are experiencing crashes can use memtest86.

  • Open up your device and go straight to the “Control Panel”.
  • Click on “Administrative Tools”.
  • Choose “Windows Memory Diagnostic”.
  • What this built-in option does is it burns an ISO image of your RAM and boots the computer from this image.
  • The process takes a while to complete. Once it is done, the “Status” field at the bottom of the screen populates with the result of the diagnosis. If there are no issues with your RAM/memory, you’ll see “No problems have been detected”.

One drawback of the Windows Memory Diagnostic tool pertains to the number of passes it runs and the RAM segments it checks.

Memtest86 methodically goes over all the segments of your memory – irrespective of whether it is occupied or not.

But the Windows alternative only checks the occupied memory segments and may be ineffective in gauging the cause of the qlfcoei.inf error.

Step 9 – Is your Hard Drive Corrupted? Find Out.

Your RAM or working memory isn’t the only culprit that may precipitate an qlfcoei.inf error. The hard drive of your device also warrants close inspection.

The symptoms of hard drive error and corruption span:

  • Frequent crashes and the Blue Screen of Death (BSoD).
  • Performance issues like excessively slow responses.
  • Errors like qlfcoei.inf.

Hard drives are definitely robust, but they don’t last forever.

There are three things that you can do to diagnose the health of your permanent memory.

  • It is possible that your device may have a hard time reading your drive. This can be the cause of an qlfcoei.inf error. You should eliminate this possibility by connecting your drive to another device and checking for the recurrence of the issue. If nothing happens, your drive health is okay.
  • Collect S.M.A.R.T data by using the WMIC (Windows Management Instrumentation Command-line) in the command prompt. To do this, simply type “wmic” into the command prompt and press Enter. Next follow it up with “diskdrive get status”. The S.M.A.R.T status reading is a reliable indicator of the longevity of your drive.
  • Fix what’s corrupt. Let’s assume you do find that all isn’t well with your hard drive. Before you invest in an expensive replacement, using Check Disk or chkdsk is worth a shot.
    • Open the command prompt. Make sure you are in Admin mode.
    • Type “chkdsk C: /F /X /R” and press “Enter”. “C” here is the drive letter and “R” recovers data, if possible, from the bad sectors.
    • Allow the system to restart if the prompt shows up.
    • And you should be done.

These steps can lead to the resolution you’re seeking. Otherwise the qlfcoei.inf may appear again. If it does, move to Step 10.

Step 10 – Update Windows OS

Like the software applications you use to render specific tasks on your device, the Operating System also requires periodic updates.
Yes, we’ve all heard the troubling stories.

Devices often develop problems post unfinished updates that do not go through. But these OS updates include important security patches. Not having them applied to your system leaves it vulnerable to viruses and malware.

And may also trigger qlfcoei.inf.

So here’s how Windows 7, Windows 8, Windows 8.1 and Windows 10 users can check for the latest updates and push them through:

  • Click the “Start” button on the lower left-hand corner of your device.
  • Type “Updates” in the search bar. There should be a “Windows Update” or “Check for Updates” option, based on the OS version you’re using.
  • Click it. The system will let you know if any updates are available.
  • You have the convenience of choosing the components of the update you’d like to push through. Always prioritize the security updates.
  • Click “OK” followed by “Install Updates”.

Step 11 – Refresh the OS to Eliminate Persistent qlfcoei.inf Error

“Windows Refresh” is a lifesaver.

For those of you who are still with us and nothing has worked to eliminate the qlfcoei.inf, until recently, a fresh install of Windows would have been the only option.

Not anymore.

The Windows Refresh is similar to reinstalling your Windows OS, but without touching your personal data. That’s hours of backup time saved in a jiffy.

Through the Refresh, all your system files become good as new. The only minor annoyance is the fact that any custom apps you’ve installed are gone and the system applications you had uninstalled are back.

Still, it is the best bet as the final step of this process.

  • Enter the «Settings” of your PC and click on “Change Settings”.
  • Click “Update and recovery” and then choose “Recovery”.
  • Select “Keep my files”. This removes apps and settings, but lets your personal files live on.
  • You’ll get some warning messages about the apps that will be uninstalled. If you’ve gone through a recent OS upgrade, the Refresh process makes it so that you can’t go back to your previous OS version – if you should ever feel the need to do it.
  • Click the “Refresh” button.

Are you using an older version of Windows that doesn’t come with the power to “Refresh”?

Maybe it is time to start from scratch.

  • Enter your BIOS set-up.
  • This is where you need to change your computer’s boot order. Make it so that the boot happens not from the existing system files, but from the CD/DVD Drive.
  • Place the original Windows disk in the CD/DVD drive.
  • Turn on or restart the device.
  • Choose where you’d like the system files to be installed.
  • Your PC will restart several times as the process runs its course.

FAQ’s

Do qlfcoei.inf Issue Cause My Computer to Freeze Up?

This actually depends on the nature of the issue and its corrupted file/s. If it is some core system file being corrupted, then the system may freeze. In simpler terms, any significant corruption with Windows registry may end your system being hanged up or may crash your ongoing software applications.

Can I Edit the Windows Registry Myself?

It is a complicated thing to handle and you should only take it in your hand if you have the best knowledge about how critical the working dynamics of the Windows registry. If you have diagnosed the issue to be related with the Windows registry but not sure how to fix it, then professional help should be taken right away.

Should I Update My Drivers for INF Issue?

Several file extension related issues could be due to an outdated or corrupted device drivers. Therefore, updating device drivers during file extension crisis should be done. Moreover, Microsoft consistently provides different Windows updates for its various system files. Therefore, checking for regular Windows updates for its system files is highly recommended.

Start Download Now

Author:

Curtis Hansen has been using, fiddling with, and repairing computers ever since he was a little kid. He contributes to this website to help others solve their computer issues without having to buy a new one.

Источник

Понравилась статья? Поделить с друзьями:
0 0 голоса
Рейтинг статьи
Подписаться
Уведомить о
guest

0 комментариев
Старые
Новые Популярные
Межтекстовые Отзывы
Посмотреть все комментарии
  • Программа для работы с hdd windows 10
  • Как поставить пароль на компьютер windows 10 при включении компьютера windows 10
  • Windows 10 слетает видеодрайвер
  • Как предоставить права администратора windows 10 приложению
  • Windows server 2012 r2 server standard iso