Windows Server 2016 Standard Error Code 0x8024402f

Z

ZeroEffect

Well-known member
Joined
Jan 16, 2017
Posts
91
Every time I run Windows Update I get this:

There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024402f)

I have run SFC:

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

I have run DISM:

C:\Windows\system32>Dism /Online /Cleanup-Image /RestoreHealth

Deployment Image Servicing and Management tool
Version: 10.0.14393.0

Image Version: 10.0.14393.0

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.

I have run SFCFix:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-06-12 11:23:04.940
Microsoft Windows Server 10 Build 14393 - amd64
Not using a script file.




AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.



Failed to generate a complete zip file. Upload aborted.


SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-06-12 11:26:36.280
----------------------EOF-----------------------

Here are the CBS and DISM Log Files
View attachment CBS.zipView attachment dism.zip

Thank you
 
Every time I click "Check for Updates" I get that message

Most current CBS.log has been attached above
 
It is and still getting the error

Server was rebooted this morning at 5 am, just tried again and still getting the error

Both BITS and Windows Update Service are running
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

Ran it and rebooted the server

Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by tekadmin (13-06-2018 12:50:21) Run:1
Running from \\xxxxx\xxxxxx\xxxxxx\Desktop
Loaded Profiles: Admin & xxxxx & MSSQL$MICROSOFT##WID (Available Profiles: Admin & xxxxxx & xxxxxx & MSSQL$MICROSOFT##WID)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
EmptyTemp:
*****************


========= sc config trustedinstaller start=auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= net start trustedinstaller =========

The Windows Modules Installer service is starting.
The Windows Modules Installer service was started successfully.


========= End of CMD: =========


========= fsutil resource setautoreset true %SystemDrive%\ =========

The operation completed successfully.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\Config\TxR\* =========

C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y 
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ed-78da-11e6-80ce-e41d2d741580}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{940176ee-78da-11e6-80ce-e41d2d741580}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========

Could Not Find C:\Windows\System32\SMI\Store\Machine\*.blf

========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========

Could Not Find C:\Windows\System32\SMI\Store\Machine\*.regtrans-ms

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7677125 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9248213 B
Edge => 0 B
Chrome => 0 B
Firefox => 215537142 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 128 B
admin => 7087347 B
xxxxxxx => 89100 B
xxxxxx => 54378272 B
MSSQL$MICROSOFT##WID => 0 B

RecycleBin => 60211 B
EmptyTemp: => 280.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:51:04 ====
 
Thank you. This may take a couple of rounds of fixing as I need to gather as much data as possible on the necessary WU services to determine the root cause of the failure.

Please execute the following fixlist.
 

Attachments

Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by xxxxxx (13-06-2018 13:38:21) Run:2
Running from C:\temp
Loaded Profiles: Admin & xxxxxxx & MSSQL$MICROSOFT##WID (Available Profiles: Admin & xxxxxx & xxxxx & MSSQL$MICROSOFT##WID)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: sc query netprofm
CMD: sc qc netprofm 
*****************


========= sc query netprofm =========


SERVICE_NAME: netprofm 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

========= End of CMD: =========


========= sc qc netprofm =========

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: netprofm
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network List Service
        DEPENDENCIES       : RpcSs
                           : nlasvc
        SERVICE_START_NAME : NT AUTHORITY\LocalService

========= End of CMD: =========


==== End of Fixlog 13:38:22 ====

Thank you
 
Step#1 - FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please attach the log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also attach that along with the FRST.txt in your reply.
 
Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by tekadmin (administrator) on ORCGA-SVR01 (13-06-2018 13:42:40)
Running from C:\temp
Loaded Profiles: Admin & tekadmin & MSSQL$MICROSOFT##WID (Available Profiles: Admin & tektonic & tekadmin & MSSQL$MICROSOFT##WID)
Platform: Windows Server 2016 Standard (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dns.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
() C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(ESET) C:\Program Files\ESET\ESET File Security\x86\ekrn.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Hewlett Packard Enterprise Development LP) C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe
() C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe
(LabTech Software) C:\Windows\LTSvc\LTSVC.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(Hewlett Packard Enterprise) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\AMS\service\HpAmsStor.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\smhstart.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(Sophos Ltd.) C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\hpsmhd.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\hpsmhd.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.WindowsClient.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett Packard Enterprise) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe
(ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.WindowsClient.exe
(ESET) C:\Program Files\ESET\ESET File Security\egui.exe
(LabTech Software) C:\Windows\LTSvc\LTTray.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
(PFU Limited) C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlwriter.exe
(Microsoft Corporation) C:\Windows\WID\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:\Program Files\ESET\ESET File Security\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> C:\Program Files\ESET\ESET File Security\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully
HKLM\...\Run: [QLogicSaveSystemInfo] => rundll32.exe qlco10011.dll,QLSaveSystemInfo
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET File Security\egui.exe [2882760 2014-08-21] (ESET)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe [86016 2016-02-18] (PFU LIMITED)
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [454144 2016-09-06] (PFU Limited)
HKLM-x32\...\Winlogon: [Userinit] 
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\...\Policies\Explorer: [NoDrives] 8388608
HKU\S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\system: [SoftwareSASGeneration] 3
Lsa: [Notification Packages] rassfm scecli
SecurityProviders:     pwdssp.dll,    pwdssp.dll,   pwdssp.dll,  pwdssp.dll, credssp.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2018-06-05]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0a4aa5dd-b098-49fc-b9bb-2c7206bf3232}: [DhcpNameServer] 10.10.0.1 10.10.0.3
Tcpip\..\Interfaces\{4a8654ab-4f67-4d5a-8f25-12d053fb2cb6}: [NameServer] 192.168.2.3
Tcpip\..\Interfaces\{de0dac85-ac27-47c8-9955-629047d4ae69}: [DhcpNameServer] 10.10.0.1 10.10.0.3

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?ocid=iehp

FireFox:
========
FF DefaultProfile: 99qfdyxx.default-1501265388445
FF ProfilePath: C:\Users\tekadmin\AppData\Roaming\Mozilla\Firefox\Profiles\99qfdyxx.default-1501265388445 [2018-06-13]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\tekadmin\AppData\Roaming\Mozilla\Firefox\Profiles\99qfdyxx.default-1501265388445\features\{3e0208ba-5cdf-4f78-ab89-7dada4acd28f}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-07] [Legacy]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Extension: (ESET File Security for Microsoft Windows Server Extension) - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird [2017-01-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET File Security\Mozilla Thunderbird
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [465920 2017-01-13] (Microsoft Corporation)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [36600 2015-03-20] (APC)
R2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [57160 2015-03-20] (APC)
R2 Dfs; C:\Windows\system32\dfssvc.exe [454144 2017-01-13] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3887104 2017-04-27] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [1052672 2017-09-07] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [2078720 2017-10-08] (Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [293376 2017-01-13] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET File Security\EHttpSrv.exe [43208 2014-08-21] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET File Security\x86\ekrn.exe [963784 2014-08-21] (ESET)
S3 GwHMSvc; C:\Windows\System32\GatewayHealthMonitorService.dll [26624 2017-02-05] (Microsoft Corporation)
R2 HpAmsStor; C:\Program Files\Hewlett-Packard\AMS\service\HpAmsStor.exe [16736 2016-09-14] (Hewlett-Packard Company)
R2 hpqams; C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe [640352 2016-09-14] (Hewlett Packard Enterprise Development LP)
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2016-09-02] (Hewlett-Packard Company) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2017-03-14] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [69120 2017-01-13] (Microsoft Corporation)
R2 Kdc; C:\Windows\system32\kdcsvc.dll [564224 2018-02-12] (Microsoft Corporation)
S3 KdsSvc; C:\Windows\system32\KdsSvc.dll [37888 2017-01-13] (Microsoft Corporation)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [177152 2016-07-16] (Microsoft Corporation)
R2 LTService; C:\Windows\LTSvc\LTSVC.exe [2318264 2018-06-07] (LabTech Software)
R2 LTSvcMon; C:\Windows\LTSvc\LTSvcMon.exe [190904 2018-06-11] (LabTech Software)
R3 MSSQL$MICROSOFT##WID; C:\Windows\WID\Binn\sqlservr.exe [370368 2017-02-05] (Microsoft Corporation)
R2 NTDS; C:\Windows\system32\ntdsa.dll [95744 2016-08-05] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1002496 2017-01-13] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [265360 2016-07-29] (Hewlett Packard Enterprise)
R2 RaMgmtSvc; C:\Windows\System32\ramgmtsvc.dll [811520 2017-02-05] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [42496 2017-02-05] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [97280 2016-07-16] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [83968 2016-07-16] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [16896 2016-07-16] (Microsoft Corporation)
R2 ScreenConnect Client (1f5c07f456f90ea6); C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe [89368 2017-11-14] ()
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4701448 2017-01-18] (StorageCraft Technology Corporation)
R2 Smart Storage Administrator; C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe [255488 2016-08-31] () [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [53248 2016-10-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47104 2016-10-14] (Microsoft Corporation)
R2 STAS; C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe [728816 2017-03-02] (Sophos Ltd.)
R2 stc_raw_agent; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe [4538160 2015-11-06] ()
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408008 2017-01-18] ()
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [759808 2016-09-17] (Hewlett Packard Enterprise) [File not signed]
R2 UALSVC; C:\Windows\System32\ualsvc.dll [261120 2016-07-16] (Microsoft Corporation)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2017-01-18] (StorageCraft Technology Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R3 WIDWriter; C:\Windows\WID\Binn\sqlwriter.exe [134336 2017-02-05] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 b06diag; C:\Windows\System32\drivers\bxdiaga.sys [91344 2014-06-23] (Broadcom Corporation)
S0 bchtsw64; C:\Windows\System32\drivers\bchtsw64.sys [90912 2011-05-20] (Broadcom Corporation)
S0 be2iscsi; C:\Windows\System32\drivers\be2iscsi.sys [267496 2016-09-21] (Emulex )
S0 bfad; C:\Windows\System32\drivers\bfad.sys [1976048 2014-09-29] (QLogic Corporation)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279264 2016-07-16] (QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279264 2016-07-16] (QLogic Corporation)
S0 bfad_up; C:\Windows\System32\drivers\bfad_up.sys [17648 2014-09-29] (QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [205152 2016-07-16] (QLogic Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [536416 2016-07-16] (QLogic Corporation)
S4 danlb; C:\Windows\System32\DRIVERS\danlb.sys [26112 2017-02-05] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [55648 2017-01-13] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [67424 2017-01-13] (Microsoft Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [174400 2014-08-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [145024 2014-08-21] (ESET)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758624 2016-07-16] (Emulex)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [129568 2014-08-21] (ESET)
S0 HpAHCIsr; C:\Windows\System32\drivers\HpAHCIsr.sys [224536 2013-08-20] (Hewlett-Packard Company)
S0 HpCISSs2; C:\Windows\System32\drivers\HpCISSs2.sys [155536 2013-10-28] (Hewlett-Packard Company)
S0 HpCISSs3; C:\Windows\System32\drivers\HpCISSs3.sys [184880 2016-09-23] (PMC-Sierra, Inc.)
R0 HPpSA; C:\Windows\System32\drivers\HPpSA.sys [32440 2016-08-23] (PMC-Sierra Company)
R3 hpqilo3chif; C:\Windows\system32\DRIVERS\hpqilo3chif.sys [53064 2016-07-29] (Hewlett Packard Enterprise)
R3 hpqilo3core; C:\Windows\System32\drivers\hpqilo3core.sys [53408 2016-07-29] (Hewlett Packard Enterprise)
S0 HPSA2; C:\Windows\System32\drivers\HPSA2.sys [167248 2016-04-18] (Hewlett-Packard Company)
R0 HPSA3; C:\Windows\System32\drivers\HPSA3.sys [169656 2016-08-23] (PMC-Sierra Company)
S3 IPsecGW; C:\Windows\System32\drivers\ipsecgw.sys [18432 2016-07-16] (Microsoft Corporation)
R2 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [121344 2016-07-16] (Microsoft Corporation)
R3 MxG2hDO64; C:\Windows\system32\DRIVERS\MxG2hDO64.sys [580272 2016-08-29] (Matrox Graphics Inc.)
R3 q57nd60a; C:\Windows\System32\drivers\b57nd60a.sys [476472 2016-09-21] (Broadcom Corporation)
S0 qebdrv; C:\Windows\System32\drivers\qevbda.sys [1943752 2016-09-21] (QLogic Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1632608 2016-07-16] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2016-07-16] (QLogic Corporation)
S0 qlfcoe; C:\Windows\System32\drivers\qlfcoe.sys [1376048 2015-03-24] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2016-07-16] (QLogic Corporation)
R3 RasGre; C:\Windows\System32\drivers\rasgre.sys [45056 2016-07-16] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [95072 2016-09-15] (Microsoft Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2017-01-18] (StorageCraft Technology Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [159232 2016-09-15] (Microsoft Corporation)
R0 stcvsm; C:\Windows\System32\drivers\stcvsm.sys [283400 2017-01-18] (StorageCraft Technology Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
U4 warpview; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 12:55 - 2018-06-13 13:43 - 000000000 ____D C:\Users\tekadmin\AppData\Local\Temp\1
2018-06-13 12:50 - 2018-06-13 13:42 - 000000000 ____D C:\FRST
2018-06-13 09:03 - 2018-06-13 12:55 - 000003044 _____ C:\Users\tekadmin\AppData\Local\Temp\LTErrors.txt
2018-06-12 11:26 - 2018-06-12 11:26 - 000000000 ____D C:\SFCFix
2018-06-06 15:09 - 2018-06-06 15:09 - 000000000 ____D C:\Users\tekadmin\AppData\Roaming\PFU
2018-06-05 12:20 - 2018-06-05 12:21 - 000000000 ____D C:\Users\tektonic\AppData\Roaming\PFU
2018-06-05 12:20 - 2018-06-05 12:20 - 000000000 ____D C:\ProgramData\Nuance
2018-06-05 12:17 - 2018-06-05 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Online Update
2018-06-05 12:17 - 2018-06-05 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manuals
2018-06-05 12:15 - 2018-06-05 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSnap Manager
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\Windows\SSDriver
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\ProgramData\PFU
2018-06-05 12:15 - 2018-06-05 12:15 - 000000000 ____D C:\Program Files (x86)\PFU
2018-06-05 12:15 - 2013-06-14 17:16 - 001453056 _____ (PFU LIMITED) C:\Windows\system32\SV600u-x64.dll
2018-06-05 12:15 - 2012-12-07 17:03 - 007983104 _____ (PFU LIMITED) C:\Windows\system32\ippiSV600-x64.dll
2018-06-05 12:15 - 2012-12-07 16:44 - 000901120 _____ (PFU LIMITED) C:\Windows\system32\ijlSV600-x64.dll
2018-06-05 12:15 - 2012-04-24 15:02 - 000031744 _____ (PFU) C:\Windows\system32\fj25usb-x64.dll
2018-06-05 12:15 - 2012-02-06 16:15 - 001065472 _____ (PFU LIMITED) C:\Windows\system32\s1300iu-x64.dll
2018-06-05 12:15 - 2010-08-03 18:55 - 000623104 _____ (PFU Limited) C:\Windows\system32\s1100u-x64.dll
2018-06-05 12:15 - 2010-07-23 12:50 - 003073024 _____ (PFU Limited) C:\Windows\system32\ijl5s1100-x64.dll
2018-06-05 12:15 - 2010-07-20 21:18 - 003073024 _____ (PFU Limited) C:\Windows\system32\ijl5s1300i-x64.dll
2018-06-05 12:15 - 2010-07-12 16:55 - 002467328 _____ (PFU Limited) C:\Windows\system32\ippi5s1100-x64.dll
2018-06-05 12:15 - 2010-02-04 02:44 - 002467328 _____ (PFU Limited) C:\Windows\system32\ippi5s1300i-x64.dll
2018-06-05 12:15 - 2009-09-18 22:01 - 000367616 _____ (PFU Limited) C:\Windows\system32\s1300u-x64.dll
2018-06-05 12:15 - 2009-04-23 20:29 - 002873856 _____ (PFU Limited) C:\Windows\system32\ijl5s1300-x64.dll
2018-06-05 12:15 - 2009-04-23 20:29 - 000695296 _____ (PFU Limited) C:\Windows\system32\ippi5s1300-x64.dll
2018-06-05 12:15 - 2008-04-03 08:08 - 000033280 _____ (PFU) C:\Windows\system32\fj52usb-x64.dll
2018-06-05 12:15 - 2007-08-17 16:33 - 000033280 _____ (PFU) C:\Windows\system32\fjmcusb-x64.dll
2018-06-05 12:15 - 2007-07-26 22:47 - 000351744 _____ (PFU Limited) C:\Windows\system32\s300u-x64.dll
2018-06-05 12:15 - 2007-05-23 19:57 - 002873856 _____ (PFU Limited) C:\Windows\system32\ijl5s300-x64.dll
2018-06-05 12:15 - 2007-05-23 19:57 - 000695296 _____ (PFU Limited) C:\Windows\system32\ippi5s300-x64.dll
2018-06-05 12:11 - 2018-06-05 12:11 - 012030008 _____ (Macrovision Corporation) C:\Users\tektonic\Downloads\WinSSInstiX500WW1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-13 13:42 - 2017-01-18 12:08 - 000000000 ____D C:\temp
2018-06-13 13:42 - 2017-01-13 19:23 - 000068792 _____ C:\Windows\system32\driverslist.csv
2018-06-13 13:03 - 2017-01-13 13:39 - 002104256 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 12:59 - 2017-01-16 15:08 - 000005504 _____ C:\Windows\system32\config\netlogon.dnb
2018-06-13 12:59 - 2017-01-16 15:08 - 000002039 _____ C:\Windows\system32\config\netlogon.dns
2018-06-13 12:56 - 2016-07-16 09:23 - 000000000 ____D C:\Windows\system32\inetsrv
2018-06-13 12:54 - 2017-01-16 15:12 - 000000000 ____D C:\Windows\system32\dhcp
2018-06-13 12:54 - 2017-01-13 17:27 - 000000000 ____D C:\Windows\system32\dns
2018-06-13 12:54 - 2017-01-13 13:39 - 000000000 ____D C:\ProgramData\ScreenConnect Client (1f5c07f456f90ea6)
2018-06-13 12:54 - 2017-01-13 13:38 - 000000000 ____D C:\Windows\LTSvc
2018-06-13 12:53 - 2017-01-16 15:04 - 000000000 ____D C:\Windows\NTDS
2018-06-13 12:53 - 2016-09-12 07:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 12:51 - 2016-07-16 02:04 - 000065536 _____ C:\Windows\system32\config\BBI
2018-06-13 05:03 - 2017-07-28 14:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-12 16:59 - 2017-07-28 14:09 - 000000000 ____D C:\Users\tekadmin\AppData\LocalLow\Mozilla
2018-06-12 16:39 - 2017-07-28 14:00 - 000001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-12 16:39 - 2017-07-28 14:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-12 11:15 - 2016-07-16 09:02 - 000000000 ____D C:\Windows\CbsTemp
2018-06-06 11:16 - 2018-02-16 15:32 - 000000000 ____D C:\Users\tektonic\AppData\LocalLow\Mozilla
2018-06-05 12:25 - 2017-01-13 13:38 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-05 12:21 - 2017-01-13 19:26 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-05 12:15 - 2016-07-16 09:21 - 000000000 ____D C:\Windows\INF
2018-05-31 05:31 - 2018-02-15 06:15 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-05 08:48

==================== End of FRST.txt ============================

Code: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by tekadmin (13-06-2018 13:43:29)
Running from C:\temp
Windows Server 2016 Standard (X64) (2017-01-13 17:26:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-783996073-3661138892-2859915239-500 - Administrator - Disabled)
Guest (S-1-5-21-783996073-3661138892-2859915239-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
DefaultAccount (S-1-5-21-783996073-3661138892-2859915239-503 - Limited - Disabled)
SM_61d62f9fe56348adb (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_ae0fb2e7b6004ce99 (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_085a822591b94535a (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SM_b1cb438c695e46f0a (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Standard User (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
WebWorkplaceTools (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Admin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
spfarm (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
spsearch (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
spwebapp (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
SBSMonAcct (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Lori (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
Brenda (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
office (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ian (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ORCGA.Office (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
jenniferp (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
tektonic (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
tekadmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
kim (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Colleen (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
keith (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
douglas (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MFP (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Ashleigh (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Saskia (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GROUNDHOG$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
LODOHERTY-DTXP$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
BDOBRINDT-DTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
JDLAPTOP-LTW7$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPARE-LTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
IAN-LTW7$ (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-003$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-002$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-004$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-SVR01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ORCGA-NB-005$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ESET File Security (HKLM\...\{E52C532B-4733-4E80-BD85-B8A34DAC5949}) (Version: 4.5.12017.0 - ESET, spol. s r.o.)
HP Lights-Out Online Configuration Utility (HKLM\...\{BB0164BD-7152-418A-B2F4-C998695D4C3B}) (Version: 4.8.0.0 - Hewlett Packard Enterprise)
HPE Insight Management WBEM Providers (HKLM\...\{8350FDC7-CC18-470E-9C20-8777A138CD90}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP) Hidden
HPE Insight Management WBEM Providers for Windows Server x64 Editions (HKLM\...\HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}) (Version: 10.60.0.0 - Hewlett-Packard Company)
HPE ProLiant Agentless Management Service (HKLM\...\{E9B2359A-D58A-45BE-B5E3-7BF537984B96}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP) Hidden
HPE ProLiant Agentless Management Service (HKLM\...\HP-{EDE88CBB-3384-4DDA-B23B-7E54A3F4344F}) (Version: 10.60.0.0 - Hewlett Packard Enterprise Development LP)
HPE System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 7.6.0 - Hewlett Packard Enterprise Development LP)
iLO 3/4 Core Driver (X64) (HKLM\...\{1765AAA8-F827-4350-AA97-F788DF14EC5E}) (Version: 3.30.0.0 - Hewlett Packard Enterprise) Hidden
iLO 3/4 Management Controller Driver Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.30.0.0 - Hewlett Packard Enterprise)
Integrated Management Log Viewer (HKLM\...\{8336B287-BD7B-4C90-A698-B6DEC236F7E2}) (Version: 7.8.0.0 - Hewlett Packard Enterprise)
LabTech® Software Remote Agent (HKLM-x32\...\{3f460d4c-d217-46b4-80b6-b5ed50bd7cf5}) (Version: 11.0.345 - LabTech® Software, LLC) Hidden
LabTech® Software Remote Agent (HKLM-x32\...\{fd6de56a-340b-439b-8771-4e95b28e5a70}) (Version: 11.0.345 - LabTech® Software, LLC) Hidden
Matrox Graphics Software (remove only) (HKLM-x32\...\Matrox Vista Driver Uninstaller) (Version: 4.3.1.5 - Matrox Graphics Inc.)
MergeModule2012 (HKLM\...\{3E0D2B4B-CA5F-40D6-B0AE-648008897125}) (Version: 1.0.0 - Microsoft) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
PFA Server Registry Update (HKLM\...\{4EFD5C50-351F-4BA8-AC7C-9BF58DFADF0A}) (Version: 1.5.0.0 - Hewlett Packard Enterprise)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.2.0.604 - Schneider Electric)
PowerChute Business Edition Console (HKLM-x32\...\{0F86FD09-BA63-4E45-A70B-604C1106C2F2}) (Version: 9.2.0.604 - Schneider Electric)
PowerChute Business Edition Server (HKLM-x32\...\{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}) (Version: 9.2.0.604 - Schneider Electric)
ProLiant Monitor Service (X64) (HKLM\...\{24852FC1-8C73-4066-AB2C-88EBEBAF9309}) (Version: 3.30.0.0 - Hewlett Packard Enterprise) Hidden
ScanSnap Manager (HKLM-x32\...\{10849A02-8B94-4943-A0B9-6F198486239A}) (Version: 6.5.61.2.2 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{C3F4BE6A-B798-4B50-99CA-B8B8F17FE56B}) (Version: 6.5.40.4.6 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L61 - PFU)
ScreenConnect Client (1f5c07f456f90ea6) (HKLM-x32\...\{104F01F0-A0E1-4C3B-9BE7-0BD28D53C090}) (Version: 6.4.15361.6527 - ScreenConnect Software)
ShadowSnap (HKLM\...\ShadowSnap) (Version: 3.4.1. - )
Smart Storage Administrator (HKLM\...\{814FCDC8-00CF-4E2C-8FC3-D38ABAF2B745}) (Version: 2.60.18.0 - Hewlett Packard Enterprise Development LP)
Smart Storage Administrator Diagnostics and SmartSSD Wear Gauge Utility (HKLM\...\{7F765BEE-B5C9-4BFA-B51C-DBCE3AF25B54}) (Version: 2.60.18.0 - Hewlett Packard Enterprise Development LP)
STAS 2.2.1.0 Release (HKLM-x32\...\{F0E51076-0255-43F3-ABF3-172E097C9476}}_is1) (Version:  - Sophos Ltd.)
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 5.0.1.23057 - StorageCraft Technology Corporation (STC))
WinDirStat 1.1.2 (HKU\.DEFAULT\...\WinDirStat) (Version:  - )
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers3: [ShellExt] -> {016EFC4B-2906-4687-B0AC-ACDF94097FEC} => C:\Program Files (x86)\StorageCraft\ShadowProtect\sbimgmnt.dll [2017-01-18] (StorageCraft Technology Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET File Security\shellExt.dll [2014-08-21] (ESET)
ContextMenuHandlers6: [ShellExt] -> {016EFC4B-2906-4687-B0AC-ACDF94097FEC} => C:\Program Files (x86)\StorageCraft\ShadowProtect\sbimgmnt.dll [2017-01-18] (StorageCraft Technology Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task
Task: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {44A930C4-ABC4-4789-9A74-101F3A778685} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {5243CFA4-A58B-424F-8B30-3BD587AA7DB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {5F8FBF01-5B55-4809-A1C7-A32A71102A4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {6915DB72-09BF-422F-814A-B6BB29AE5D43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {A4383CAF-36FC-413F-B492-9B1DAA1098E6} - System32\Tasks\Microsoft\Windows\RemoteAccess\RaConfigTask
Task: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2016-07-16] (Microsoft Corporation)
Task: {E0A67649-21C8-4620-81A8-EACF01A98AC3} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 09:18 - 2016-07-16 09:18 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2018-05-03 10:44 - 2018-03-06 02:17 - 002681704 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000032768 _____ () C:\Program Files\HPWBEM\Storage\Service\CQMGSTOR.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000029696 _____ () C:\Program Files\HPWBEM\Storage\Service\cqstrutl.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000057856 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMSCSI.DLL
2016-09-02 01:53 - 2016-09-02 01:53 - 000041472 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMDISK.dll
2016-09-02 01:53 - 2016-09-02 01:53 - 000055808 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQSAS.DLL
2016-08-31 12:29 - 2016-08-31 12:29 - 000255488 _____ () C:\Program Files\Smart Storage Administrator\ssa\bin\ssaresponder.exe
2016-09-14 11:30 - 2016-09-14 11:30 - 000357216 _____ () C:\Program Files\Hewlett-Packard\AMS\service\w2kmgAMS.dll
2017-11-14 17:34 - 2017-11-14 17:34 - 000089368 _____ () C:\Program Files (x86)\ScreenConnect Client (1f5c07f456f90ea6)\ScreenConnect.ClientService.exe
2017-01-18 12:10 - 2017-01-18 12:10 - 004408008 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
2016-09-14 11:28 - 2016-09-14 11:28 - 000046432 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CQMGSTOR.dll
2016-09-14 11:27 - 2016-09-14 11:27 - 000041824 _____ () C:\Program Files\Hewlett-Packard\AMS\service\cqstrutl.dll
2016-09-14 11:29 - 2016-09-14 11:29 - 000058208 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQIDE.DLL
2016-09-14 11:28 - 2016-09-14 11:28 - 000055648 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQMDISK.dll
2016-09-14 11:29 - 2016-09-14 11:29 - 000069472 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQMSCSI.DLL
2016-09-14 11:29 - 2016-09-14 11:29 - 000067424 _____ () C:\Program Files\Hewlett-Packard\AMS\service\CPQSAS.DLL
2017-01-13 19:27 - 2016-09-17 03:05 - 001406976 _____ () C:\hp\hpsmh\bin\libxml2.dll
2015-11-06 00:41 - 2015-11-06 00:41 - 004538160 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
2016-07-16 09:19 - 2017-02-05 12:56 - 000176832 _____ () C:\Windows\System32\sqlctrWID.dll
2017-01-13 19:27 - 2016-09-17 03:05 - 001406976 _____ () C:\hp\hpsmh\modules\libxml2.dll
2017-01-13 19:27 - 2016-09-17 03:04 - 000076288 _____ () C:\hp\hpsmh\modules\zlib1.dll
2017-01-13 14:20 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 03:09 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-05-03 10:42 - 2018-03-06 01:18 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-05-03 10:43 - 2018-03-06 01:07 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-03 10:44 - 2018-03-06 01:06 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-05-03 10:42 - 2018-03-06 01:07 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-05-03 10:42 - 2018-03-06 01:12 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-16 12:08 - 2015-03-20 13:04 - 000036864 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\ApcUsb_ul.dll
2014-06-01 17:17 - 2014-06-01 17:17 - 000087552 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ctypes.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000713216 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_hashlib.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000046080 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_socket.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 001159680 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ssl.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000098816 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32api.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000110080 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pywintypes27.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000358912 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pythoncom27.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000042496 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32service.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000027648 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\servicemanager.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000031232 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_psutil_mswindows.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000127488 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pyexpat.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000033792 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32evtlog.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000108544 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32security.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000018432 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32event.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000027136 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_multiprocessing.pyd
2013-10-30 20:23 - 2013-10-30 20:23 - 000010240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cprocessors.pyd
2013-10-30 20:23 - 2013-10-30 20:23 - 000011776 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cresultproxy.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000048128 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_sqlite3.pyd
2015-11-04 15:24 - 2015-11-04 15:24 - 000427008 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlite3.dll
2013-07-17 12:34 - 2013-07-17 12:34 - 000111616 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32file.pyd
2013-07-17 12:34 - 2013-07-17 12:34 - 000024064 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32pipe.pyd
2014-06-01 17:17 - 2014-06-01 17:17 - 000010240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\select.pyd
2015-11-04 14:33 - 2015-11-04 14:33 - 001802752 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\cryptography.hazmat.bindings._openssl.pyd
2015-11-04 14:33 - 2015-11-04 14:33 - 000105472 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_cffi_backend.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000098816 _____ () C:\Windows\TEMP\_MEI30282\win32api.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000110080 _____ () C:\Windows\TEMP\_MEI30282\pywintypes27.dll
2018-06-13 12:54 - 2018-06-13 12:54 - 000358912 _____ () C:\Windows\TEMP\_MEI30282\pythoncom27.dll
2018-06-13 12:54 - 2018-06-13 12:54 - 000042496 _____ () C:\Windows\TEMP\_MEI30282\win32service.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000027648 _____ () C:\Windows\TEMP\_MEI30282\servicemanager.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000018432 _____ () C:\Windows\TEMP\_MEI30282\win32event.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000040960 _____ () C:\Windows\TEMP\_MEI30282\_socket.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000721920 _____ () C:\Windows\TEMP\_MEI30282\_ssl.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000009728 _____ () C:\Windows\TEMP\_MEI30282\select.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000074240 _____ () C:\Windows\TEMP\_MEI30282\_ctypes.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000285184 _____ () C:\Windows\TEMP\_MEI30282\_hashlib.pyd
2018-06-13 12:54 - 2018-06-13 12:54 - 000103424 _____ () C:\Windows\TEMP\_MEI30282\pyexpat.pyd
2018-06-05 12:15 - 2016-12-13 14:08 - 002016256 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2018-06-05 12:15 - 2016-07-07 13:45 - 001808384 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2018-06-05 12:15 - 2003-03-26 18:46 - 000135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2018-06-05 12:15 - 2010-08-24 16:56 - 000167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2018-06-05 12:15 - 2013-03-12 09:43 - 000888832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (1f5c07f456f90ea6) => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 09:23 - 2017-01-13 18:59 - 000000822 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2823576333-3400771406-2437102632-1156\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2823576333-3400771406-2437102632-1187\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-80-1184457765-4068085190-3456807688-2200952327-3769537534\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{7B9059A3-9E51-4915-850A-5504604D1F97}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{AB2FCF12-9052-40E7-9DD9-835331ACB3C8}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{DAD2C735-1679-4F6A-93B8-380572FBE845}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [{F3F1739F-EC80-4BD8-BFC2-681B308374DE}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [{9494C56D-5BF0-4E04-915D-91A8BD4014AD}] => (Allow) LPort=25566
FirewallRules: [{72DAB2F8-36BB-44A6-95B6-C6115D225FD5}] => (Allow) LPort=25566
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe
FirewallRules: [Microsoft-Windows-RemoteAccess-RemRras-RPC-In] => (Allow) %systemroot%\system32\remrras.exe
FirewallRules: [Microsoft-Windows-RemoteAccess-IasHost-RPC-In] => (Allow) %systemroot%\system32\iashost.exe
FirewallRules: [{B2CF806A-DEB7-4AEF-8F97-017619E0A4FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB9F407E-7449-4383-88F9-DF97BDF5D020}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{482F19B4-1AFD-43C7-AE66-B8BD832C4EFA}] => (Allow) LPort=6677
FirewallRules: [{274D6D6B-8EC7-431A-89E9-7CD5826A8D0D}] => (Allow) LPort=50001
FirewallRules: [{F241F5BE-1D39-4D8A-91DE-9DC0EBAF4589}] => (Allow) LPort=27015
FirewallRules: [{42A8C905-5086-4FAD-A72C-93061B058C9F}] => (Allow) LPort=42004
FirewallRules: [{1529D743-2F0E-4CBC-B919-B4ACC0877AF1}] => (Allow) LPort=4999
FirewallRules: [{E8DCF8D0-1073-4015-A29F-B9A0ED3A3C2B}] => (Allow) C:\Windows\LTSvc\LTSVC.exe
FirewallRules: [{5D192A53-ED85-435F-99F2-BFCBAA5A118F}] => (Allow) C:\Windows\LTSvc\LTSVC.exe
FirewallRules: [{B609B263-FA37-4A5F-9AB9-82F96D869CB0}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe
FirewallRules: [{F060B312-2807-4D46-B696-ACBCBC304365}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe
FirewallRules: [{1A5EA1A9-60F3-4FF8-B34F-87D82083382A}] => (Allow) C:\Windows\LTSvc\LTTray.exe
FirewallRules: [{C2E044A9-EB50-4D23-BE4B-D4E0AD1BA2F9}] => (Allow) C:\Windows\LTSvc\LTTray.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2018 12:56:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {f2dabfbf-d405-4668-89e1-8727be724b02}

Error: (06/13/2018 12:56:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {8d5194e1-e455-434a-b2e5-51296cce67df}
   Writer Name: WIDWriter
   Writer Instance Name: Microsoft SQL Server 2014:SQLWriter
   Writer Instance ID: {82a6d582-0bb6-4086-9957-87e164778e27}

Error: (06/13/2018 12:55:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 12:54:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f041c420-64ab-4d73-96b0-f68349f4bcf5}

Error: (06/13/2018 12:45:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 10:08:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/13/2018 09:00:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ORGCA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/13/2018 05:06:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.


Operation:
   Initializing Writer

Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {fe420382-6a71-48af-8f9d-b70240943285}


System errors:
=============
Error: (06/13/2018 01:24:17 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:24:15 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:24:13 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.111 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:16 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.4 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:11 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:09 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:23:07 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.119 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).

Error: (06/13/2018 01:22:45 PM) (Source: DCOM) (EventID: 10028) (User: ORGCA)
Description: DCOM was unable to communicate with the computer 192.168.2.4 using any of the configured protocols; requested by PID     11bc (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).


Windows Defender:
===================================
Date: 2018-04-23 20:08:45.493
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {431F8F8B-3131-4A3C-AFD5-2F2488736EA8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-07 05:31:21.866
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.865
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.861
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:21.861
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2018-05-07 05:31:13.806
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.267.834.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14800.3
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2018-05-31 05:31:32.605
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-31 05:31:32.603
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 22:56:05.455
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-27 22:56:05.446
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:44:50.243
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:44:50.241
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:14:14.247
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18038-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 22:14:14.246
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18038-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 7934.11 MB
Available physical RAM: 5052.25 MB
Total Virtual: 9214.11 MB
Available Virtual: 6015.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:833.6 GB) (Free:688.89 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:30.37 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Okay, before we proceed I am going to ask you that you create a full system backup, because I see a couple of potential issues, however, some of the fixes will include registry fixes and these can be fairly unpredictable, so I'd rather we have something to fall back on just in case.

Thanks.
 
I will be sure to tell you when I begin fixing things, for now I'm just gathering data.

Are you having issues with System Restore?


When able, please do the following:

Step#1 - Capture Process Monitor Trace
 1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Cause the error just like you have in the past.
3. Stop Process Monitor as soon as Windows Update fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.
11908d1430506241-windows-updates-fail-repeatedly-stop-jpg


4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and attach the LogFile.PML file as well as your CBS.log.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top