Event ID - 3004

Event Id3004
DescriptionWindows is unable to verify the image integrity of the file %2 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Event InformationAccording to Microsoft :
Cause :
This event is logged when Windows is unable to verify the image integrity of the file because file hash could not be found on the system.
Resolution :
Replace unsigned kernel-mode driver on x64-based operating system
Every kernel-mode driver must be digitally-signed on x64-based computers.
If the driver is not from Microsoft, you should consult the manufacturer to see if a digitally signed x64-based version is available. If a x64-based version of the file exists, you can update it by using Device Manager.
If the kernel-model driver is from Microsoft and is included with the initial installation of Windows, you should replace the driver by using Startup Repair.
To use Startup Repair to replace a kernel-mode driver:
1.Insert the Windows product disc.
2.Restart the computer.
3.When prompted, press any key to start the computer from the Windows product disc.
4.Choose the appropriate language settings, and then click Next.
5.Click Repair your computer.
6.Select the operating system you want to repair, and then click Next.
7.On the System Recovery Options menu, click Startup Repair.
8.When Startup Repair is complete, restart the computer.
Verify :
You can verify that a kernel-mode driver was successfully validated and loaded by checking its driver status using the command prompt.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify a kernel-mode driver was successfully validated and loaded:
1.Click Start, point to All Programs, point to Accessories.
2.Right-click Command Prompt, and then click Run as administrator.
3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
4.Type sc query type= driver, and then press ENTER.
5.In the list, find the appropriate driver and ensure that 4 RUNNING is displayed in the STATE column.
Note: If you know the driver name, type ,sc querydriver, where driver is the name of the driver file without the extension, at the command prompt, and then press ENTER.
Reference LinksEvent ID 3004 from Microsoft-Windows-CodeIntegrity

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.