Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting BSOD from faulty update


  • Please log in to reply

#1
riciuxas

riciuxas

    New Member

  • Member
  • Pip
  • 1 posts

After a bad update (possibly due to PC not being updated for a long time), I am getting BSOD. FRST64 reports that I'm missing LPK.DLL. Can someone point out which of files should I copy over? FRST scan log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by SYSTEM on MININT-9N64TRL on 20-07-2015 10:32:14
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\valerijus\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe -update plugin
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [2685640 2015-05-05] (ESET)
S2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-10-27] (http://www.ocsinventory-ng.org)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2015-07-19] (secr9tos)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 034F0402742AE377907AF7C698060E15
C:\Windows\System32\drivers\ACPI.sys 5133A75EE744C6DF4288FF775575ABCC
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys DCC8177244FE79C61C4E73C65E63922A
C:\Windows\System32\DRIVERS\atikmpag.sys 7FE67D107329DC2CF89136A8E19BCEB7
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys D50B14C87DDD0068BFF6F103A7A0FFEE
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 1A986E433B8EB2375F55961D993746B3
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys FDF5EAD19FD8B2D0C50A9CCDD7836F9E
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys E277572E61604D174CFBCFCCEAFA9591
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 73C4B7300B1D3C518BF3286D7102A3A5
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys A935432429948DC39F4C3B03031BB100
C:\Windows\System32\Drivers\ksecdd.sys E2A74E21F4362A36C5610CAE4FA0B3F7
C:\Windows\System32\Drivers\ksecpkg.sys 2D466699839F92FD5B5BFF734A391291
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8F23520AC943335FA7A6A910EB0A929A
C:\Windows\system32\drivers\mpio.sys 4A73C2225A03CA3B202E1220B67FB157
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys 4F42C9CE2BD3444B1B98593A2DFBC547
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A6AE4551BF8EED09FA3B6FCDF472F3E1
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\oem-drv64.sys 0EA497FDBD2F465620F11F5115EED409
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys 15BB1CBE658C64F11B43A8F448F21ED3
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys 77682DE44B334E6AAFCD0ED61FB7404F
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys CB98D2472334DA666D97577A147E3144
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9E53D41BD99BEB981180978C4AE0BDEB
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys A115F49BEA840A5F049BC6310F35F776
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys CDF622EFC748F82EA9571138406871EA
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\Synth3dVsc.sys 96E6D1CDA59FD9FF53C3C474CFFF4A55
C:\Windows\System32\drivers\tcpip.sys B27F13153343BC37A27EAE01634D94E1
C:\Windows\System32\DRIVERS\tcpip.sys B27F13153343BC37A27EAE01634D94E1
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 689EDE95BBAAC3F3209190EBCB4B2D22
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 19AD7990C0B67E48DAC5B26F99628223
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 453DA9639D980E3B845F6D4910B98642
C:\Windows\System32\DRIVERS\usbhub.sys 8B892002D7B79312821169A14317AB86
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 36106AC439EDFBB7B8BDBF99079C7590
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VClone.sys 3EEBF3C348C3DEB4CF6F10F2E6E222CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys 7C6C3ECA3B95D431BCD62B3ADCD8FA34
C:\Windows\System32\drivers\volmgrx.sys 2E8E56B115B2AED2014CC4DFF6B74F89
C:\Windows\System32\drivers\volsnap.sys 33A1623EE5977F09F5DDF6DF288CD6AF
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 226028D956C43CE4D8DDFFA89873E890
C:\Windows\System32\DRIVERS\wanarp.sys 226028D956C43CE4D8DDFFA89873E890
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 10:30 - 2015-07-20 10:32 - 00000000 ____D C:\FRST
2015-07-17 02:04 - 2015-07-17 02:33 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\garaze
2015-07-16 04:11 - 2015-07-16 04:11 - 00111536 _____ C:\Users\ricard\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-16 04:11 - 2015-07-15 22:12 - 03298367 _____ C:\Users\ricard\Desktop\fix.msu
2015-07-16 04:10 - 2015-07-16 04:10 - 00000000 ____D C:\Users\ricard\AppData\Local\VirtualStore
2015-07-16 04:09 - 2015-07-20 08:55 - 00000000 ____D C:\users\ricard
2015-07-16 04:09 - 2010-12-12 02:49 - 00000121 _____ C:\Users\ricard\Desktop\infolex.url
2015-07-16 04:07 - 2015-07-16 04:07 - 00007597 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-07-13 21:51 - 2015-07-14 02:16 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\zdjecia z wesela BE
2015-07-13 02:52 - 2015-07-20 09:19 - 00000000 ____D C:\ProgramData\ESET
2015-07-13 02:52 - 2015-07-20 09:19 - 00000000 ____D C:\Program Files\ESET
2015-07-13 02:52 - 2015-07-13 02:53 - 00359584 _____ C:\Windows\ra-agent-install.log
2015-07-10 00:01 - 2015-07-10 00:03 - 00000000 ____D C:\Users\elzbieta_tetianec\Tarybos nariu zenkliukai
2015-07-09 05:18 - 2015-07-16 23:58 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\Derliaus svente 2015
2015-07-03 03:13 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 04:28 - 2015-07-02 04:28 - 00000000 ____D C:\Users\valerijus\AppData\Local\Macromedia
2015-07-02 04:28 - 2010-12-12 02:49 - 00000121 _____ C:\Users\valerijus\Desktop\infolex.url
2015-07-02 04:07 - 2015-07-02 04:07 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\elzbieta_tetianec\Downloads\flashplayer18_ga_install.exe
2015-06-29 00:42 - 2015-06-28 23:24 - 116305811 _____ C:\Users\elzbieta_tetianec\Rejon Solecznicki. Tam, gdzie wschodzi słońce Europy..mp4
2015-06-21 23:39 - 2015-07-08 02:59 - 00000000 ____D C:\Users\elzbieta_tetianec\Biografia mera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 09:26 - 2014-05-15 02:53 - 00000000 ____D C:\users\elzbieta_tetianec
2015-07-20 09:26 - 2013-09-30 06:01 - 00000000 ____D C:\users\violeta_baranovska
2015-07-20 09:26 - 2013-09-30 05:57 - 00000000 ____D C:\users\valerijus
2015-07-20 09:26 - 2013-09-25 13:18 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-20 09:26 - 2013-09-23 14:53 - 00000000 ____D C:\Windows\System32\Macromed
2015-07-20 09:26 - 2013-09-20 12:42 - 00000000 ____D C:\users\Administrator
2015-07-20 09:26 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2015-07-20 09:26 - 2010-11-20 23:16 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-20 09:26 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\schemas
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-20 09:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2015-07-20 09:25 - 2014-05-15 05:05 - 00000000 ____D C:\Users\valerijus\Desktop\office2013
2015-07-20 09:25 - 2013-10-02 22:40 - 00000000 ____D C:\Program Files (x86)\OCS Inventory Agent
2015-07-20 09:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-07-20 09:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-20 09:25 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-20 09:19 - 2014-05-15 21:49 - 00000000 ___RD C:\Users\elzbieta_tetianec\_____Elzbieta
2015-07-19 22:34 - 2013-09-20 13:33 - 00042496 _____ (secr9tos) C:\Windows\System32\Drivers\oem-drv64.sys
2015-07-17 14:17 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-17 03:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-07-17 02:58 - 2013-10-01 05:42 - 00000240 _____ C:\Windows\System32\config\netlogon.ftl
2015-07-17 02:37 - 2014-05-15 05:02 - 00000000 ____D C:\Users\elzbieta_tetianec\Documents\Outlook Files
2015-07-16 03:59 - 2015-01-22 01:26 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\StuFf
2015-07-14 01:28 - 2015-05-13 05:05 - 00005030 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {d7c7e321-57d3-47ac-8b25-d4a31cf50e6a} PATAREJAS-KDV2.salcininkai.sav
2015-07-14 01:00 - 2013-09-23 14:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 00:39 - 2013-09-20 02:37 - 01908302 _____ C:\Windows\WindowsUpdate.log
2015-07-13 22:39 - 2009-07-13 20:51 - 00112921 _____ C:\Windows\setupact.log
2015-07-13 21:52 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2015-07-13 21:11 - 2009-07-13 20:45 - 00026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:11 - 2009-07-13 20:45 - 00026576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 21:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 21:03 - 2010-11-20 19:47 - 00008248 _____ C:\Windows\PFRO.log
2015-07-12 21:01 - 2013-09-30 06:01 - 00004312 __RSH C:\ProgramData\ntuser.pol
2015-07-10 00:02 - 2015-01-19 04:38 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\_______WIZY NA BIALORUS______
2015-07-10 00:01 - 2015-05-11 03:54 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\ZPL konferencja 2015
2015-07-09 23:59 - 2015-03-18 03:49 - 00000000 ____D C:\Users\elzbieta_tetianec\Desktop\Alpera
2015-07-09 01:00 - 2013-09-23 14:53 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 01:00 - 2013-09-23 14:53 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 01:00 - 2013-09-23 14:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 00:05 - 2015-04-02 03:47 - 00000000 ____D C:\Users\elzbieta_tetianec\wielkanoc
2015-07-07 21:05 - 2014-11-03 00:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 04:30 - 2013-10-02 21:34 - 00000000 ____D C:\Users\valerijus\AppData\Local\Adobe
2015-07-02 04:09 - 2014-05-19 03:46 - 00000000 ____D C:\Users\elzbieta_tetianec\AppData\Local\Adobe

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ose00000.exe
C:\Users\violeta_baranovska\AppData\Local\Temp\install_reader11_ru_gtba_chra_dy_aaa_aih[1].exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2011-07-09 00:41] - [2011-07-09 00:41] - 0390656 ____A (Microsoft Corporation) BAEDB39886EB4BD51990EE2B7893E806

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-07-09 00:24] - [2011-07-09 00:24] - 0512000 ____A (Microsoft Corporation) 225EFEE8960E554F3AB9A4A91790C039

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2011-07-09 02:24] - [2011-07-09 02:24] - 0296320 ____A (Microsoft Corporation) 33A1623EE5977F09F5DDF6DF288CD6AF



nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2015-07-14 01:28:52
Restore point made on: 2015-07-14 21:38:12
Restore point made on: 2015-07-16 02:47:49
Restore point made on: 2015-07-17 00:36:41

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {5453162f-223c-11e3-8a51-dd9fc990ef28}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\System32\xOsLoad.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
nointegritychecks       Yes
osdevice                partition=C:
systemroot              \Windows
kernel                  xNtKrnl.exe
resumeobject            {5453162f-223c-11e3-8a51-dd9fc990ef28}
nx                      OptIn
custom:26000027         Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\54531631-223c-11e3-8a51-dd9fc990ef28\Winre.wim,{54531632-223c-11e3-8a51-dd9fc990ef28}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\54531631-223c-11e3-8a51-dd9fc990ef28\Winre.wim,{54531632-223c-11e3-8a51-dd9fc990ef28}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {5453162f-223c-11e3-8a51-dd9fc990ef28}
device                  partition=C:
path                    \Windows\System32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {54531632-223c-11e3-8a51-dd9fc990ef28}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\54531631-223c-11e3-8a51-dd9fc990ef28\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 4095.11 MB
Available physical RAM: 3465.71 MB
Total Virtual: 4093.3 MB
Available Virtual: 3454.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:241.07 GB) NTFS
Drive f: () (Removable) (Total:7.48 GB) (Free:7.48 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 93C893C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-07-12 21:44

==================== End of log ============================

FRST search log:

Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by SYSTEM at 2015-07-20 10:41:54
Running from D:\
Boot Mode: Recovery

================== Search Files: "LPK.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21732_none_12bfc67ebeb64bad\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21732_none_086b1c2c8a5589b2\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

C:\Windows\SysWOW64\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85

X:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2010-11-20 01:50][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

X:\Windows\System32\lpk.dll
[2010-11-20 01:50][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70

====== End of Search ======

  • 0

Advertisements


#2
Dashing star

Dashing star

    Member

  • Member
  • PipPipPip
  • 722 posts

Hello riciuxas   :welcome:,

 

If you think this is a malware issue and still your computer is booting then start a new topic here by explaining your issue!

 

If your pc is not booting then post here.

 

or

 

it is just a BSOD issue please continue in this forum itself by explaining the issue further and follow my steps.

 

Download then run Speccy (free) and post the resultant url for us, details here,  this will provide us with information about your computer hardware + any software that you have installed that may explain the present issue/s.

 

Regards
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP