BSOD after automatic shutdown due to overheating processor

PaulVdB · 22 May 2013

VistaKing said:

What file does it stop at when you try to boot into Safe Mode ? Tap on the F8 key while the PC is booting up on the Advanced Boot Options window choose Safe Mode . Use the Down arrow and press the <ENTER> key on Safe Mode you will see a black screen with white scrolling down. Let me know what file it hangs on .

OK, lemme first do a chkdsk

PaulVdB · 22 May 2013

OK, I'll do the chkdsk later. Here's a pic of booting in safe mode.
After this, the computer reboots...

PaulVdB · 22 May 2013

and here's the results of chkdsk and chkdsk /F

VistaKing · 22 May 2013

PaulVdB

Your Safe Mode stops and restarts on an Avast antivirus driver .

Lets check something

Warning

You will need a USB FLASH DRIVE

Tip

Download the Tool from a non infected PC

Download Farbar Recovery Scan Tool

Here

Farbar Recovery Scan Tool Download

Click on the Download Now button that goes with your bit version

Note

Click the

button and right-click Computer .Select Properties .Look for System Type: which will say 32-bit Operating System or 64-bit Operating System

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note

Replace letter e with the drive letter of your flash drive.

Tip

Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:

Diskpart
List volume

The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)

PaulVdB · 22 May 2013

Thanks Vistaking. I'll do what you propose. I will have to take pictures from the frst.txt files because I can't go into Windows ... (posting here via my laptop...)

VistaKing · 22 May 2013

If you use the flash drive the txt files will be created in the USB flash drive . All you do is unplug the drive from the issued laptop and plug it into the one you're using right now to upload the files .

PaulVdB · 22 May 2013

I can only find the file FRST.txt. No Addition.txt to find on the stick...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by SYSTEM on 22-05-2013 22:21:04
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73984 2013-01-02] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [508256 2012-04-22] (Dolby Laboratories Inc.)

==================== Services (Whitelisted) =================

S4 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1126888 2012-08-22] (Acronis)
S4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3696632 2012-12-03] (Acronis)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-05] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
S4 ComodoBackupService; C:\Program Files (x86)\Comodo\BackUp\CmdBkSvc.exe [1023488 2012-11-26] (COMODO)
S4 CrossLoopService; C:\Users\Paul\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-05] (CrossLoop)
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
S3 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-09-18] (Nitro PDF Software)
S2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7017888 2012-08-18] (Acronis)
S3 tvnserver; C:\Users\Paul\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-20] (GlavSoft LLC.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2448032 2013-01-02] (Check Point Software Technologies LTD)
S4 PCPitstop Scheduling; E:\TOOLS\Test\PCPitstopScheduleService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] ()
S3 AODDriver; C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [52280 2010-03-11] (Advanced Micro Devices)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-09-05] ()
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] ()
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] ()
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] ()
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] ()
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] ()
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [15288 2011-06-15] ()
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-05-17] (Windows (R) Server 2003 DDK provider)
S1 GsRamDsk; C:\Windows\System32\DRIVERS\GsRamDsk.sys [57592 2012-09-22] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-10-01] ()
S0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39216 2012-10-04] (Paragon Software Group)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 SMIUSBAVCALL; C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys [153344 2011-09-27] (Windows (R) Win 7 DDK provider)
S0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [72216 2009-06-17] (SuperSpeed LLC)
S0 SscRdCls; C:\Windows\System32\DRIVERS\SscRdCls.sys [37376 2007-11-16] (SuperSpeed LLC)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2012-12-03] (Acronis)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-10-31] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-10-31] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-10-31] (Paragon)
S0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2012-12-03] (Acronis)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] ()
S3 ALSysIO; \??\C:\Users\Paul\AppData\Local\Temp\ALSysIO64.sys [x]
S0 fltsrv; system32\DRIVERS\fltsrv.sys [x]
S0 snapman; system32\DRIVERS\snapman.sys [x]
S0 tdrpman; system32\DRIVERS\tdrpman.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

PaulVdB · 22 May 2013

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys ABCF9C80EAACE03021BB7F450EB8993F
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 0B45C18B0F3EE996D25BAA4E74884B83
C:\Windows\System32\DRIVERS\atikmpag.sys 0E57258E5CC4CC7A9A9A877AFDF0CEC6
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\ampa.sys E3C6DAE5493E9B07EE98711D04D863FF
C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys B934322C68C30DCECA96C0274A51F7B0
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5B25D1A753CC3A3EDB909BB759AC1098
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys 4A0EDCA9BD0D24E7C424EE3C9D35A761
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 0A9CC122412F9D89A40823A0CD6BB572
C:\Windows\system32\drivers\aswMonFlt.sys 591368C8C13B045FD8B1F0BF3B0E9DCE
C:\Windows\System32\Drivers\aswrdr2.sys 9686F359E7C98891D082432A39558FA7
C:\Windows\System32\Drivers\aswRvrt.sys DE6759B8D8E62BF0FFF2B05F05AFCEE6
C:\Windows\System32\Drivers\aswSnx.sys EC23DB9DF022892D33692E1E3367740D
C:\Windows\System32\Drivers\aswSP.sys 8F39E869F622B929E819041CFE8E84B9
C:\Windows\System32\Drivers\aswTdi.sys 011E9C3EF69C281D31B09857050A539C
C:\Windows\System32\Drivers\aswVmm.sys 7E44C2684A6CA779B9D07CB4BD3F649D
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\system32\ddmdrv.sys F1BF87B19D32D68DC3A8B1C03F9861B5
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys DB6AEC32FAF5BD002D9ED6C38692D42B
C:\Windows\System32\Drivers\EtronXHCI.sys 9CC2F24274741E12F9DF92125EA6D6D8
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\gdrv.sys 7907E14F9BCF3A4689C9A74A1A873CB6
C:\Windows\System32\DRIVERS\GsRamDsk.sys B080A125BF4322E8F75CD951E783D09D
C:\Windows\GVTDrv64.sys 8126331FBD4ED29EB3B356F9C905064D
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hotcore3.sys F138A42D5B80C0EADC61DF71F6AB3E83
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C2F868881D48A568B525255F084EF063
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys BE72D2B3A99615F84E270C80F0A18448
C:\Windows\System32\DRIVERS\jraid.sys C0D9BA660A41EE8A269EF804E6CD0D7B
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys C435AC77704EB16E85C9D630F4D4B4F7
C:\Windows\System32\DRIVERS\Rt64win7.sys 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 3A09F31454DFEFBB124BAF378F90B636
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmiUsbGrabber3F.sys 4E8A85273F5D5D0867CA17FD62625D1E
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\SscRdBus.sys 2BFC755BBC02EC389A239777B9011C27
C:\Windows\System32\DRIVERS\SscRdCls.sys E204062201CAA6C163B9F9E02B7B4DB1
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\System32\DRIVERS\tcpip.sys F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tib_mounter.sys 31C9790525705B292F3B30F6676873CD
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uimx64.sys 9D93D9B3410EDFC62AA053EB849FC642
C:\Windows\System32\Drivers\Uim_IMx64.sys 37EE073A0DCB8CF20A09343AB0E939E7
C:\Windows\System32\Drivers\uim_vimx64.sys 660F699D745D5C004DFC343FEF50A011
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vididr.sys 927CBC96C4635F235301411E530FB56E
C:\Windows\System32\DRIVERS\vidsflt.sys 88B4E5C396003BCF479CA4D9BE851D57
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys 1065A957523ED51AAFFF737CC63010A6
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys C5F685A55CF9B8BDCB86B131C7FF9F60
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

PaulVdB · 22 May 2013

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\FRST
2013-05-19 18:17 - 2010-11-20 19:23 - 00383786 _RASH C:\bootmgr
2013-05-19 16:15 - 2013-05-18 21:12 - 00262144 ____A C:\Windows\System32\config\DEFAULT.myback
2013-05-19 16:14 - 2013-05-19 15:59 - 67895296 ____A C:\Windows\System32\config\SOFTWARE.myback
2013-05-19 16:13 - 2013-05-19 15:59 - 20709376 ____A C:\Windows\System32\config\SYSTEM.myback
2013-05-19 16:13 - 2013-05-18 21:23 - 00262144 ____A C:\Windows\System32\config\SAM.myback
2013-05-19 16:13 - 2013-05-18 13:00 - 00262144 ____A C:\Windows\System32\config\SECURITY.myback
2013-05-19 16:12 - 2013-05-18 21:12 - 00262144 ____A C:\Windows\System32\config\DEFAULT.mybak
2013-05-18 09:47 - 2013-05-18 09:47 - 00003488 ____N C:\bootsqm.dat
2013-05-17 05:33 - 2013-05-17 05:33 - 00001562 ____A C:\Users\Paul\Desktop\DirPrnInfo.txt
2013-05-17 05:30 - 2013-05-17 05:30 - 00000000 ____D C:\Users\Paul\AppData\Local\Karen's Power Tools
2013-05-17 05:28 - 2013-05-17 05:28 - 00000000 ____D C:\ProgramData\Karen's Power Tools
2013-05-16 10:05 - 2013-05-16 10:05 - 00000000 ____D C:\ProgramData\ProcessLasso
2013-05-16 10:04 - 2013-05-16 10:05 - 00000000 ____D C:\Users\Paul\AppData\Roaming\ProcessLasso
2013-05-15 10:51 - 2013-05-15 10:51 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Yahoo!
2013-05-15 10:38 - 2013-05-15 10:38 - 00000794 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2013-05-15 10:38 - 2013-05-15 10:38 - 00000000 ____D C:\ProgramData\Yahoo!
2013-05-15 10:30 - 2013-05-15 10:38 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-05-13 12:13 - 2013-05-13 12:14 - 00000000 ____D C:\Program Files (x86)\GUMC6DD.tmp
2013-05-01 14:03 - 2013-05-01 14:03 - 00001570 ____A C:\Users\Paul\Desktop\DivX Movies.lnk
2013-04-30 12:31 - 2013-04-30 12:31 - 00000000 ____D C:\Users\Paul\Skype download
2013-04-30 12:06 - 2013-05-15 13:05 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-04-30 12:06 - 2013-05-01 13:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-30 12:06 - 2013-04-30 12:06 - 00000000 ____D C:\ProgramData\Skype
2013-04-23 13:17 - 2013-04-23 13:17 - 00057920 ____A C:\Users\Paul\AppData\Roaming\Debut.dmp

==================== One Month Modified Files and Folders =======

2013-05-22 22:18 - 2013-05-22 22:18 - 00000000 ____D C:\FRST
2013-05-19 15:59 - 2013-05-19 16:14 - 67895296 ____A C:\Windows\System32\config\SOFTWARE.myback
2013-05-19 15:59 - 2013-05-19 16:13 - 20709376 ____A C:\Windows\System32\config\SYSTEM.myback
2013-05-18 23:59 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-05-18 23:59 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-05-18 21:23 - 2013-05-19 16:13 - 00262144 ____A C:\Windows\System32\config\SAM.myback
2013-05-18 21:12 - 2013-05-19 16:15 - 00262144 ____A C:\Windows\System32\config\DEFAULT.myback
2013-05-18 21:12 - 2013-05-19 16:12 - 00262144 ____A C:\Windows\System32\config\DEFAULT.mybak
2013-05-18 13:00 - 2013-05-19 16:13 - 00262144 ____A C:\Windows\System32\config\SECURITY.myback
2013-05-18 09:47 - 2013-05-18 09:47 - 00003488 ____N C:\bootsqm.dat
2013-05-18 08:45 - 2012-09-19 07:00 - 00000000 ____D C:\Users\Paul\AppData\Roaming\uTorrent
2013-05-18 08:18 - 2012-09-21 08:54 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-18 07:46 - 2012-09-18 08:27 - 01424369 ____A C:\Windows\WindowsUpdate.log
2013-05-18 07:22 - 2012-09-19 13:35 - 00001328 ____A C:\Windows\ulead32.ini
2013-05-18 07:12 - 2012-09-19 06:42 - 00000000 ____D C:\Users\Paul\AppData\Roaming\vlc
2013-05-17 13:55 - 2012-10-07 13:29 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2013-05-17 12:18 - 2012-09-21 08:54 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-17 05:33 - 2013-05-17 05:33 - 00001562 ____A C:\Users\Paul\Desktop\DirPrnInfo.txt
2013-05-17 05:30 - 2013-05-17 05:30 - 00000000 ____D C:\Users\Paul\AppData\Local\Karen's Power Tools
2013-05-17 05:28 - 2013-05-17 05:28 - 00000000 ____D C:\ProgramData\Karen's Power Tools
2013-05-17 01:12 - 2012-11-02 18:36 - 00000095 ____A C:\Users\Paul\.accessibility.properties
2013-05-17 01:12 - 2012-09-18 08:28 - 00000000 ____D C:\users\Paul
2013-05-17 01:08 - 2009-07-13 21:13 - 00782218 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-17 01:04 - 2013-04-13 04:40 - 00003930 ____A C:\Windows\setupact.log
2013-05-17 01:04 - 2012-09-18 10:10 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-05-17 01:04 - 2012-09-18 08:50 - 00000144 ____A C:\service.log
2013-05-17 01:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-16 10:12 - 2012-09-18 12:27 - 00000000 ____D C:\Users\Paul\Desktop\Tools
2013-05-16 10:05 - 2013-05-16 10:05 - 00000000 ____D C:\ProgramData\ProcessLasso
2013-05-16 10:05 - 2013-05-16 10:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\ProcessLasso
2013-05-15 13:05 - 2013-04-30 12:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Skype
2013-05-15 10:51 - 2013-05-15 10:51 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Yahoo!
2013-05-15 10:38 - 2013-05-15 10:38 - 00000794 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2013-05-15 10:38 - 2013-05-15 10:38 - 00000000 ____D C:\ProgramData\Yahoo!
2013-05-15 10:38 - 2013-05-15 10:30 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-05-15 07:51 - 2012-09-18 13:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 07:51 - 2012-09-18 13:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 12:14 - 2013-05-13 12:13 - 00000000 ____D C:\Program Files (x86)\GUMC6DD.tmp
2013-05-13 11:39 - 2013-04-18 15:36 - 00000030 ____A C:\Windows\Iedit.INI
2013-05-12 09:28 - 2009-07-13 18:34 - 00000694 ____A C:\Windows\win.ini
2013-05-12 09:28 - 2009-07-13 18:34 - 00000245 ____A C:\Windows\system.ini
2013-05-09 07:42 - 2012-09-22 09:55 - 00001085 ____A C:\Windows\UnitConverter.INI
2013-05-05 13:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-05 12:54 - 2012-09-22 10:17 - 00000000 ____D C:\Users\Paul\AppData\Roaming\TeraCopy
2013-05-05 10:55 - 2012-09-18 13:39 - 00000000 ___RD C:\Users\Paul\Desktop\Muziek
2013-05-04 09:13 - 2012-09-26 10:19 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Nitro PDF
2013-05-03 05:19 - 2012-09-20 11:00 - 00000000 ____D C:\Users\Paul\Desktop\Video
2013-05-01 14:03 - 2013-05-01 14:03 - 00001570 ____A C:\Users\Paul\Desktop\DivX Movies.lnk
2013-05-01 14:03 - 2012-09-24 06:50 - 00000000 ____D C:\ProgramData\DivX
2013-05-01 14:03 - 2012-09-24 06:50 - 00000000 ____D C:\Program Files (x86)\DivX
2013-05-01 14:02 - 2012-09-24 06:51 - 00000000 ____D C:\Program Files\DivX
2013-05-01 13:58 - 2012-09-18 13:17 - 00000000 ____D C:\ProgramData\Adobe
2013-05-01 13:45 - 2013-04-30 12:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-30 12:31 - 2013-04-30 12:31 - 00000000 ____D C:\Users\Paul\Skype download
2013-04-30 12:25 - 2012-09-19 07:29 - 00000000 ___RD C:\Users\Paul\Desktop\Commnicatie
2013-04-30 12:06 - 2013-04-30 12:06 - 00000000 ____D C:\ProgramData\Skype
2013-04-30 12:06 - 2012-09-19 12:21 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-30 12:01 - 2012-09-19 12:16 - 00000000 ____D C:\Users\Paul\AppData\Local\Windows Live
2013-04-23 13:17 - 2013-04-23 13:17 - 00057920 ____A C:\Users\Paul\AppData\Roaming\Debut.dmp
2013-04-22 13:26 - 2013-04-21 14:46 - 00000040 ____A C:\Users\Paul\AppData\Roaming\cdr.ini

==================== Known DLLs (Whitelisted) ================

[2012-09-18 10:00] - [2012-09-18 10:00] - 2144768 ____A () C:\Windows\System32\IERTUTIL.dll
[2012-09-18 10:00] - [2012-09-18 10:00] - 1793024 ____A () C:\Windows\SysWOW64\IERTUTIL.dll
[2012-09-18 10:00] - [2012-09-18 10:00] - 1346048 ____A () C:\Windows\System32\URLMON.dll
[2012-09-18 10:00] - [2012-09-18 10:00] - 1103872 ____A () C:\Windows\SysWOW64\URLMON.dll
[2012-09-18 10:00] - [2012-09-18 10:00] - 1392128 ____A () C:\Windows\System32\WININET.dll
[2012-09-18 10:00] - [2012-09-18 10:00] - 1129472 ____A () C:\Windows\SysWOW64\WININET.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-04 09:49:09
Restore point made on: 2013-05-12 10:01:41
Restore point made on: 2013-05-16 07:37:15

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {default}
displayorder {default}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Ultimate (recovered)
locale en-US
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ef7a0f39-c0a9-11e2-820b-806e6f6e6963}

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\08f616fc-ff9c-11e1-880b-e5f872038fcc\Winre.wim,{dc3457a8-c0e4-11e2-96b5-d4d0c75471a7}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[C:]\Recovery\08f616fc-ff9c-11e1-880b-e5f872038fcc\Winre.wim,{dc3457a8-c0e4-11e2-96b5-d4d0c75471a7}
systemroot \windows
winpe Yes

Resume from Hibernate
---------------------
identifier {ef7a0f39-c0a9-11e2-820b-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US

Device options
--------------
identifier {dc3457a8-c0e4-11e2-96b5-d4d0c75471a7}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\08f616fc-ff9c-11e1-880b-e5f872038fcc\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 5%
Total physical RAM: 32749.24 MB
Available physical RAM: 30865.7 MB
Total Pagefile: 32747.44 MB
Available Pagefile: 30869.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:55.8 GB) (Free:4.19 GB) NTFS (Disk=2 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive e: (OneTouch4 Plus) (Fixed) (Total:931.51 GB) (Free:82.16 GB) NTFS (Disk=3 Partition=1)
Drive f: (DJ44) (Fixed) (Total:146.48 GB) (Free:53.24 GB) NTFS (Disk=0 Partition=4)
Drive g: (FILM) (Fixed) (Total:296.74 GB) (Free:109.01 GB) NTFS
Drive h: (Pic en Film) (Fixed) (Total:292.97 GB) (Free:94.59 GB) NTFS (Disk=0 Partition=2)
Drive i: (Mijn Documentjes) (Fixed) (Total:97.66 GB) (Free:77.46 GB) NTFS (Disk=0 Partition=3)
Drive j: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=2 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive k: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive l: () (Removable) (Total:0.94 GB) (Free:0.63 GB) FAT (Disk=4 Partition=1)
Drive s: (SWAP) (Fixed) (Total:10 GB) (Free:2.17 GB) NTFS
Drive w: (WERKDISK) (Fixed) (Total:10 GB) (Free:6.6 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Dobbelen TB) (Fixed) (Total:1843.01 GB) (Free:305.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 89A67E79)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: F4DA38B1)
Partition 1: (Not Active) - (Size=-198626966528) - (Type=42)

========================================================
Disk: 2 (Size: 56 GB) (Disk ID: 480BAE2A)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: 47440EBC)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 964 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=964 MB) - (Type=06)

Last Boot: 2013-05-14 07:35

==================== End Of Log ============================

PaulVdB · 22 May 2013

PS : all recently installed programs have been run and tested (before the crash) and all worked fine repeatedly...
I mean : I did not install any programs right before the crash. Computer has booted fine several times with all progs installed ...

PS. WOW Vistaking ... I really appreciate what you're doing for me !