Stealth Bootkit Virus (TDL-4)

Hi,

I have a bootkit stealth virus that is allowing remote connections to my new Sony PC (TDL-4 Variant)

I've been working on this for 4 months now and have the virus on 5 PC's but just want to get my new one clean for now.

MY MACHINE:
Sony VAIO
Model: VPCEH25FM/B
640GB HD (can only format to get 598GB)
4GB Ram
Running Windows 7 x64 SP 1.
Kapersky AV 2012 (Factory CD installed)
Microsoft Office (Factory CD installed)

Basically this is what I've learned regarding this nasty bootkit..

BIOS
The BIOS is a "dummy bios" which I cannot change by flashing. Parts of the drive are locked and I am unable to delete
them with any tools or using a HEX editor to 0 it out.

The end sectors and random parts of the drive contain the virus also, so each reboot it is reloaded as soon as the machine is turned on. HD contains linux and windows file systems so the hackers can SFTP into the machine and gain access to the full machine and it is turned into a proxy server with google redirects in the background.

HARD DRIVE
I am unable to fully format using any software to reload clean OS (from Sony Factory DVD's)
Tried Erasing software such as Darik's, Active Kill Disk, Gparted, Manual Hex Editors

There is always a single line of code in the first sector that keeps being reloaded on reboots that calls the rest of the virus -- and FAT-16 dirs 2KB and 4KB that are automatically created after each format before and after the drive - which I cannot remove.

FILE SYSTEM
The Drives overlapso the RAM and the DVD-RW drive essentially hide parts of the file system (the RAM has a fake partion that is NTFS that I cannot clear).

The Motherboard and Hard Drive were replaced by Sony. However the virus was still being stored in my computers memory and came back on first boot (was using my grad schools network when first booted) after I got my machine from Sony. I am unable to flash the bios as it always says it's the same version, and cannot access/format my entire disk / clear my memory (and the NTFS fake memory partition that is created).


Currently am back to clean (although infected) install from factory DVD's from Sony (with setup listed above).

I just want to format the machine or fix the virus with the factory disks I have without this virus coming back. Anyone know how I can do this?

Thank you so much for your any help you can offer!!!!!!!!!!!!

What you claim is impossible. Also, I see a lot of assumptions, no facts and no proof.

TDL4 is perfectly well detectable and doesn't stand a chance against gparted and such.

It would be a good idea to start telling me what problems you have. With that I don't mean suspicions of hidden activity or whatever other vague descriptions, but clear symptoms (redirects, popups, slowness, spam, and so on).

Hi Elise,
Thanks for your reply. I've been dealing with this for so long I'm trying to make sense of parts of it - it's really a bootkit gmer picks it up when it's not blocked.

I've reached my wits end. I would like to pay someone credible and knowledgeable to fix my machine so I can get windows 7 and ubuntu installed and secure (and would also need a list of steps to take so I can do this for other machines on my network). This problem has been going on WAY too long. Elise or any high level tech please PM me and we can gmail chat or I will send you my number I'd like to take care of this tonight -- we can work out pricing and payment terms.

That is not the way we work here; I help anyone for free with pleasure, in the forums so others can benefit from any possible solution as well.

You didn't however answer my questions, which is not a good start to work on a possible resolution.

To get a verdict on whether or not TDL4 is present (and this is a method that is fool-proof), if GMER doesn't want to run, do the following.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Click on Start and follow the prompts to burn the image to a CD.
• Remove the USB & CD and insert it in the sick computer
• Boot the Sick computer with the CD you just burned
• The computer must be set to boot from the CD
• Gently tap F12 and choose to boot from the CD
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Click on the folder that represents your USB drive (sdb1 ?)
• Press Tool at the top
• Choose Open Terminal
• Type the following and press enter:
  
  dd if=/dev/sda of=mbr.bin bs=512 count=1
  
  
• Press Enter
• After it has finished a file will be located on your USB drive named mbr.bin
• Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Hi,
Unfortunately all 5 of my laptops are infected – so no clean computer to download and burn from. However I will buy a USB drive and use a friends PC if needed. Here’s more information, I was able to get (+) result from AVG about a month ago saying I had:

Rootkit.Win32.BackBoot.gen

(Sorry was just able to find the exact name)


Here are some symptoms from my machine:

> When running the task manager it says “see processes from all users” even though I should be the only user - can't tell which one it adds when I click to view them all:

>There are 6 .dllhost.exe *32 running

>With all browsers closed there are 8 chrome.exe *32 running

>svhost.exe are running 10 times

All with no programs open but notepad.exe (from my end)

> A Proxy server is running when I do open my browsers and check my settings

My hard drive should have 640GB of space but only has 586 and there are two unallocated partitions (beginning and end) I cannot add to my machines space or format.

I will work on trying to run that, if there’s any other tools please let me know and I will run them asap.


Here is what netstat shows - don't know why these ports are open:

C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:1110 Sony-VAIO:49258 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50148 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50164 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50177 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50202 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50203 ESTABLISHED
TCP 127.0.0.1:1110 Sony-VAIO:50207 ESTABLISHED
TCP 127.0.0.1:5354 Sony-VAIO:49157 ESTABLISHED
TCP 127.0.0.1:27015 Sony-VAIO:49259 ESTABLISHED
TCP 127.0.0.1:49157 Sony-VAIO:5354 ESTABLISHED
TCP 127.0.0.1:49258 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:49259 Sony-VAIO:27015 ESTABLISHED
TCP 127.0.0.1:50148 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:50164 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:50177 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:50202 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:50203 Sony-VAIO:nfsd-status ESTABLISHED
TCP 127.0.0.1:50207 Sony-VAIO:nfsd-status ESTABLISHED
TCP 192.168.1.XXX:50155 vx-in-f104:http ESTABLISHED
TCP 192.168.1.XXX:50165 vx-in-f104:https ESTABLISHED
TCP 192.168.1.XXX:50189 lga15s29-in-f3:http ESTABLISHED
TCP 192.168.1.XXX:50226 iad04s01-in-f95:https ESTABLISHED
TCP 192.168.1.XXX:50227 lga15s35-in-f0:https ESTABLISHED
TCP 192.168.1.XXX:50229 lga15s28-in-f6:https ESTABLISHED
TCP 192.168.1.XXX:50258 38.124.168.119:http TIME_WAIT
TCP 192.168.1.XXX:50259 38.113.165.77:https TIME_WAIT
TCP 192.168.1.XXX:50260 38.113.165.77:https TIME_WAIT
TCP 192.168.1.XXX:50261 38.124.168.119:http TIME_WAIT
TCP 192.168.1.XXX:50262 38.113.165.77:https TIME_WAIT

I was able to get (+) result from AVG about a month ago saying I had:

Rootkit.Win32.BackBoot.gen

That information is not useful without more information. Besides, if AVG detected whatever it was, it means its pretty well detectable.


You can do the xPUD creation on the machines you suspect are infected as well. Note that an active TDL4 infection will cause persistent redirects, as well as other serious problems. If you do not experience this its not likely the computers are infected.

> When running the task manager it says “see processes from all users” even though I should be the only user - can't tell which one it adds when I click to view them all:

>There are 6 .dllhost.exe *32 running

>With all browsers closed there are 8 chrome.exe *32 running

>svhost.exe are running 10 times

All with no programs open but notepad.exe (from my end)

> A Proxy server is running when I do open my browsers and check my settings

My hard drive should have 640GB of space but only has 586 and there are two unallocated partitions (beginning and end) I cannot add to my machines space or format.

I will work on trying to run that, if there’s any other tools please let me know and I will run them asap.

None of this is malware related, as said, malware symptoms are redirects, pop ups, extreme slowness, and so on.

I could explain every "symptom" in detail, but honestly, this is nothing you can't find an explanation for with a real simple google search. You found all these problems while digging in your windows system, so I am a bit surprised you didn't also research what your found first, before blaming it all on malware.

Have you researched the IP addresses listed by NetStat? If you do you'll find all of them are legit?

Hi,
I get the windows explorer crashes and hangs. I get redirects also (usually my status bar shows a random page loading in the background). Not sure totally what it is but want to clean it! lol.

Installing GetxPud from windows worked fine, however when I went to boot (it showed the start up "select language screen" then it threw all kinds of errors - and flew by so fast couldn't read them and no idea where the log file is stored. It let me at a terminal where I tried to mount the USB to no avail (tried it 3 times and removed all perpherials if that matters). Let me know what you think I should do - thank you.

Also the IP addresses are coming from my machine, however i'm the sole user so it's not my activity - router settings reset possibly? Not totally sure.

Also the IP addresses are coming from my machine, however i'm the sole user so it's not my activity - router settings reset possibly? Not totally sure.

Yes, because a lot of apps use the internet standard, not only the user.
Same goes for the Taskmanager. You're the only user, but in case you have more than one active user and you switch users, you can click the option to display processes from all users in Task manager. Doesn't mean there is more than one user though.


Did the USB drive not show up under xPUD? Usually its listed as sdb1. No need to mount it, that will be done automatically.

True, agree with tons of apps using the internet, what worries me is that my settings keep reverting to a proxy and there are 10+ chrome or IE processes when I don't even have the browser open -- But I may be wrong.

The USB is not showing up. The only thing under the mnt dir was hiddendev0

Not sure if another linux OS would run it (I have puppy, warry, ubuntu, kubuntu if that would help) or if another program would work. Also not sure if I can get some kind of log from Ultimate Boot CD or Hirens that would give you more information.

Thanks again so much for everything.

Do you see your drive/partitions correctly under Ubuntu?

The USB is not showing up. The only thing under the mnt dir was hiddendev0

Can you see what is on this device?

Click File, then click Tool > Open Terminal, type fdisk -ul and press enter. Let me know what partitions are listed there.

Here's an old post I Had: http://www.bleepingcomputer.com/forums/topic440512.html/page__p__2576881#entry2576881


I just ran MiniToolBox -- disregard it if it is not helpful.

I will try that command you said now and report back shortly.


-----MINI TOOL BOX ------

MiniToolBox by Farbar Version: 18-01-2012
Ran by Sony (administrator) on 08-03-2012 at 14:13:34
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sony-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 74-E5-0B-5B-86-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 74-E5-0B-5B-86-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 74-E5-0B-5B-86-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e5ac:bd55:8880:f46c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.142(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 08, 2012 1:53:07 PM
Lease Expires . . . . . . . . . . : Friday, March 09, 2012 1:53:10 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 309650699
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D2-7D-F9-78-84-3C-E6-E0-57
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-84-3C-E6-E0-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{05455623-8515-47BA-839A-8BAC206C0D5E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{44B9C92B-E236-44FA-9493-1603C0DAC2B4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:8a3:21:b81f:44a9(Preferred)
Link-local IPv6 Address . . . . . : fe80::8a3:21:b81f:44a9%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.pa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.226.198
74.125.226.194
74.125.226.192
74.125.226.206
74.125.226.197
74.125.226.196
74.125.226.195
74.125.226.193
74.125.226.200
74.125.226.201
74.125.226.199


Pinging google.com [74.125.226.196] with 32 bytes of data:
Reply from 74.125.226.196: bytes=32 time=22ms TTL=52
Reply from 74.125.226.196: bytes=32 time=19ms TTL=52

Ping statistics for 74.125.226.196:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 22ms, Average = 20ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=71ms TTL=48
Reply from 98.139.183.24: bytes=32 time=54ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 71ms, Average = 62ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...74 e5 0b 5b 86 5d ......Microsoft Virtual WiFi Miniport Adapter #2
13...74 e5 0b 5b 86 5d ......Microsoft Virtual WiFi Miniport Adapter
12...74 e5 0b 5b 86 5c ......Intel® WiFi Link 1000 BGN
11...78 84 3c e6 e0 57 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.142 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.142 281
192.168.1.142 255.255.255.255 On-link 192.168.1.142 281
192.168.1.255 255.255.255.255 On-link 192.168.1.142 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.142 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.142 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:5ef5:79fd:8a3:21:b81f:44a9/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::8a3:21:b81f:44a9/128
On-link
12 281 fe80::e5ac:bd55:8880:f46c/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/08/2012 01:52:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 10:31:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 08:02:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 07:37:53 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 17.0.963.66 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1378

Start Time: 01ccfd03d599fbdc

Termination Time: 110

Application Path: C:\Users\Sony\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 7d5993cd-691b-11e1-a322-78843ce6e057

Error: (03/08/2012 03:16:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 02:54:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DesktopDock64.dll, version: 1.0.1.0, time stamp: 0x4c20ef72
Exception code: 0xc0000005
Fault offset: 0x000000000003284a
Faulting process id: 0xfc8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/08/2012 02:50:43 AM) (Source: MsiInstaller) (User: Sony)Sony
Description: Product: Adobe Reader X MUI -- Error 1310.Error writing to file: c:\Config.Msi\8a30e8.rbf. System error 5. Verify that you have access to that directory.

Error: (03/08/2012 02:46:40 AM) (Source: MsiInstaller) (User: Sony)Sony
Description: Product: Adobe Reader X (10.1.2) MUI - Update 'Adobe Reader X (10.1.2)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/08/2012 02:46:33 AM) (Source: MsiInstaller) (User: Sony)Sony
Description: Product: Adobe Reader X (10.1.2) MUI -- Error 1310.Error writing to file: C:\Config.Msi\8a2f4c.rbf. System error 5. Verify that you have access to that directory.

Error: (03/08/2012 00:15:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/08/2012 01:52:37 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:39:14 PM on ?3/?8/?2012 was unexpected.

Error: (03/08/2012 08:24:33 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/08/2012 08:24:33 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/08/2012 08:24:24 AM) (Source: Application Popup) (User: )
Description: \??\C:\Users\Sony\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/08/2012 08:03:03 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (03/08/2012 08:01:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (03/08/2012 08:01:49 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:53:50 AM on ?3/?8/?2012 was unexpected.

Error: (03/08/2012 04:19:30 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume E: were aborted because of an IO failure on volume E:.

Error: (03/08/2012 03:16:07 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:08:09 AM on ?3/?8/?2012 was unexpected.

Error: (03/08/2012 00:14:23 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:13:05 AM on ?3/?8/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (03/07/2012 07:21:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/07/2012 07:21:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5165 seconds with 1320 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft WebCam Companion 4 (Version: 4.0.21.392)
Best Buy pc app (Version: 3.2.0.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.16)
Conexant HD Audio (Version: 8.54.18.51)
D3DX10 (Version: 15.4.2368.0902)
Fences (Version: 1.0)
Foxit Reader 5.1 (Version: 5.1.4.104)
Google Chrome (Version: 17.0.963.66)
IconPackager
IconPackager (Version: 5.00)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2455)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Intel® Wireless Display (Version: 2.0.27.0)
Internet Download Manager
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Anti-Virus 2012 (Version: 12.0.0.374)
Keyboard Shortcuts (Version: 1.1.0.08290)
Media Gallery (Version: 1.5.0.16020)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Norton Internet Security (Version: 19.5.0.145)
Oasis2Service 1.0 (Version: 1.0.0)
OOBE (Version: 11.2.1.10)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300)
PMB VAIO Edition Plug-in (Version: 1.6.00.06010)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
Remote Keyboard (Version: 1.1.1.07060)
Remote Play with PlayStation 3 (Version: 1.1.0.15070)
Sony Corporation (Version: 1.0.0)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
SUPERAntiSpyware (Version: 5.0.1146)
swMSM (Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Media Gallery (Version: 1.5.0.16020)
VAIO - PMB VAIO Edition Guide (Version: 1.6.00.06030)
VAIO - PMB VAIO Edition Plug-in (Version: 1.6.01.06110)
VAIO - Remote Keyboard (Version: 1.1.0.07060)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.15070)
VAIO Care (Version: 6.4.0.15030)
VAIO Care (Version: 6.4.2.11150)
VAIO Control Center (Version: 4.5.0.03040)
VAIO Data Restore Tool (Version: 1.6.0.13140)
VAIO Easy Connect (Version: 1.1.2.01120)
VAIO Event Service (Version: 5.5.0.03040)
VAIO Gate (Version: 2.4.1.09230)
VAIO Gate Default (Version: 2.4.0.03240)
VAIO Hardware Diagnostics (Version: 4.2.0.14280)
VAIO Help and Support (Version: 14.00.0125)
VAIO Improvement (Version: 1.0.0.14150)
VAIO Manual (Version: 2.0.0.02250)
VAIO Quick Web Access (Version: 1.4.5.3)
VAIO Sample Contents (Version: 1.4.0.09010)
VAIO Satisfaction Survey. (Version: 3.0)
VAIO Smart Network (Version: 3.5.0.02280)
VAIO Transfer Support (Version: 1.4.0.14230)
VAIO Update (Version: 5.5.3.10280)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VCCx86 (Version: 1.0.0)
VESx64 (Version: 1.0.0)
VESx86 (Version: 1.0.0)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VLC media player 2.0.0 (Version: 2.0.0)
VSNx64 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw

Name: Sony Firmware Extension Parser Device
Description: Sony Firmware Extension Parser Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Sony Corporation
Service: SFEP

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: Realtek PCIE CardReader
Description: Realtek PCIE CardReader
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconduct Corp.
Service: RSPCIESTOR

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Alps Pointing-device for VAIO
Description: Alps Pointing-device for VAIO
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymNetS

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Microsoft Watchdog Timer
Description: Microsoft Watchdog Timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Wd

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® WiFi Link 1000 BGN
Description: Intel® WiFi Link 1000 BGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64

Name: Sony Visual Communication Camera
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP

Name: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Description: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Intel® Core™ i3-2330M CPU @ 2.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64

Name: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Description: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Generic Non-PnP Monitor
Description: Generic Non-PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: NAVENG
Description: NAVENG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVENG

Name: WDKMD
Description: WDKMD
Class Guid: {034f6fb2-1bcc-41c9-9fd2-dbb357de0838}
Manufacturer: (Standard system devices)
Service: wdkmd

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: IDMWFP
Description: IDMWFP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IDMWFP

Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vwififlt

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp

Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: IDSVia64
Description: IDSVia64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IDSVia64

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS

Name: Conexant SmartAudio HD
Description: Conexant SmartAudio HD
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: CnxtHdAudService

Name: Intel® Core™ i3-2330M CPU @ 2.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Intel® HD Graphics Family
Description: Intel® HD Graphics Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: kl1
Description: kl1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KL1

Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: kl2
Description: kl2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl2

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRTSPX

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG

Name: Intel® Mobile Express Chipset SATA AHCI Controller
Description: Intel® Mobile Express Chipset SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor

Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64

Name: Kaspersky Anti-Virus NDIS 6 Filter
Description: Kaspersky Anti-Virus NDIS 6 Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KLIM6

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: HL-DT-ST DVDRAM GT50N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Intel® Core™ i3-2330M CPU @ 2.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Description: Intel® HM65 Express Chipset Family LPC Interface Controller - 1C49
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Symantec Data Store
Description: Symantec Data Store
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymDS

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: eeCtrl

Name: WDC WD6400BPVT-55HXZT2
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Intel® Core™ i3-2330M CPU @ 2.20GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr


========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 4043.86 MB
Available physical RAM: 1857.54 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5164.88 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:585.23 GB) (Free:513.38 GB) NTFS

========================= Users: ========================================

User accounts for \\SONY-VAIO

Administrator Guest Sony

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

The explorer crash is caused by Fences, according to your event viewer log. Uninstalling/reinstalling the program may help.

File is protected so I could not open it.

Sorry, what file are you referring to? The device on xPUD?

Don't miss my previous post also.

Yes the XPUD devices.

Oh ok I was running a backup while I added a new fence which is when it crashed. It crashed 2 others (or froze and had to be powered down) today.

Does the rest of the log look normal?