PDA

View Full Version : Virtuemonde Infection


BrokenEDEN
2009-08-29, 10:35
Hi, i am not good at computers and this was computer was a gift. Anyway first i think i got infected by a PDF exploit according to my ESET NOD32.

I've install Spybot and updated it, while i attemped to scan my pc, the programs just disappears, i've try to reboot and reinstalled but it is still not opening.

The same thing happen for HJT, it installed find and when during the scan, it would close. Evertime i'd try to just open the programs(Spybot, HJT, and AD Aware) i would get an error:

"Windows Cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Everytime i start up my computer i will get an dll error with some called wokoguri saying that it wasn't able to open, i think thats one of the the malware.

Heres the list from my ESET:

8/29/2009 2:34:53 AM Real-time file system protection file C:\WINDOWS\system32\eventlog.dll a variant of Win32/Kryptik.YQ trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: c:\hpbyv.exe.
8/29/2009 2:34:51 AM Real-time file system protection file C:\WINDOWS\system32\tulowifi.dll a variant of Win32/Adware.Virtumonde.NEK application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: c:\blyuwrjl.exe.
8/29/2009 2:34:50 AM Real-time file system protection file C:\WINDOWS\system32\wokoguri.dll a variant of Win32/Adware.Virtumonde.NEK application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: c:\blyuwrjl.exe.
8/29/2009 2:34:45 AM HTTP filter file http://buhervadoska.com/Nv1CZa0E2lqF5gE0upj3ISo1TvE3z7td a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:42 AM HTTP filter file http://rdafervacex.com/FB1Ue0Bey2yf5hie0hFE3C1MIl3gn7GPC a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:39 AM HTTP filter file http://afedovascevo.com/Y1j0Bu2cgx5n0o3g1a3zo7PII a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:36 AM HTTP filter file http://tahulavumbak.com/orN1zbo0Yif2J5Ych0g3oH1nC/3r7NP a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:30 AM HTTP filter file http://kasonkertub.com/Bmh1caY0n2ECN5tu0h3iz1l3vt/7Zt a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:25 AM HTTP filter file http://koliopewaqs.com/xF1oL0QoC2c/5cA0JK3Z1d3IF7p a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:24 AM Real-time file system protection file C:\WINDOWS\system32\yanohide.dll a variant of Win32/Adware.Virtumonde.NEK application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: c:\blyuwrjl.exe.
8/29/2009 2:34:18 AM HTTP filter file http://osaertugern.com/TLH1/N0o2o5o0t3X1EiH3f7l a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:14 AM HTTP filter file http://bcchart.net/progs/jhnrrff/clzqdervli.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:34:02 AM HTTP filter file http://arosakilomen.com/spp1t0/v2mI5Vud0TYt3xcP1D3fvL7z a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:34:02 AM HTTP filter file http://acmusicstore.com/progs/jhnrrff/clzqdervli.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:34:01 AM HTTP filter file http://acmusicstore.com/progs/jhnrrff/xdqrivm.php Win32/TrojanDownloader.Small.ORV trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:33:54 AM HTTP filter file http://bcchart.net/progs/jhnrrff/agqqerbspt.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:33:54 AM HTTP filter file http://bcchart.net/progs/jhnrrff/zjjaof.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:33:54 AM HTTP filter file http://acmusicstore.com/progs/jhnrrff/agqqerbspt.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:33:54 AM HTTP filter file http://acmusicstore.com/progs/jhnrrff/zjjaof.php Win32/Small.NEK trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\573.tmp.
8/29/2009 2:33:52 AM HTTP filter file http://ewaxertulio.com/l1s0vb2xD5RjP0VpK3Ans1/a3yjd7s a variant of Win32/Kryptik.AHY trojan connection terminated - quarantined ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\~.exe.
8/29/2009 2:33:48 AM Real-time file system protection file C:\WINDOWS\system32\dllcache\figaro.sys a variant of Win32/UltimateDefender.A trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~.exe.
8/29/2009 2:33:47 AM Real-time file system protection file C:\WINDOWS\system32\braviax.exe a variant of Win32/Kryptik.AHY trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~.exe.
8/29/2009 2:33:36 AM Real-time file system protection file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~.exe a variant of Win32/Kryptik.AHY trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\~.exe.
8/29/2009 2:33:27 AM HTTP filter archive http://iveriotic.com/localhost/name_666/pages/p20.php PDF/Exploit.Gen trojan connection terminated ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\GamerzAim.exe.
8/29/2009 2:33:25 AM HTTP filter archive http://iveriotic.com/localhost/name_666/pages/p20.php PDF/Exploit.Gen trojan connection terminated ADMIN-ZYYBFE60Y\Administrator Threat was detected upon access to web by the application: C:\Documents and Settings\Administrator\Local Settings\temp\GamerzAim.exe.

Thanks in advance!
Blade81
2009-08-31, 13:47
Hi,

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
BrokenEDEN
2009-09-01, 02:08
Hi Blade81, I really appreciated that you are willing to help me, eversince the the infection, my PC kept on restarting and i couldn't take it anymore while working at home and not being able to save my documents. I've recently just had my friend did a full reboot and upgraded/updated everything to make sure this won't happen again.

Once again I and really thankful for your help.

Since your a professionmal at this kind of thing, can you check my dxdiag log and make sure to see that everything is up to date and what i can do to on my part to protect my system, scch as programs. I've only have spybot and my current ESET Smart Security installed.


Dxdiag log;

------------------
System Information
------------------
Time of this report: 8/31/2009, 20:02:53
Machine name: CHANNY-EFC791BA
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_gdr.090206-1233)
Language: English (Regional Setting: English)
System Manufacturer: To Be Filled By O.E.M.
System Model: To Be Filled By O.E.M.
BIOS: BIOS Date: 07/23/03 19:44:27 Ver: 08.00.09
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz
Memory: 1150MB RAM
Page File: 257MB used, 2500MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 6200
Manufacturer: NVIDIA
Chip type: GeForce 6200
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_0221&SUBSYS_02F1196E&REV_A1
Display Memory: 256.0 MB
Current Mode: 1280 x 1024 (32 bit) (60Hz)
Monitor: ViewSonic G771
Monitor Max Res: 1280,1024
Driver Name: nv4_disp.dll
Driver Version: 6.14.0011.9062 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 8/16/2009 17:57:00, 5845760 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 8/16/2009 17:57:00, 7729568 bytes
Device Identifier: {D7B71E3E-4161-11CF-B859-FA2200C2CB35}
Vendor ID: 0x10DE
Device ID: 0x0221
SubSys ID: 0x02F1196E
Revision ID: 0x00A1
Revision ID: 0x00A1
Video Accel: ModeMPEG2_C ModeMPEG2_D ModeWMV9_B ModeWMV9_A
Deinterlace Caps: {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Realtek AC97 Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80951043&REV_02
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: ALCXWDM.SYS
Driver Version: 5.10.0000.6300 (English)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 9/24/2008 03:40:22, 4122368 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Full
Cap Flags: 0xF5F
Min/Max Sample Rate: 8000, 192000
Static/Strm HW Mix Bufs: 26, 24
Static/Strm HW 3D Bufs: 26, 24
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: Yes, Yes
I3DL2(tm) Listen/Src: Yes, Yes
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Realtek AC97 Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: ALCXWDM.SYS
Driver Version: 5.10.0000.6300 (English)
Driver Attributes: Final Retail
Date and Size: 9/24/2008 03:40:22, 4122368 bytes
Cap Flags: 0x41
Format Flags: 0xFFF

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Realtek AC97 Audio, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x24D4
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 8/3/2004 19:08:44, 57600 bytes
| Driver: usbd.sys, 8/23/2001 09:00:00, 4736 bytes
|
+-+ USB Human Interface Device
| | Vendor/Product ID: 0x0461, 0x4D20
| | Location: USB Optical Mouse
| | Matching Device ID: usb\class_03&subclass_01
| | Service: HidUsb
| | Driver: hidclass.sys, 8/3/2004 19:08:20, 36224 bytes
| | Driver: hidparse.sys, 8/3/2004 19:08:18, 24960 bytes
| | Driver: hid.dll, 8/3/2004 21:05:44, 20992 bytes
| | Driver: hidusb.sys, 8/23/2001 09:00:00, 9600 bytes
| |
| +-+ HID-compliant mouse
| | | Vendor/Product ID: 0x0461, 0x4D20
| | | Matching Device ID: hid_device_system_mouse
| | | Service: mouhid
| | | Driver: mouclass.sys, 8/3/2004 21:05:44, 23040 bytes
| | | Driver: mouhid.sys, 8/23/2001 09:00:00, 12160 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 8/3/2004 19:14:38, 52736 bytes
| Driver: kbdclass.sys, 8/3/2004 18:58:34, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 8/3/2004 18:01:08, 40840 bytes
| Driver: kbdclass.sys, 8/3/2004 18:58:34, 24576 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 8/3/2004 18:01:08, 40840 bytes
| Driver: mouclass.sys, 8/3/2004 21:05:44, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 74.6 GB
Total Space: 84.4 GB
File System: NTFS
Model: WDC WD1200JB-00EVA0

Drive: D:
Free Space: 11.6 GB
Total Space: 38.2 GB
File System: NTFS
Model: WDC WD400EB-75CPF0

Drive: E:
Free Space: 1.6 GB
Total Space: 30.1 GB
File System: NTFS
Model: WDC WD1200JB-00EVA0

Drive: F:
Model: HITACHI DVD-ROM GD-7500
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.2180 (English), 8/3/2004 18:59:54, 49536 bytes

--------------
System Devices
--------------
Name: Intel(R) 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571
Device ID: PCI\VEN_8086&DEV_2571&SUBSYS_00000000&REV_02\3&267A616A&0&08
Driver: C:\WINDOWS\system32\DRIVERS\AGP440.SYS, 5.01.2600.2180 (English), 8/3/2004 19:07:42, 42368 bytes

Name: Intel(R) 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570
Device ID: PCI\VEN_8086&DEV_2570&SUBSYS_00000000&REV_02\3&267A616A&0&00
Driver: n/a

Name: Intel(R) 82801EB USB Universal Host Controller - 24DE
Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_80A61043&REV_02\3&267A616A&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:38, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 57600 bytes

Name: Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_80A61043&REV_02\3&267A616A&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:38, 26624 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 57600 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:44, 7168 bytes

Name: Intel(R) 82801EB Ultra ATA Storage Controllers
Device ID: PCI\VEN_8086&DEV_24DB&SUBSYS_80A61043&REV_02\3&267A616A&0&F9
Driver: C:\WINDOWS\system32\DRIVERS\intelide.sys, 5.01.2600.2180 (English), 8/3/2004 22:59:42, 5504 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.2180 (English), 8/3/2004 22:59:42, 25088 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.2180 (English), 8/3/2004 22:59:44, 95360 bytes

Name: Intel(R) 82801EB USB Universal Host Controller - 24D7
Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_80A61043&REV_02\3&267A616A&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:38, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 57600 bytes

Name: Realtek AC'97 Audio
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80951043&REV_02\3&267A616A&0&FD
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.2180 (English), 8/3/2004 17:56:44, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.2180 (English), 8/3/2004 17:56:58, 130048 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.2180 (English), 8/3/2004 16:15:22, 140928 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.2180 (English), 8/3/2004 16:08:00, 60288 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.2180 (English), 8/3/2004 16:15:50, 145792 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.2180 (English), 8/3/2004 16:08:04, 48640 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.2180 (English), 8/3/2004 17:56:58, 23552 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS, 5.10.0000.6300 (English), 9/24/2008 03:40:22, 4122368 bytes
Driver: C:\WINDOWS\SOUNDMAN.EXE, 5.01.0000.0059 (English), 4/16/2007 08:28:22, 577536 bytes
Driver: C:\WINDOWS\system32\ALSNDMGR.CPL, 2.02.0000.0073 (English), 11/16/2006 22:40:46, 18804736 bytes
Driver: C:\WINDOWS\system32\ALSNDMGR.WAV, 2/5/2002 06:54:58, 141016 bytes
Driver: C:\WINDOWS\system32\RTLCPL.EXE, 1.00.0001.0066 (English), 12/8/2006 08:20:14, 10528768 bytes
Driver: C:\WINDOWS\system32\RTLCPAPI.dll, 1.00.0001.0004 (English), 10/17/2006 19:53:26, 147456 bytes
Driver: C:\WINDOWS\Alcrmv.exe, 2.00.0000.0004 (English), 7/31/2006 04:27:30, 217088 bytes

Name: Intel(R) 82801EB USB Universal Host Controller - 24D4
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_80A61043&REV_02\3&267A616A&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:38, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 57600 bytes

Name: Intel(R) 82801EB SMBus Controller - 24D3
Device ID: PCI\VEN_8086&DEV_24D3&SUBSYS_80A61043&REV_02\3&267A616A&0&FB
Driver: n/a

Name: Intel(R) 82801EB USB Universal Host Controller - 24D2
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_80A61043&REV_02\3&267A616A&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:38, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/3/2004 20:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/3/2004 19:08:44, 57600 bytes

Name: Intel(R) 82801EB LPC Interface Controller - 24D0
Device ID: PCI\VEN_8086&DEV_24D0&SUBSYS_00000000&REV_02\3&267A616A&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.0000 (English), 8/23/2001 09:00:00, 35840 bytes

Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_C2\3&267A616A&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/3/2004 19:07:48, 68224 bytes

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10\4&2E98101C&0&78F0
Driver: C:\WINDOWS\system32\DRIVERS\RTL8139.sys, 5.398.0613.2003 (English), 8/3/2004 18:31:34, 20992 bytes

Name: NVIDIA GeForce 6200
Device ID: PCI\VEN_10DE&DEV_0221&SUBSYS_02F1196E&REV_A1\4&38B71F77&0&0008
Driver: c:\nvidia\displaydriver\190.62\english\NvCplSetupEng.exe, 14.00.0000.0162 (English), 8/16/2009 17:57:00, 19458880 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 7729568 bytes
Driver: C:\WINDOWS\system32\nv4_disp.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 5845760 bytes
Driver: C:\WINDOWS\system32\nvapi.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 868352 bytes
Driver: C:\WINDOWS\system32\nvcuda.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 2002944 bytes
Driver: C:\WINDOWS\system32\nvcuvenc.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 1706528 bytes
Driver: C:\WINDOWS\system32\nvcuvid.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 2189856 bytes
Driver: C:\WINDOWS\system32\nvdata.bin, 8/16/2009 17:57:00, 1597690 bytes
Driver: C:\WINDOWS\system32\nvoglnt.dll, 6.14.0011.9062 (English), 8/16/2009 17:57:00, 10457088 bytes
Driver: C:\WINDOWS\system32\nvcod.dll, 1.06.0002.0057 (English), 8/16/2009 17:57:00, 155648 bytes
Driver: C:\WINDOWS\system32\nvcodins.dll, 1.06.0002.0057 (English), 8/16/2009 17:57:00, 155648 bytes

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 266240 bytes
ddrawex.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 10496 bytes
d3d8.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:42 1179648 bytes
d3d8thk.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:42 8192 bytes
d3d9.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:42 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 436224 bytes
d3dim700.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:42 825344 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/23/2001 09:00:00 33040 bytes
dplayx.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 229888 bytes
dpmodemx.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/23/2001 09:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 57344 bytes
dplaysvr.exe: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:50 30208 bytes
dpnsvr.exe: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:50 18432 bytes
dpnet.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 375296 bytes
dpnlobby.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:04 3584 bytes
dpnaddr.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:04 3584 bytes
dpvoice.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 212480 bytes
dpvsetup.exe: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:50 83456 bytes
dpvvox.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 116736 bytes
dpvacm.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 21504 bytes
dpnhpast.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 35328 bytes
dpnhupnp.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/23/2001 09:00:00 53520 bytes
dinput.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 159232 bytes
dinput8.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 394240 bytes
joy.cpl: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:58 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/23/2001 09:00:00 76800 bytes
pid.dll: 5.03.2600.2180 English Final Retail 8/3/2004 21:05:44 35328 bytes
dsound.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 367616 bytes
dsound3d.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 1294336 bytes
dswave.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 19456 bytes
dsdmo.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 181760 bytes
dsdmoprp.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 71680 bytes
dmusic.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 104448 bytes
dmband.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 28672 bytes
dmcompos.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 61440 bytes
dmime.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 181248 bytes
dmloader.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 35840 bytes
dmstyle.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 105984 bytes
dmsynth.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 103424 bytes
dmscript.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 82432 bytes
dx7vb.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 619008 bytes
dx8vb.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 1227264 bytes
dxdiagn.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 8/23/2001 09:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 8/3/2004 20:56:44 1028096 bytes
wsock32.dll: 5.01.2600.2180 English Final Retail 8/3/2004 20:56:48 22528 bytes
amstream.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:42 70656 bytes
devenum.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:44 59904 bytes
dxmasf.dll: 6.04.0009.1125 English Final Retail 8/3/2004 20:56:44 498205 bytes
mciqtz32.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:44 35328 bytes
mpg2splt.ax: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:58 148992 bytes
msdmo.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:44 14336 bytes
encapi.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:44 20480 bytes
qasf.dll: 10.00.0000.3802 English Final Retail 1/28/2005 13:44:28 221184 bytes
qcap.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:46 192512 bytes
qdv.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:46 279040 bytes
qdvd.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:46 385024 bytes
qedit.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:46 562176 bytes
qedwipes.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:26 733696 bytes
quartz.dll: 6.05.2600.3580 English Final Retail 6/3/2009 15:27:58 1290752 bytes
strmdll.dll: 4.01.0000.3937 English Final Retail 10/3/2008 06:15:47 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 8/3/2004 20:56:58 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 8/3/2004 20:56:58 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 8/3/2004 20:56:44 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 8/3/2004 20:56:44 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 8/3/2004 20:56:44 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 8/3/2004 20:56:44 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 8/3/2004 20:56:44 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 8/3/2004 20:56:58 154624 bytes
mswebdvd.dll: 6.05.2600.3610 English Final Retail 8/5/2009 05:11:47 204800 bytes
ks.sys: 5.03.2600.2180 English Final Retail 8/3/2004 16:15:22 140928 bytes
ksproxy.ax: 5.03.2600.2180 English Final Retail 8/3/2004 17:56:58 130048 bytes
ksuser.dll: 5.03.2600.2180 English Final Retail 8/3/2004 17:56:44 4096 bytes
stream.sys: 5.03.2600.2180 English Final Retail 8/3/2004 16:08:04 48640 bytes
mspclock.sys: 5.03.2600.2180 English Final Retail 8/3/2004 15:58:40 5376 bytes
mspqm.sys: 5.01.2600.2180 English Final Retail 8/3/2004 15:58:42 4992 bytes
mskssrv.sys: 5.03.2600.2180 English Final Retail 8/3/2004 15:58:42 7552 bytes
swenum.sys: 5.03.2600.2180 English Final Retail 8/3/2004 21:05:44 4352 bytes
mpeg2data.ax: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:58 118272 bytes
msvidctl.dll: 6.05.2600.2180 English Final Retail 8/3/2004 20:56:44 1428480 bytes
vbisurf.ax: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:58 30720 bytes
msyuv.dll: 5.03.2600.2180 English Final Retail 8/3/2004 21:05:44 17408 bytes
wstdecod.dll: 5.03.2600.2180 English Final Retail 8/3/2004 20:56:48 50688 bytes

------------------
DirectShow Filters
------------------

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.3580
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.2180
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.3580
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.3802
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.3580
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.3580
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.2180
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.2180
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3580
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.3580
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.3580
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.0000.0050
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.2180
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.3580
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.3580
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,9.00.0000.3250
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.2180
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.3580
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASX file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.3250
NSC file Parser,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.3580
Windows Media source filter,0x00600000,0,2,wmpasf.dll,9.00.0000.3250
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.3580
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.2180
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.2180
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.3580
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.2180
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.3580
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.3802
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.2180
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
File writer,0x00200000,1,0,qcap.dll,6.05.2600.2180
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.2180
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.2180
AC3Filter,0x40000000,1,1,ac3filter.ax,1.03.0001.0000
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.3580
.RAM file Parser,0x00600000,1,0,wmpasf.dll,9.00.0000.3250
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.2180
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.2180
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,9.00.0000.3250
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF URL Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,9.00.0000.3250
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.2180
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.2180
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.2180
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.2180
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.2180
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3580
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.3580
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.3580
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.3580
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.3580
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.3580
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.3580
XML Playlist,0x00400000,1,0,wmpasf.dll,9.00.0000.3250
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.2180
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.3580
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.3580
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.3580
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.2180
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.3580
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.3580
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.2180
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.2180

Video Compressors:
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.2180
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.3580
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.2180
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.2180
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.2180
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.2180

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.3580
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.3580
PCM,0x00200000,1,1,quartz.dll,6.05.2600.3580
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.3580
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.3580
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.3580
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.3580
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.3580
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.3580
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.3580
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.3580
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.3580
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.3580

Audio Capture Sources:
Realtek AC97 Audio,0x00200000,0,0,qcap.dll,6.05.2600.2180

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.3580
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.3580

WDM Streaming Capture Devices:
Realtek AC97 Audio,0x00200000,3,3,,5.03.2600.2180

WDM Streaming Rendering Devices:
Realtek AC97 Audio,0x00200000,3,3,,5.03.2600.2180

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.2180
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.2180
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.2180

Audio Renderers:
Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.05.2600.3580
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.3580
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.3580
DirectSound: Realtek AC97 Audio,0x00200000,1,0,quartz.dll,6.05.2600.3580

WDM Streaming System Devices:
Realtek AC97 Audio,0x00200000,19,2,,5.03.2600.2180

Thank you for everything.
Blade81
2009-09-01, 09:51
Since your a professionmal at this kind of thing, can you check my dxdiag log and make sure to see that everything is up to date and what i can do to on my part to protect my system, scch as programs. I've only have spybot and my current ESET Smart Security installed.
Hi,

Dxdiag is meant to show other than security related things :). Spybot and ESET Smart Security kept up-to-date is good combination. Just make sure you keep Windows and apps like PDF reader, Flash and Java updated too.
Blade81
2009-09-08, 14:44
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.