Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware recreating in c:\windows\temp cannot remove :( help ...


  • Please log in to reply
4 replies to this topic

#1 mjanek20

mjanek20

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 December 2016 - 07:13 PM

Recently I've got infected with tons of malware by clicking a wrong exe file :(

 

I've managed to get rid of most of it but one thing still remains. It makes my PC startup process VERY long. I've managed to find out that the problem is a file that recreates itself somhow in c:\Windows\Temp folder with random names like: gCDB1.tmp.exe, gD553.tmp.exe (blue background, green g, black note as an icon). It also adds itself to RunOnce section every time. I cannot find a way to remove it. I've run rkill and a lot of malware removal programs but nothing seem to help :/

 

Do you have an idea ?


Edited by hamluis, 24 December 2016 - 07:58 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:00 AM

Posted 24 December 2016 - 08:33 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 mjanek20

mjanek20
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 December 2016 - 05:42 AM

----------------------- checkup.txt

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows XP  x64 (UAC is enabled)  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Microsoft VisualStudio JavaScript Project System 
 Java 8 Update 91  
 Microsoft VisualStudio JavaScript Language Service 
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.3.183.90 Flash Player out of Date!  
 Mozilla Firefox (48.0.2) 
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 ViveSetup PCClient ViveportService.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
--------------------------- FSS.txt

Farbar Service Scanner Version: 27-01-2016
Ran by Libra (administrator) on 25-12-2016 at 09:58:41
Running from "C:\Users\Libra\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
---------------------- MTB.txt

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Libra (administrator) on 25-12-2016 at 10:02:18
Running from "C:\Users\Libra\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Model: MS-7917 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
========================= IP Configuration: ================================
 
Killer e2200 Gigabit Ethernet Controller = Ethernet 3 (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="PoĄczenie lokalne* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="PoĄczenie sieciowe Bluetooth" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Zodiak
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : local
 
Ethernet adapter Ethernet 3:
 
   Connection-specific DNS Suffix  . : local
   Description . . . . . . . . . . . : Killer e2200 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : D8-CB-8A-95-2A-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c502:cc44:7aad:9f94%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 25 grudnia 2016 09:33:08
   Lease Expires . . . . . . . . . . : 26 grudnia 2016 09:37:08
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 165202826
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-3F-2B-48-94-DE-80-B4-8B-D4
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:401b:802::200e
 172.217.20.174
 
 
Pinging google.com [172.217.20.174] with 32 bytes of data:
Reply from 172.217.20.174: bytes=32 time=13ms TTL=55
Reply from 172.217.20.174: bytes=32 time=11ms TTL=55
 
Ping statistics for 172.217.20.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 13ms, Average = 12ms
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=164ms TTL=46
Reply from 98.139.183.24: bytes=32 time=148ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 148ms, Maximum = 164ms, Average = 156ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...d8 cb 8a 95 2a 22 ......Killer e2200 Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    266
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  7    266 fe80::/64                On-link
  7    266 fe80::c502:cc44:7aad:9f94/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/25/2016 09:33:11 AM) (Source: OculusVR) (User: )
Description: 25/12 09:33:11.285 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 09:33:10 AM) (Source: OculusVR) (User: )
Description: 25/12 09:33:10.536 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 09:06:11 AM) (Source: System Restore) (User: )
Description: Nie można utworzyć punktu przywracania (Proces = C:\ProgramData\Package Cache\{ac723cbb-bf65-46e5-ac2e-58d5a959e196}\ViveDX9Setup.exe Cache\{ac723cbb-bf65-46e5-ac2e-58d5a959e196}\ViveDX9Setup.exe" -q -burn.elevated BurnPipe.{66401E12-AC56-473A-8457-C50D6CA27B8D} {BA1458B9-9B23-4B26-8639-310644A139C8} 1640; Opis = Vive DirectX 9.0; Błąd = 0x8007043c).
 
Error: (12/25/2016 12:04:40 AM) (Source: System Restore) (User: )
Description: Wybrany punkt przywracania został uszkodzony lub usunięty podczas przywracania (Installed Microsoft Visual Studio 2015 Tools for Unity).
 
Error: (12/25/2016 12:01:37 AM) (Source: OculusVR) (User: )
Description: 25/12 00:01:37.394 {!ERROR!} [OAF ERROR] ..\..\..\core\JsonUtil.cpp(81) : Failed to parse manifest JSON data (1971038)
 
Error: (12/25/2016 12:00:52 AM) (Source: OculusVR) (User: )
Description: 25/12 00:00:52.176 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 12:00:51 AM) (Source: OculusVR) (User: )
Description: 25/12 00:00:51.411 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ZODIAK)
Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ZODIAK)
Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ZODIAK)
Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.
 
 
System errors:
=============
Error: (12/25/2016 09:37:09 AM) (Source: Service Control Manager) (User: )
Description: Usługa Menedżer połączeń usługi Dostęp zdalny zakończyła działanie; wystąpił następujący błąd: 
%%20 = Nie można odnaleźć urządzenia.
 
 
Error: (12/25/2016 09:37:09 AM) (Source: Service Control Manager) (User: )
Description: Usługa Menedżer połączeń usługi Dostęp zdalny zawiesiła się podczas uruchamiania.
 
Error: (12/25/2016 09:37:09 AM) (Source: DCOM) (User: ZARZĄDZANIE NT)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (12/25/2016 09:36:40 AM) (Source: RasMan) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [C:\WINDOWS\system32\vpnike.dll] failed to initialize. Nie można odnaleźć urządzenia.
 
Error: (12/25/2016 09:36:11 AM) (Source: DCOM) (User: ZODIAK)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/25/2016 09:35:09 AM) (Source: DCOM) (User: ZARZĄDZANIE NT)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (12/25/2016 09:32:35 AM) (Source: DCOM) (User: ZARZĄDZANIE NT)
Description: właściwe dla aplikacjiLokalnyAktywacja{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}ZARZĄDZANIE NTSYSTEMS-1-5-18LocalHost (użycie LRPC)NiedostępnyNiedostępny
 
Error: (12/25/2016 09:32:31 AM) (Source: DCOM) (User: ZODIAK)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/25/2016 09:31:12 AM) (Source: DCOM) (User: ZODIAK)
Description: 1084ShellHWDetectionNiedostępny{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/25/2016 09:31:03 AM) (Source: DCOM) (User: ZODIAK)
Description: 1084WSearchNiedostępny{9E175B68-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2016 09:33:11 AM) (Source: OculusVR)(User: )
Description: 25/12 09:33:11.285 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 09:33:10 AM) (Source: OculusVR)(User: )
Description: 25/12 09:33:10.536 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 09:06:11 AM) (Source: System Restore)(User: )
Description: C:\ProgramData\Package Cache\{ac723cbb-bf65-46e5-ac2e-58d5a959e196}\ViveDX9Setup.exe Cache\{ac723cbb-bf65-46e5-ac2e-58d5a959e196}\ViveDX9Setup.exe" -q -burn.elevated BurnPipe.{66401E12-AC56-473A-8457-C50D6CA27B8D} {BA1458B9-9B23-4B26-8639-310644A139C8} 1640Vive DirectX 9.00x8007043c
 
Error: (12/25/2016 12:04:40 AM) (Source: System Restore)(User: )
Description: Installed Microsoft Visual Studio 2015 Tools for Unity
 
Error: (12/25/2016 12:01:37 AM) (Source: OculusVR)(User: )
Description: 25/12 00:01:37.394 {!ERROR!} [OAF ERROR] ..\..\..\core\JsonUtil.cpp(81) : Failed to parse manifest JSON data (1971038)
 
Error: (12/25/2016 12:00:52 AM) (Source: OculusVR)(User: )
Description: 25/12 00:00:52.176 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/25/2016 12:00:51 AM) (Source: OculusVR)(User: )
Description: 25/12 00:00:51.411 {!ERROR!} [GuardianSubsystem] Invalid type in SensorsStateFromString:
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ZODIAK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ZODIAK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (12/24/2016 11:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ZODIAK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-05-03 21:43:36.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-03 21:43:36.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:32.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:32.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:29.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:29.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:21.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:21.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:05.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-05 19:14:05.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
JX^€Ch3D2 (HKLM-x32\...\JX^€Ch3D2) (Version:  - KISS)
3DMark (HKLM\...\{7051AEF3-01C3-4E7D-B4CC-8FBFA24B4D2B}) (Version: 2.1.2973.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{a0df0e52-2800-4963-9ba1-382620df4d05}) (Version: 2.1.2973.0 - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Abbot's Book Demo (HKLM\...\Steam App 434430) (Version:  - The Abbot's Book, LLC)
ABE VR (HKLM\...\Steam App 458590) (Version:  - Hammerhead VR)
Acan's Call: Act 1 (HKLM\...\Steam App 501180) (Version:  - Cyberith GmbH)
ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.1.0 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 2.13.0.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
ALICE VR (HKLM-x32\...\1170675521_is1) (Version: 2.0.0.2 - GOG.com)
Alien: Isolation (HKLM-x32\...\Alien: Isolation_is1) (Version:  - )
Allumette (HKLM\...\Steam App 460850) (Version:  - Penrose Studios)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.95 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Arizona Sunshine (HKLM\...\Steam App 342180) (Version:  - Vertigo Games)
Audioshield (HKLM\...\Steam App 412740) (Version:  - Dylan Fitterer)
AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.1.3.0 - )
AW EDID Editor version 01.02.06 (HKLM-x32\...\{1F64E6F6-039A-4C0A-8168-0A2D8F9E8227}_is1) (Version: 01.02.06 - Analog Way)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Back to Dinosaur Island  (HKLM\...\Steam App 412940) (Version:  - Crytek)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beauty Box (HKLM\...\Beauty Box AE) (Version: 3.0.6 - Digital Anarchy, Inc.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Budget Cuts Demo (HKLM\...\Steam App 459860) (Version:  - Neat Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.0.5014 - Citrix Systems, Inc.)
Cloudlands : VR Minigolf (HKLM\...\Steam App 425720) (Version:  - Futuretown)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DARK SOULS™ III (HKLM-x32\...\DARK SOULS™ III_is1) (Version:  - )
Destinations - Workshop Tools (HKLM\...\Steam App 469960) (Version:  - Valve)
Destinations (HKLM\...\Steam App 453170) (Version:  - Valve)
Deus Ex Mankind Divided (HKLM-x32\...\{FF14FF71-544F-44C2-BC9E-3CB73674E1D2}_is1) (Version:  - Square Enix)
DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version:  - Larian Studios)
Dokan Driver (x64) (HKLM\...\{C550A790-4D58-4918-824A-192461614F6B}) (Version: 1.1.0.2 - HTC Corp.) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dolphin VR (HKLM-x32\...\Dolphin VR) (Version: 5.0 - Dolphin VR Team)
Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version:  - id Software)
Doom 3 BFG Edition (HKLM-x32\...\Doom 3 BFG Edition_is1) (Version:  - )
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Dungeon Hero (HKLM-x32\...\Dungeon Hero_is1) (Version:  - )
Elite Dangerous: Arena (HKLM\...\Steam App 443080) (Version:  - Frontier Developments)
ENSLAVED: Odyssey to the West Premium Edition (HKLM-x32\...\ENSLAVED: Odyssey to the West Premium Edition_is1) (Version:  - Namco Bandai Games)
e-pity 7.0.9 za rok 2015 (HKLM-x32\...\{80D8170E-5590-218-B9ED-E24E4C99A18D}_is1) (Version: 7.0.9 - e-file sp. z o.o.)
Escape!VR -The Basement- (HKLM\...\Steam App 552060) (Version:  - Sourcenity GmbH)
EVGA Precision XOC (HKLM-x32\...\{D705C0CA-D900-45AB-85A7-AD651F7055A6}) (Version: 6.0.9 - EVGA Corporation)
Evolution VR (HKLM\...\Steam App 549760) (Version:  - Magic Tavern)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version:  - Ubisoft)
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
Final Fantasy X X-2 HD Remaster (HKLM-x32\...\Final Fantasy X X-2 HD Remaster_is1) (Version:  - )
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Gnomes & Goblins (preview) (HKLM\...\Steam App 490840) (Version:  - Wevr, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.7.7 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth VR (HKLM\...\Steam App 348250) (Version:  - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HAWKEN (HKLM\...\Steam App 271290) (Version:  - Reloaded Games)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HTC Account (HKLM\...\{AE97DDF0-054B-4553-A4EA-0FCA7A34903A}) (Version: 1.1.2.6 - HTC Corporation) Hidden
I am Setsuna (HKLM-x32\...\I am Setsuna_is1) (Version:  - )
IKEA VR Experience (HKLM\...\Steam App 447270) (Version:  - IKEA Communications AB)
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
Intel Extreme Tuning Utility (HKLM-x32\...\{707C5535-D841-473D-B54D-5DAD433A53D9}) (Version: 6.0.2.2 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{ca64a229-d771-4f51-91c1-a1bd637e0da3}) (Version: 6.0.2.2 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Island 359 (HKLM\...\Steam App 476700) (Version:  - CloudGate Studio, Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{51B5A084-A40D-4F4B-90AA-EF8354EA7D96}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
K-Lite Codec Pack 12.6.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.6.0 - KLCP)
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life is Strange: Complete Season 1 (HKLM-x32\...\Life is Strange: Complete Season 1_is1) (Version:  - )
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Machine Learning: Episode I (HKLM\...\Steam App 524030) (Version:  - Singularity Lab)
Magic Duels (HKLM\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
MakeMKV v1.9.2 (HKLM-x32\...\MakeMKV) (Version: v1.9.2 - GuinpinSoft inc)
MediaInfo 0.7.79 (HKLM\...\MediaInfo) (Version: 0.7.79 - MediaArea.net)
Mervils: A VR Adventure Demo (HKLM\...\Steam App 501240) (Version:  - VitruviusVR)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{E02DF945-0531-4E5E-9C6B-2B660C0AE66D}) (Version: 2.8.0.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.4.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 8.5.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.5.0 - Moritz Bunkus)
Modbox Demo (HKLM\...\Steam App 563980) (Version:  - Alientrap)
Monitor Asset Manager (HKLM-x32\...\{AD0BBBFD-C5E9-4214-A863-E83313D67C0C}_is1) (Version:  - EnTech Taiwan)
Monitor Asset Manager (HKLM-x32\...\Monitor Asset Manager) (Version:  - )
Mortal Kombat XL (HKLM-x32\...\Mortal Kombat XL_is1) (Version:  - )
MOTU Hardware (HKLM\...\{D3896665-69A3-42B3-B33D-2FCC751547FD}) (Version: 4.0.5.9644 - MOTU)
Mozilla Firefox 48.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 pl)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0a1 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.15 - MSI)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version:  - )
Neat Video for Premiere (HKLM\...\Neat Video for Premiere_is1) (Version: 3.5 - ABSoft)
Node.js (HKLM\...\{D976034B-3213-4136-A5EA-785C6675593B}) (Version: 6.3.0 - Node.js Foundation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Wirtualny dźwięk Miracast 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 375.95 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
Online Plug-in (HKLM-x32\...\{C961313C-339B-405B-9A8B-87188584ECAD}) (Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Paddle Up (HKLM\...\Steam App 496250) (Version:  - Pavel Jamal)
Panel sterowania NVIDIA 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 375.95 - NVIDIA Corporation) Hidden
Panoptic Demo (HKLM\...\Steam App 543850) (Version:  - Team Panoptes)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project CARS Game Of The Year Edition (HKLM\...\cHJvamVjdGNhcnM_is1) (Version: 1 - )
Prospect (HKCU\...\prospect) (Version: 0.3.8 - IrisVR)
Quanero (HKLM\...\Steam App 497820) (Version:  - LaserBoys3000)
Racket: Nx Demo (HKLM\...\Steam App 498290) (Version:  - One Hamsa)
Raw Data (HKLM\...\Steam App 436320) (Version:  - Survios)
Raw Data, âĺđńč˙ 0.1 (HKLM-x32\...\Raw Data_is1) (Version: 0.1 - Other s)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity)
Revive Dashboard (HKLM-x32\...\Revive) (Version:  - )
Riffstation Trial wersja 1.531 (HKLM-x32\...\{C3BDCDF6-ED06-426D-B46B-59427DF2A03D}_is1) (Version: 1.531 - Sonic Ladder Ltd)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Self-service Plug-in (HKLM-x32\...\{12A08693-9223-4291-B522-D247BF7530FF}) (Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Sid Meiers Civilization VI (HKLM-x32\...\Sid Meiers Civilization VI_is1) (Version:  - )
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Smashbox Arena (HKLM\...\Steam App 530350) (Version:  - BigBox VR, Inc.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Space Pirate Trainer (HKLM\...\Steam App 418650) (Version:  - I-Illusions)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.1.0.1 - Splashtop Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
SteamVR Performance Test (HKLM\...\Steam App 323910) (Version:  - Valve)
Street Fighter V (HKLM\...\c3RyZWV0ZmlnaHRlcnY_is1) (Version: 1 - )
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Subnautica Dev (wersja 909) (HKLM-x32\...\{B9508019-457A-4F84-9DA4-2EC2F944ECB3}_is1) (Version: 909 - Trackeroc.Ru)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Assembly (HKLM-x32\...\The Assembly_is1) (Version:  - )
The Bellows: VR Demo (HKLM\...\Steam App 529670) (Version:  - castlesteps)
The Brookhaven Experiment (HKLM\...\Steam App 440630) (Version:  - Phosphor Games)
The Flame in the Flood (HKLM-x32\...\1452692111_is1) (Version: 2.0.0.2 - GOG.com)
The Lab (HKLM\...\Steam App 450390) (Version:  - Valve)
The Night Cafe (HKLM\...\Steam App 482390) (Version:  - Borrowed Light Studios)
The Settlers 7 - Droga do królestwa (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
The Settlers 7: Paths to a Kingdom - Gold Edition (HKLM-x32\...\Steam App 48210) (Version:  - Blue Byte)
The Turing Test (HKLM-x32\...\The Turing Test_is1) (Version:  - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Krew i Wino (HKLM-x32\...\Blood and Wine_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Serca z kamienia (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.22.0.0 - GOG.com)
Thick Air Demo (HKLM\...\Steam App 526770) (Version:  - People Gotta Play)
TIDAL (HKLM-x32\...\{B28456D8-34A1-403E-857D-845B31B3F3AD}) (Version: 1.1.0.589 - TIDAL) Hidden
TIDAL (HKLM-x32\...\TIDAL 1.1.0.589) (Version: 1.1.0.589 - TIDAL)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs, LLC)
Trials on Tatooine (HKLM\...\Steam App 381940) (Version:  - ILMxLAB)
TriDef 3D 6.9 (HKLM-x32\...\essentials-bundle) (Version: 6.9 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
UAC (HKLM\...\{df26725f-1308-44c7-a73a-adc7838f696e}.sdb) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE4 Prerequisites (x64) (HKLM\...\{DC9D63C3-E5D5-4DA2-8141-2435DE3B6C90}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{31b49e1e-03f8-4a04-8faa-f6476d8fad02}) (Version: 1.0.10.0 - Epic Games, Inc.)
Unity (HKLM-x32\...\Unity) (Version: 5.4.3xEditorVR-p3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
Vertigo Demo (HKLM\...\Steam App 465470) (Version:  - Zach Tsiakalis-Brown)
Virtually Live presents Formula E Season Two Highlights (HKLM\...\Steam App 426610) (Version:  - Virtually Live)
Vive (HKLM-x32\...\{56C14CA2-FA7A-4A95-A429-8C5B7F1C1689}) (Version: 1.0.8889.966 - HTC Corp.) Hidden
Vive (HKLM-x32\...\{c3ca5861-1d96-4aaf-a967-35aa6d8d10e9}) (Version: 1.0.8889.966 - HTC Corp.) Hidden
Vive Diagnosis (HKLM-x32\...\{3a2fbb45-ffeb-4ade-96e1-d1eea735e0f1}) (Version: 1.0.1.13 - HTC Corp.)
Vive DirectX 9.0 (HKLM-x32\...\{ac723cbb-bf65-46e5-ac2e-58d5a959e196}) (Version: 1.0.1.2 - HTC Corp.)
VIVE Software (HKLM-x32\...\VIVE Software) (Version: 1.0.1.101 - HTC)
ViveDiag (HKLM-x32\...\{2AA694EF-E243-4009-B616-3D525EB307A7}) (Version: 1.0.1.13 - HTC Corp.) Hidden
ViveDriver (HKLM-x32\...\{8ff389b7-122a-494c-9d04-cb3165b8738d}) (Version: 1.1.0.8 - HTC Corp.)
ViveDummy (HKLM-x32\...\{1F9BDD9F-AB3D-4384-A080-80E713702ADE}) (Version: 0.9.0.4 - HTC) Hidden
ViveDX9 (HKLM-x32\...\{7D99A0E1-C346-40C1-AA4E-5CF0E7D7331E}) (Version: 1.0.1.2 - HTC Corp.) Hidden
VivePhoneServices (HKLM-x32\...\{51692281-D7BE-4F58-AA39-EC26FC082934}) (Version: 1.1.0.4 - HTC Corp.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VRMark Demo (HKLM\...\Steam App 466460) (Version:  - Futuremark)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Waltz of the Wizard (HKLM\...\Steam App 436820) (Version:  - Aldin Dynamics)
War Thunder (HKLM\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Whirligig (HKLM\...\Steam App 451650) (Version:  - Philip Day)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: Kontroler magistrali zarządzania systemem
Description: Kontroler magistrali zarządzania systemem
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_8086&DEV_8CA2&SUBSYS_79171462&REV_00\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: ACPI\INT33A0\0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 8140.61 MB
Available physical RAM: 5729.36 MB
Total Virtual: 11852.61 MB
Available Virtual: 9079.95 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:232.54 GB) (Free:63.98 GB) NTFS
2 Drive d: (Volume_2) (Fixed) (Total:931.51 GB) (Free:67.55 GB) NTFS
3 Drive e: (Volume_1) (Fixed) (Total:2794.39 GB) (Free:1116.45 GB) NTFS
 
========================= Users: ========================================
 
Konta uľytkownik˘w dla \\ZODIAK
 
Administrator            Go†                     Libra                    
osmc                     
Polecenie zostao wykonane pomylnie.
 
========================= Restore Points ==================================
 
23-12-2016 22:08:43 Removed Online.io Application
23-12-2016 22:09:25 Removed Online.io Application
23-12-2016 22:09:43 Removed Traffic Exchange
23-12-2016 22:10:05 Removed Online.io Application
24-12-2016 00:40:03 Instalator modułów systemu Windows
24-12-2016 22:25:25 Vive
24-12-2016 22:25:40 Vive Diagnosis
24-12-2016 22:25:47 ViveDriver
24-12-2016 22:26:24 Vive DirectX 9.0
24-12-2016 22:26:34 Zainstalowany program DirectX
 
**** End of log ****
 
----------- mbar-log-2016-12-25 (10-14-13).txt

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.12.25.04
  rootkit: v2016.11.20.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18538
Libra :: ZODIAK [administrator]
 
2016-12-25 10:14:13
mbar-log-2016-12-25 (10-14-13).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 423118
Time elapsed: 6 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
----------------- Rkill.txt

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/25/2016 10:21:27 AM in x64 mode.
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\TEMP\g52E0.tmp.exe (PID: 4936) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  # Copyright © 1993-2009 Microsoft Corp.
 
Program finished at: 12/25/2016 10:21:41 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 


#4 mjanek20

mjanek20
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 December 2016 - 06:28 AM

I'm trying to observe the virus operation and every time I run in safe mode, remove windows\temp and the RunOnce key on the normal boot

 

- the desktop shows up but without icons

- when I go to windows\temp I immediately see files being placed there (they seem to download/copy from somewhere as they start appearing one by one) with names: g8C14.tmp, g8C14.tmp ... and two exe files with similar name AND what's important a "wdf" file that contains a lot of Chinese characters :/

- when I try too google my browser is often redirected to cse.google.com which shows a different set of search results.

- after running RKill which kills this gxxxxx.exe process the system appears to be function pretty normally but of course I'm not sure how safe it is to use it :/


Edited by mjanek20, 25 December 2016 - 06:29 AM.


#5 mjanek20

mjanek20
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 25 December 2016 - 08:43 PM

I've used a nice little program called Autoruns. I've managed to corner the problematic malware to this:

 

https://www.virustotal.com/pl/file/5fb4fe00ed16238263c60eeb84acb12b68548a3de57271c4a5130e59880bc053/analysis/

 

I'm not sure if it helps in any way.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users