www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/#entry5339568
Effective URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/
Submission: On April 04 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/
Submission: On April 04 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMPOST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770401" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>
POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770401">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>
Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE * Sign In * Create Account Search Advanced This topic * Search section: * This topic * Forums * Members * Help Files * Calendar * * View New Content * Forum Rules * BleepingComputer.com * Forums * Members * Tutorials * Startup List * Virus Removal * Downloads * Uninstall List * Welcome Guide * More 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site. Latest News: Fake Trezor data breach emails used to steal cryptocurrency wallets Featured Deal: Earn the cybersecurity training you need with this course bundle PROXY SCRIPT 127.0.0.1:86 Started by shdzazmi , Mar 31 2022 01:40 AM * Please log in to reply 3 replies to this topic #1 SHDZAZMI shdzazmi * * Members * 1 posts * OFFLINE * Local time:08:17 PM Posted 31 March 2022 - 01:40 AM Hi there, so recently i got this proxy script blocking access to "google.com", what i did is create a batch file that change the registry, it work, but when the computer restart, it came back So i searched the proxy script 127.0.0.1:86 problems on google, turns out people rarely get this problems, only at bleepingcomputer people solved the proxy script problem. I dont know if this is a virus because windows security didnt get anything, adwcleaner too Here i copy the FRST.txt and Addition.txt, i appreciate every help that i get Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2022 Ran by Jaya Raya (administrator) on DESKTOP-6N77RDD (Micro-Star International Co., Ltd. MS-7C13) (31-03-2022 12:44:24) Running from C:\Users\Jaya Raya\Downloads Loaded Profiles: Jaya Raya Platform: Microsoft Windows 10 Pro Version 21H2 19044.1466 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (explorer.exe ->) (AChat team) [File not signed] C:\Program Files (x86)\AChat\AChat.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <8> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\Jaya Raya\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (services.exe ->) (DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe (services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe (services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (@ByELDI -> ByELDI) [File not signed] C:\Program Files (x86)\Common Files\KMSpico\Update\kmsupd.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpTsClnt.dll" (No File) HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run: [AChat] => C:\Program Files (x86)\AChat\AChat.exe [2851328 2007-01-24] (AChat team) [File not signed] HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run: [Opera Browser Assistant] => C:\Users\Jaya Raya\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software) HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run: [MicrosoftEdgeAutoLaunch_EC18C4AEBD4964E58D039383A6F09DD2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKLM\...\Print\Monitors\EPSON L1110 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBUTE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EPSON SIDM BS64MonitorB: C:\WINDOWS\system32\EBPMONB.DLL [108032 2008-08-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-30] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-09-10] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\removeproxyregistry - Shortcut.lnk [2022-03-31] ShortcutTarget: removeproxyregistry - Shortcut.lnk -> C:\removeproxyregistry.bat () [File not signed] Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resetproxy - Shortcut.lnk [2022-03-31] ShortcutTarget: resetproxy - Shortcut.lnk -> C:\resetproxy.bat () [File not signed] Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resetproxynetsh - Shortcut.lnk [2022-03-31] ShortcutTarget: resetproxynetsh - Shortcut.lnk -> C:\resetproxynetsh.bat () [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F4D4CE-EC39-46EE-9A06-B111D8C14D40} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {21AA990F-41AB-4011-9431-6EC5B5E89413} - System32\Tasks\KMSpico Auto Update Scheduler => C:\Program Files (x86)\Common Files\KMSpico\Update\kmsupd.exe [81248 2020-02-26] (@ByELDI -> ByELDI) [File not signed] Task: {24A64FC5-2CAC-466A-A0D0-E24F78E394AB} - System32\Tasks\HPCustParticipation HP LaserJet MFP M129-M134 => C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6660744 2018-08-22] (Hewlett Packard -> HP Inc.) Task: {32AD0358-54B0-46BB-83D5-90999BF19CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC) Task: {3CF32B41-D786-408E-8C3D-848AA92C7E14} - System32\Tasks\R@1n-KMS\Windows®, Professional edition => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate Task: {5A41379F-0FD1-4D36-BB49-15A250D6F0D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6A328A88-EE2D-4AB5-95DC-67B4D02B0E1E} - System32\Tasks\Opera scheduled assistant Autoupdate 1603954038 => C:\Users\Jaya Raya\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Jaya Raya\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {6FD5300D-6440-4011-A397-AB36B398FA80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {82DCB34F-6ED1-4FB6-A105-CE97BFC01591} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {859E031D-8E71-4969-A229-B61DC3CC0BEE} - System32\Tasks\Opera scheduled Autoupdate 1603954032 => C:\Users\Jaya Raya\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16] (Opera Software AS -> Opera Software) Task: {98ECE5A7-ACC1-45E1-9088-DDA22408CA54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {9EDE6A34-CC42-4F2D-89D5-72204F6800FB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {A6023FAB-FF9D-4814-A6B5-6068EB412266} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google LLC) Task: {CAD84607-3255-45C1-86E2-97C1C1F13727} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F150B41C-6B47-4FC9-B8EA-27441DE0F529} - System32\Tasks\R@1n-KMS\Office 16, Office16ProPlusVL_KMS_Client edition => wmic path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate Task: {FFE6D3D6-E066-43E9-8114-203CFDCCD32B} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings) AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/ AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/ AutoConfigURL: [{3CA1CD31-93CE-4764-9546-2E4400E6B506}] => hxxp://127.0.0.1:86/ Tcpip\..\Interfaces\{4dc46bd7-2e18-43df-b939-d4e5bc5ddce9}: [NameServer] 8.8.8.8,8.8.4.4 ManualProxies: 0hxxp://127.0.0.1:86/ HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= DownloadDir: C:\Users\Jaya Raya\Downloads Edge Notifications: HKU\S-1-5-21-3720672381-1331533200-1916140197-1001 -> hxxps://download.id Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Jaya Raya\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-31] Edge DownloadDir: Default -> C:\Users\Jaya Raya\Downloads Edge Notifications: Default -> hxxps://download.id FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default [2022-03-31] CHR Notifications: Default -> hxxps://hr.talenta.co; hxxps://mail.google.com; hxxps://web.whatsapp.com CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-11] CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-11] CHR Extension: (Google Drive) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25] CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-11] CHR Extension: (Spreadsheet) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-11] CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16] CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-31] CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-03-31] CHR Notifications: Profile 1 -> hxxps://web.whatsapp.com CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-10] CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-10] CHR Extension: (Google Drive) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-10] CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-10] CHR Extension: (Spreadsheet) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-10] CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-10] CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-10] CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-10] CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-03-31] CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-10] CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-10] CHR Extension: (Google Drive) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-10] CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-10] CHR Extension: (Spreadsheet) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-10] CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16] CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-10] CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-10] CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-31] Opera: ======= OPR Profile: C:\Users\Jaya Raya\AppData\Roaming\Opera Software\Opera Stable [2022-03-31] OPR Notifications: Opera Stable -> hxxps://shopee.co.id OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Jaya Raya\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-10] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Jaya Raya\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-19] Brave: ======= BRA Profile: C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-03-31] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-03-29] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-03-29] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2022-03-29] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-03-29] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-06] (philandro Software GmbH -> philandro Software GmbH) R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe [473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.) R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [408576 2019-08-02] (SEIKO EPSON CORPORATION) [File not signed] R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [582656 2019-08-02] (SEIKO EPSON CORPORATION) [File not signed] S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3595776 2022-02-28] (Microsoft Corporation) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12054872 2019-10-11] (TeamViewer GmbH -> TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-16] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-16] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-03-31 12:44 - 2022-03-31 12:44 - 000021516 _____ C:\Users\Jaya Raya\Downloads\FRST.txt 2022-03-31 12:42 - 2022-03-31 12:42 - 000000000 ___HD C:\$WinREAgent 2022-03-31 12:28 - 2022-03-31 12:44 - 000000000 ____D C:\FRST 2022-03-31 12:28 - 2022-03-31 12:34 - 000013498 _____ C:\Users\Jaya Raya\Downloads\Fixlog.txt 2022-03-31 12:28 - 2022-03-30 14:28 - 000005092 _____ C:\Users\Jaya Raya\Downloads\listfix.txt 2022-03-31 12:28 - 2022-03-29 13:36 - 002365440 _____ (Farbar) C:\Users\Jaya Raya\Downloads\FRST64.exe 2022-03-31 12:26 - 2022-03-30 15:19 - 000000104 _____ C:\removeproxyregistry.bat 2022-03-31 12:26 - 2022-03-30 15:19 - 000000025 _____ C:\resetproxynetsh.bat 2022-03-31 12:26 - 2022-03-18 13:43 - 000000142 _____ C:\resetproxy.bat 2022-03-31 08:25 - 2022-03-31 08:25 - 000026494 _____ C:\Users\Jaya Raya\Downloads\KPI Dep TAF Feb 22.xlsx 2022-03-30 14:45 - 2022-03-30 14:45 - 000078003 _____ C:\Users\Jaya Raya\Downloads\CV. BUMI MANUNGGAL G 30 MAR 22.pdf 2022-03-30 10:47 - 2022-03-30 10:47 - 000185791 _____ C:\Users\Jaya Raya\Downloads\03. NPWP PT. PMP.pdf 2022-03-29 16:58 - 2022-03-29 16:58 - 001841744 _____ C:\Users\Jaya Raya\Downloads\1-29.xls 2022-03-29 14:57 - 2022-03-29 14:57 - 000024909 _____ C:\Users\Jaya Raya\Downloads\WhatsApp Image 2022-03-29 at 14.17.59.jpeg 2022-03-28 17:18 - 2022-03-28 17:18 - 000007351 _____ C:\Users\Jaya Raya\Downloads\WhatsApp Image 2022-03-28 at 15.35.34.jpeg 2022-03-28 16:51 - 2022-03-28 16:51 - 000096432 _____ C:\Users\Jaya Raya\Downloads\3300000002_031046709722000_48002029.pdf 2022-03-26 15:29 - 2022-03-26 15:29 - 000024564 _____ C:\Users\Jaya Raya\Downloads\SRN_PAYMENT 396.pdf 2022-03-26 13:22 - 2022-03-26 13:22 - 000096413 _____ C:\Users\Jaya Raya\Downloads\WhatsApp Image 2022-03-24 at 15.37.58.jpeg 2022-03-26 13:14 - 2022-03-26 13:14 - 000013849 _____ C:\Users\Jaya Raya\Downloads\LIST TAGIHAN PENGAJUAN PAYMENT.xlsx 2022-03-25 11:00 - 2022-03-25 11:00 - 000224134 _____ C:\Users\Jaya Raya\Downloads\Rekening baru (1).pdf 2022-03-25 09:21 - 2022-03-25 09:21 - 000026112 _____ C:\Users\Jaya Raya\Downloads\SAP.xls 2022-03-24 16:46 - 2022-03-24 16:46 - 000230977 _____ C:\Users\Jaya Raya\Downloads\Toyota, Fortuner L 1195 H(2).pdf 2022-03-24 16:42 - 2022-03-24 16:42 - 000090193 _____ C:\Users\Jaya Raya\Downloads\Receipt (1).pdf 2022-03-23 16:06 - 2022-03-23 16:06 - 000051902 _____ C:\Users\Jaya Raya\Downloads\CV BUMI MANUNGGAL 22 MAR 22.pdf 2022-03-22 14:58 - 2022-03-22 14:58 - 000012076 _____ C:\Users\Jaya Raya\Downloads\TJMI Balikpapan (1).xlsx 2022-03-22 14:35 - 2022-03-22 14:35 - 000015080 _____ C:\Users\Jaya Raya\Downloads\PO-09801....pdf 2022-03-22 13:55 - 2022-03-22 13:55 - 000030720 _____ C:\Users\Jaya Raya\Downloads\SKU.xls 2022-03-21 17:15 - 2022-03-21 17:15 - 000292325 _____ C:\Users\Jaya Raya\Downloads\SPPKP.pdf 2022-03-21 17:15 - 2022-03-21 17:15 - 000235147 _____ C:\Users\Jaya Raya\Downloads\kepemilikan rekening bmg (2).pdf 2022-03-21 17:15 - 2022-03-21 17:15 - 000180195 _____ C:\Users\Jaya Raya\Downloads\NIB.pdf 2022-03-21 17:15 - 2022-03-21 17:15 - 000162743 _____ C:\Users\Jaya Raya\Downloads\SIUP.pdf 2022-03-21 17:11 - 2022-03-21 17:11 - 001038399 _____ C:\Users\Jaya Raya\Downloads\SPPKP PS 2017 (3).PDF 2022-03-21 16:55 - 2022-03-21 16:55 - 000051138 _____ C:\Users\Jaya Raya\Downloads\0322_Mandiri SLS idr _180322_ Sparepart - Pengajuan 222000128 - Listiono Gunawan - 27.925.000.pdf 2022-03-21 14:42 - 2022-03-21 14:42 - 000030208 _____ C:\Users\Jaya Raya\Downloads\KOBEXINDO (2).xls 2022-03-21 09:12 - 2022-03-21 09:12 - 000032768 _____ C:\Users\Jaya Raya\Downloads\BSS (5).xls 2022-03-21 09:01 - 2022-03-21 09:01 - 000247401 _____ C:\Users\Jaya Raya\Downloads\Surat Pemberitahuan Bank.pdf 2022-03-20 12:36 - 2022-03-20 12:36 - 000026112 _____ C:\Users\Jaya Raya\Downloads\Kop Pamandiri.xls 2022-03-20 10:03 - 2022-03-20 10:03 - 000031744 _____ C:\Users\Jaya Raya\Downloads\KTC (4).xls 2022-03-19 17:11 - 2022-03-19 17:11 - 000012413 _____ C:\Users\Jaya Raya\Downloads\TRIWISNNA (1).xlsx 2022-03-19 16:21 - 2022-03-19 16:23 - 000058368 _____ C:\Users\Jaya Raya\Downloads\TSB GROUP (5).xls 2022-03-18 17:09 - 2022-03-18 17:09 - 000030720 _____ C:\Users\Jaya Raya\Downloads\MAP (2).xls 2022-03-18 11:37 - 2022-03-18 11:43 - 000028160 _____ C:\Users\Jaya Raya\Downloads\PCP (1).xls 2022-03-18 09:20 - 2022-03-18 09:20 - 000009420 _____ C:\Users\Jaya Raya\Downloads\Daftar buka tutup plafon.xlsx 2022-03-16 14:52 - 2022-03-16 14:52 - 000938098 _____ C:\Users\Jaya Raya\Downloads\CamScanner 03-16-2022 13.22.pdf 2022-03-16 14:12 - 2022-03-16 14:12 - 000034816 _____ C:\Users\Jaya Raya\Downloads\TJMI Kaliorang (2).xls 2022-03-16 14:12 - 2022-03-16 14:12 - 000011703 _____ C:\Users\Jaya Raya\Downloads\TJMI Balikpapan.xlsx 2022-03-16 13:59 - 2022-03-16 13:59 - 000252605 _____ C:\Users\Jaya Raya\Downloads\TRANSFER TO OTHER BANK (ONLINE)_RB0316140123148.pdf.pdf 2022-03-16 09:57 - 2022-03-16 14:34 - 000058640 _____ C:\Users\Jaya Raya\Downloads\PENAGIHAN.pptx 2022-03-16 08:54 - 2022-03-16 08:54 - 000013824 _____ C:\Users\Jaya Raya\Downloads\account_statement_1480019408122_15 March 2022-15 March 2022_20220316075343.xls 2022-03-15 15:24 - 2022-03-15 15:24 - 000015453 _____ C:\Users\Jaya Raya\Downloads\AET Group (1).xlsx 2022-03-14 11:05 - 2022-03-14 11:05 - 000032768 _____ C:\Users\Jaya Raya\Downloads\10.02.2022 Rekonsil Invoice Bumi Manunggal Gracia.xls 2022-03-14 10:01 - 2022-03-14 10:01 - 000257943 _____ C:\Users\Jaya Raya\Downloads\Revisi kpuc.pdf 2022-03-14 09:56 - 2022-03-14 09:56 - 000196469 _____ C:\Users\Jaya Raya\Downloads\Kpuc(2).pdf 2022-03-14 09:55 - 2022-03-14 09:55 - 000190658 _____ C:\Users\Jaya Raya\Downloads\Rekening KPUC.pdf 2022-03-12 10:58 - 2022-03-12 10:58 - 000091332 _____ C:\Users\Jaya Raya\Downloads\Flow permintaan karyawan_JRM.pptx 2022-03-11 15:50 - 2022-03-11 15:50 - 000028160 _____ C:\Users\Jaya Raya\Downloads\Tunas Hijau MKP.xls 2022-03-11 14:09 - 2022-03-11 14:09 - 000520719 _____ C:\Users\Jaya Raya\Downloads\Inv SLE (2).pdf 2022-03-10 16:47 - 2022-03-10 16:47 - 000995300 _____ C:\Users\Jaya Raya\Downloads\JAYA RAYA MOTOR.pdf 2022-03-09 13:39 - 2022-03-09 13:39 - 000364940 _____ C:\Users\Jaya Raya\Downloads\KPUC.pdf 2022-03-09 11:25 - 2022-03-09 11:25 - 000030720 _____ C:\Users\Jaya Raya\Downloads\MAP.xls.xls 2022-03-09 10:55 - 2022-03-09 10:55 - 000030720 _____ C:\Users\Jaya Raya\Downloads\Semindo.xls 2022-03-08 09:08 - 2022-03-08 09:08 - 001104255 _____ C:\Users\Jaya Raya\Downloads\JAYA RAYA KE BUMI MANUNGGAL.pdf 2022-03-07 16:12 - 2022-03-07 16:12 - 000362454 _____ C:\Users\Jaya Raya\Downloads\Surat Tarif PPN 11% Per 1 April 2022.pdf 2022-03-07 16:12 - 2022-03-07 16:12 - 000116874 _____ C:\Users\Jaya Raya\Downloads\UU Nomor 7 Tahun 2021 tentang HPP Pasal 7 ayat 1 (1).pdf 2022-03-05 10:34 - 2022-03-05 10:34 - 000065538 _____ C:\Users\Jaya Raya\Downloads\Tagihan macet (2).xlsx 2022-03-05 10:19 - 2022-03-05 10:19 - 000065538 _____ C:\Users\Jaya Raya\Downloads\Tagihan macet.xlsx 2022-03-05 10:19 - 2022-03-05 10:19 - 000065538 _____ C:\Users\Jaya Raya\Downloads\Tagihan macet (1).xlsx 2022-03-04 14:02 - 2022-03-04 14:02 - 000175653 _____ C:\Users\Jaya Raya\Downloads\Meranti Sakti.pdf 2022-03-03 17:19 - 2022-03-03 17:19 - 000030208 _____ C:\Users\Jaya Raya\Downloads\Gonusa.xls 2022-03-03 13:56 - 2022-03-03 13:56 - 000030208 _____ C:\Users\Jaya Raya\Downloads\KOBEXINDO (1).xls 2022-03-03 13:31 - 2022-03-03 13:31 - 002468283 _____ C:\Users\Jaya Raya\Downloads\PCP 3.pdf 2022-03-02 15:25 - 2022-03-02 15:25 - 000224134 _____ C:\Users\Jaya Raya\Downloads\Rekening baru.pdf 2022-03-02 15:24 - 2022-03-02 15:24 - 000174034 _____ C:\Users\Jaya Raya\Downloads\perubahan rekening.pdf 2022-03-02 14:55 - 2022-03-02 14:55 - 000025600 _____ C:\Users\Jaya Raya\Downloads\EVANS.xls 2022-03-02 14:55 - 2022-03-02 14:55 - 000025600 _____ C:\Users\Jaya Raya\Downloads\EVANS (1).xls 2022-03-02 10:54 - 2022-03-02 10:54 - 000154833 _____ C:\Users\Jaya Raya\Downloads\PEMBERITAHUAN PERUBAHAN STEMPEL (3).pdf 2022-03-02 09:32 - 2022-03-02 09:32 - 000036864 _____ C:\Users\Jaya Raya\Downloads\KRI (3).xls 2022-03-01 16:28 - 2022-03-01 16:28 - 000029696 _____ C:\Users\Jaya Raya\Downloads\ATP.xls 2022-03-01 15:12 - 2022-03-01 15:12 - 000032256 _____ C:\Users\Jaya Raya\Downloads\KED (4).xls 2022-03-01 14:52 - 2022-03-01 14:52 - 000031232 _____ C:\Users\Jaya Raya\Downloads\SKP (4).xls 2022-03-01 14:36 - 2022-03-01 14:36 - 000310834 _____ C:\Users\Jaya Raya\Downloads\SGM Ttd (1).pdf 2022-03-01 09:59 - 2022-03-01 09:59 - 000193112 _____ C:\Users\Jaya Raya\Downloads\NPWP BMG.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-03-31 12:43 - 2020-12-01 16:31 - 000776042 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-03-31 12:43 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2022-03-31 12:39 - 2020-03-11 08:32 - 000000000 ____D C:\Program Files (x86)\Google 2022-03-31 12:37 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-03-31 12:36 - 2022-02-13 10:17 - 000000008 __RSH C:\ProgramData\ntuser.pol 2022-03-31 12:36 - 2020-12-01 16:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-03-31 12:36 - 2020-12-01 16:21 - 000008192 ___SH C:\DumpStack.log.tmp 2022-03-31 12:36 - 2019-09-06 10:41 - 000000000 ____D C:\ProgramData\NVIDIA 2022-03-31 12:36 - 2018-09-15 13:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-03-31 12:34 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-03-31 12:34 - 2019-09-10 11:39 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2022-03-31 12:31 - 2020-03-04 08:34 - 000000000 ____D C:\Users\Jaya Raya\AppData\LocalLow\Temp 2022-03-31 12:28 - 2018-09-15 15:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2022-03-31 12:08 - 2019-11-23 15:09 - 000000000 ____D C:\Users\Jaya Raya\AppData\Roaming\WhatsApp 2022-03-31 10:08 - 2018-09-15 13:45 - 000000000 ____D C:\Users\Jaya Raya\AppData\Local\Packages 2022-03-31 08:07 - 2020-12-01 16:26 - 000004176 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{95279D33-1815-4198-B1E6-9713B471E32B} 2022-03-30 13:06 - 2020-03-11 08:34 - 000002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-03-30 13:06 - 2020-03-11 08:34 - 000002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-03-30 12:49 - 2020-12-01 16:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-03-30 12:20 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-03-30 12:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-03-30 09:55 - 2022-02-19 15:29 - 000000000 ____D C:\Users\Jaya Raya\AppData\Local\WhatsApp 2022-03-29 12:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2022-03-29 12:09 - 2020-12-01 16:22 - 000447704 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-03-29 12:06 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-03-29 12:06 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing 2022-03-29 12:06 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-03-29 08:04 - 2020-06-09 08:11 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-03-29 08:04 - 2020-06-09 08:11 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-03-25 08:02 - 2021-12-12 08:01 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3720672381-1331533200-1916140197-1001 2022-03-25 08:02 - 2020-12-01 16:26 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3720672381-1331533200-1916140197-1001 2022-03-25 08:02 - 2020-12-01 14:07 - 000002440 _____ C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-24 08:13 - 2019-11-23 15:09 - 000000000 ____D C:\Users\Jaya Raya\AppData\Local\SquirrelTemp 2022-03-22 08:16 - 2020-12-01 16:26 - 000004242 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1603954032 2022-03-22 08:16 - 2020-10-29 14:47 - 000001532 _____ C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk 2022-03-20 08:32 - 2019-09-06 10:10 - 000000000 ____D C:\DIGI 2022-03-16 08:17 - 2018-09-15 13:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-03-11 08:13 - 2020-12-01 16:26 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-03-11 08:13 - 2020-12-01 16:26 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022 Ran by Jaya Raya (31-03-2022 12:45:35) Running from C:\Users\Jaya Raya\Downloads Microsoft Windows 10 Pro Version 21H2 19044.1466 (X64) (2020-12-01 08:26:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3720672381-1331533200-1916140197-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3720672381-1331533200-1916140197-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3720672381-1331533200-1916140197-1000 - Limited - Disabled) Guest (S-1-5-21-3720672381-1331533200-1916140197-501 - Limited - Enabled) Jaya Raya (S-1-5-21-3720672381-1331533200-1916140197-1001 - Administrator - Enabled) => C:\Users\Jaya Raya WDAGUtilityAccount (S-1-5-21-3720672381-1331533200-1916140197-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AChat v0.150 (HKLM-x32\...\AChat_is1) (Version: 0.150 - SourceForge.NET) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH) BG-Soft Component Package (HKLM-x32\...\{BA7C0CAC-6880-4A85-8158-119FDE468B22}) (Version: 2.00.0000 - Bumi Global Komputindo) Brave (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\BraveSoftware Brave-Browser) (Version: 76.0.68.130 - Brave Software Inc) DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6}) (Version: 2.3.1.767 - DigitalPersona, Inc.) EPSON APD4 Point and Print Support (HKLM-x32\...\{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}) (Version: 4.58.0000 - SEIKO EPSON CORPORATION) EPSON L1110 Series Printer Uninstall (HKLM\...\EPSON L1110 Series) (Version: - Seiko Epson Corporation) EPSON LX-310 ESC/P Printer Utility Uninstall (HKLM\...\EPSON LX-310 ESC/P) (Version: - SEIKO EPSON Corporation) EPSON Port Communication Service (HKLM\...\{24C64105-B4D2-42CF-9E18-0EFA731135F6}) (Version: 3.23.0 - SEIKO EPSON CORPORATION) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC) Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP) HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP) HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP) HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP) HP LaserJet MFP M129-M134 Basic Device Software (HKLM\...\{B162F8E1-52A3-4D42-B119-3580C8D7FC62}) (Version: 44.3.2667.18234 - HP Inc.) HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP) HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP) I.R.I.S OCR (HKLM-x32\...\{3913CCF7-436B-4A7A-A265-62E9FFDD03D9}) (Version: 15.2.10.1114 - HP Inc.) IDAutomation.com Code 128 Font Package Demo (HKLM-x32\...\IDAutomation.com Code 128 Font Package Demo) (Version: - ) LM129 (HKLM-x32\...\{A2D25501-6F44-4CE2-9EFA-C9E5A0658FA9}) (Version: 0.00.0005 - HP) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation) Opera Stable 84.0.4316.42 (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Opera 84.0.4316.42) (Version: 84.0.4316.42 - Opera Software) Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Product Improvement Study for HP LaserJet MFP M129-M134 (HKLM\...\{2356481F-26D1-4BEE-BA39-CB9AE90953A0}) (Version: 44.3.2667.18234 - HP Inc.) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.7.1965 - TeamViewer) Update for Skype for Business 2016 (KB5001940) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D}) (Version: - Microsoft) Update for Skype for Business 2016 (KB5001940) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D}) (Version: - Microsoft) Update for Skype for Business 2016 (KB5001940) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D}) (Version: - Microsoft) WhatsApp (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\WhatsApp) (Version: 2.2210.9 - WhatsApp) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) WinRAR 5.91 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Packages: ========= HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-23] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-06] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-06] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-26] (Microsoft Studios) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-21] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3720672381-1331533200-1916140197-1001_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\Application\76.0.68.130\notification_helper.exe (Brave Software, Inc. -> Brave Software, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\removeproxyregistry - Shortcut.lnk -> C:\removeproxyregistry.bat () Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resetproxy - Shortcut.lnk -> C:\resetproxy.bat () Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\resetproxynetsh - Shortcut.lnk -> C:\resetproxynetsh.bat () ShortcutWithArgument: C:\Users\Jaya Raya\Desktop\Nery yani - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\FINANCE - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Listiono - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============= 2019-08-02 08:51 - 2019-08-02 08:51 - 000159744 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\BluetoothIO.dll 2019-08-02 08:52 - 2019-08-02 08:52 - 000101376 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\DeviceControlLogLibrary.dll 2019-08-02 08:50 - 2019-08-02 08:50 - 000238080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.dll 2019-08-02 08:57 - 2019-08-02 08:57 - 000227840 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetIO31.dll 2019-08-02 08:56 - 2019-08-02 08:56 - 000175616 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\ParallelIO31.dll 2019-08-02 08:53 - 2019-08-02 08:53 - 000133632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL 2019-08-02 08:55 - 2019-08-02 08:55 - 000159744 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\SerialIO31.dll 2019-08-02 08:56 - 2019-08-02 08:56 - 000208384 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\USBIO31.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-11-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2021-04-14] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 15:31 - 2022-03-29 12:32 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\Control Panel\Desktop\\Wallpaper -> \\192.168.1.172\Photo\background desktop.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{84652C4C-6384-483E-B45D-85EF1A2B536A}C:\program files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe (AChat team) [File not signed] FirewallRules: [UDP Query User{7547588F-2A7C-447F-A039-5D2BA1E52D91}C:\program files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe (AChat team) [File not signed] FirewallRules: [{24CEA163-3C8A-451A-B2B6-DD1E2FABC5A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{72AB07D6-84E3-4F07-B32E-0C22A37CC7E9}C:\program files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe (AChat team) [File not signed] FirewallRules: [UDP Query User{64F0EC0D-5B83-4862-8984-7F63858681E3}C:\program files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe (AChat team) [File not signed] FirewallRules: [{0FE8B13D-B992-4CB1-AFBF-9B87C4B0E53A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{0C6AEE8F-F28C-4845-8595-269FA3FEAED2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{2045F0FB-FE1D-452D-BBE4-08E89EB88731}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{3695F57D-DCD7-43F9-B7F0-83CEB5E678D4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{D78E82B2-DB79-4D3B-BB01-8399ECE2EA3E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{C690E61B-6A2C-44B8-87C6-26E7970ACFF8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:97.06 GB) (Free:55.4 GB) (57%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/28/2022 09:23:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 99.0.1150.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 55c Start Time: 01d842425cce099d Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.52\identity_helper.exe Report Id: 1ca2806b-3998-43dd-a552-8522ccaa12c1 Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.46_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (03/20/2022 09:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 99.0.1150.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a2c Start Time: 01d83bf6866ec89a Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.46\identity_helper.exe Report Id: 972e00ee-707f-4150-92e5-34b1e448b922 Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.39_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (03/10/2022 09:04:55 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 99.0.1150.36 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1018 Start Time: 01d8341ac70f26b8 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.36\identity_helper.exe Report Id: abefbfdc-7cab-415a-9533-a5c7952f2321 Faulting package full name: Microsoft.MicrosoftEdge.Stable_99.0.1150.30_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (03/06/2022 09:01:18 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program identity_helper.exe version 99.0.1150.30 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 6a8 Start Time: 01d830f59bc9a0a4 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.30\identity_helper.exe Report Id: 55b385e2-c74e-4b24-a708-3a94611cb1eb Faulting package full name: Microsoft.MicrosoftEdge.Stable_98.0.1108.62_neutral__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce Error: (03/05/2022 01:03:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program eStock.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 88c Start Time: 01d83027c4403676 Termination Time: 16 Application Path: \\192.168.1.172\BBS-Soft\eStock.exe Report Id: 8665fb43-df1a-489d-8a89-c84e316f116a Faulting package full name: Faulting package-relative application ID: Hang type: Cross-thread Error: (03/05/2022 08:27:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eStock.exe, version: 7.51.0.29, time stamp: 0x61e8c4cc Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0x9012d056 Exception code: 0xc0000005 Fault offset: 0x0004788e Faulting process id: 0xbbc Faulting application start time: 0x01d830279944f454 Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 2527f5b8-30ca-4813-9b65-e25bbc8c477a Faulting package full name: Faulting package-relative application ID: Error: (03/05/2022 08:25:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eStock.exe, version: 7.51.0.29, time stamp: 0x61e8c4cc Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0x9012d056 Exception code: 0xc0000005 Fault offset: 0x0004788e Faulting process id: 0x278c Faulting application start time: 0x01d830276e61718a Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 1e8eeabd-22ce-4d4f-824b-2170e1e92fde Faulting package full name: Faulting package-relative application ID: Error: (03/05/2022 08:24:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eStock.exe, version: 7.51.0.29, time stamp: 0x61e8c4cc Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0x9012d056 Exception code: 0xc0000374 Fault offset: 0x000e6c43 Faulting process id: 0xa64 Faulting application start time: 0x01d83026da8cf73d Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 5aaa438d-af16-4cc0-ba0d-ad4b55953c43 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The TeamViewer 14 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EPSON Device Control Log Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The EPSON Port Communication Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The DigitalPersona Authentication Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/31/2022 12:28:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The AnyDesk Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: ================ Date: 2022-03-31 10:38:13 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-03-29 09:03:50 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-03-28 09:25:45 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-03-26 08:33:11 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-03-25 08:51:15 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =============== Date: 2022-03-30 08:35:42 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1.20 11/23/2018 Motherboard: Micro-Star International Co., Ltd. H310M PRO-VH PLUS (MS-7C13) Processor: Intel® Core™ i3-9100F CPU @ 3.60GHz Percentage of memory in use: 44% Total physical RAM: 8134.27 MB Available physical RAM: 4542.22 MB Total Virtual: 9414.27 MB Available Virtual: 5638.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.06 GB) (Free:55.3 GB) NTFS Drive f: (New Volume) (Fixed) (Total:125.91 GB) (Free:124.92 GB) NTFS \\?\Volume{00e2fc41-cfb2-454b-b238-c98a5e286f98}\ () (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS \\?\Volume{b4bef3d3-81f6-4165-8fa9-55868c2fd69e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= * Back to top -------------------------------------------------------------------------------- BC ADBOT (LOGIN TO REMOVE) * * BleepingComputer.com * * Register to remove ads PLAY Top Articles Video Settings Full Screen About Connatix V157363 Read More Read More Read More Read More Read More Read More Fake Trezor data breach emails used to stealcryptocurrency wallets 1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE -------------------------------------------------------------------------------- #2 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,709 posts * OFFLINE * Gender:Male * Location:California * Local time:05:17 AM Posted 31 March 2022 - 08:29 AM Greetings shdzazm and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. =================================================== Ground Rules: * First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us. * It is important to not run any tools or take any steps other than those I will provide for you. * Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know. * Please copy and paste all logs into your post unless otherwise requested. * When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections. * If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it. =================================================== Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know. Please allow me some time to review what you have posted. Edited by Oh My!, 31 March 2022 - 08:31 AM. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #3 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,709 posts * OFFLINE * Gender:Male * Location:California * Local time:05:17 AM Posted 31 March 2022 - 09:02 AM Unfortunately you are using a pirated copy of Windows 10 Professional and the Windows Operating System is not properly activated. If you are able and willing to properly activate Windows with a valid and legal Product Key please do so, let me know it has been done, then run another scan. If you are unwilling or unable to do that it will be necessary to close this topic. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #4 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,709 posts * OFFLINE * Gender:Male * Location:California * Local time:05:17 AM Posted Yesterday, 08:04 AM Greetings, =================================================== Do You Still Need Help? It has been 3 days since my last post. * Do you still need help with this? * If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- Back to Virus, Trojan, Spyware, and Malware Removal Help * * * * * * * * * * 1 USER(S) ARE READING THIS TOPIC 0 members, 1 guests, 0 anonymous users Reply to quoted posts Clear 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help 4. Privacy Policy 5. Rules · * * Help Advertise | About Us | Terms of Use | Privacy Policy | Sitemap | Chat | RSS Feeds | Contact Us Tech Support Forums | Virus Removal Guides | Downloads | Tutorials | The Computer Glossary | Uninstall List | Startups | The File Database © 2004-2022 All Rights Reserved Bleeping Computer LLC . Site Changelog Community Forum Software by IP.Board SIGN IN * Use Twitter * Need an account? Register now! * Username * Forum Password I've forgotten my password * Remember me This is not recommended for shared computers * Sign in anonymously Don't add me to the active users list * Privacy Policy