www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/#entry5339568
Effective URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/
Submission: On April 04 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/
Submission: On April 04 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770401" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770401">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770401/proxy-script-12700186/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Fake Trezor data breach emails used to steal cryptocurrency
wallets
Featured Deal: Earn the cybersecurity training you need with this course bundle
PROXY SCRIPT 127.0.0.1:86
Started by shdzazmi , Mar 31 2022 01:40 AM
* Please log in to reply
3 replies to this topic
#1 SHDZAZMI
shdzazmi
*
* Members
* 1 posts
* OFFLINE
* Local time:08:17 PM
Posted 31 March 2022 - 01:40 AM
Hi there, so recently i got this proxy script blocking access to "google.com",
what i did is create a batch file that change the registry, it work, but when
the computer restart, it came back
So i searched the proxy script 127.0.0.1:86 problems on google, turns out people
rarely get this problems, only at bleepingcomputer people solved the proxy
script problem.
I dont know if this is a virus because windows security didnt get anything,
adwcleaner too
Here i copy the FRST.txt and Addition.txt, i appreciate every help that i get
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2022
Ran by Jaya Raya (administrator) on DESKTOP-6N77RDD (Micro-Star International
Co., Ltd. MS-7C13) (31-03-2022 12:44:24)
Running from C:\Users\Jaya Raya\Downloads
Loaded Profiles: Jaya Raya
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1466 (X64) Language:
English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(explorer.exe ->) (AChat team) [File not signed] C:\Program Files
(x86)\AChat\AChat.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe <8>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\Jaya
Raya\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(services.exe ->) (DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program
Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
(services.exe ->) (Intel Corporation -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel
Corporation)
C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program
Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (philandro Software GmbH -> philandro Software GmbH)
C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program
Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program
Files\EPSON\portcommunicationservice\PCSVC.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files
(x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (@ByELDI -> ByELDI) [File not signed] C:\Program Files
(x86)\Common Files\KMSpico\Update\kmsupd.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\SppExtComObj.Exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Pro
Workstation\Bin\DpTsClnt.dll" (No File)
HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run: [AChat] =>
C:\Program Files (x86)\AChat\AChat.exe [2851328 2007-01-24] (AChat team) [File
not signed]
HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run: [Opera Browser
Assistant] => C:\Users\Jaya
Raya\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424
2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Run:
[MicrosoftEdgeAutoLaunch_EC18C4AEBD4964E58D039383A6F09DD2] => "C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
--win-session-start /prefetch:5
HKLM\...\Print\Monitors\EPSON L1110 Series 64MonitorBE:
C:\WINDOWS\system32\E_YLMBUTE.DLL [184832 2017-07-14] (Microsoft Windows
Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON SIDM BS64MonitorB: C:\WINDOWS\system32\EBPMONB.DLL
[108032 2008-08-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO
EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-30]
(Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\AnyDesk.lnk [2019-09-10]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\removeproxyregistry - Shortcut.lnk [2022-03-31]
ShortcutTarget: removeproxyregistry - Shortcut.lnk -> C:\removeproxyregistry.bat
() [File not signed]
Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\resetproxy - Shortcut.lnk [2022-03-31]
ShortcutTarget: resetproxy - Shortcut.lnk -> C:\resetproxy.bat () [File not
signed]
Startup: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\resetproxynetsh - Shortcut.lnk [2022-03-31]
ShortcutTarget: resetproxynetsh - Shortcut.lnk -> C:\resetproxynetsh.bat ()
[File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {01F4D4CE-EC39-46EE-9A06-B111D8C14D40} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft
Corporation -> Microsoft Corporation)
Task: {21AA990F-41AB-4011-9431-6EC5B5E89413} - System32\Tasks\KMSpico Auto
Update Scheduler => C:\Program Files (x86)\Common
Files\KMSpico\Update\kmsupd.exe [81248 2020-02-26] (@ByELDI -> ByELDI) [File not
signed]
Task: {24A64FC5-2CAC-466A-A0D0-E24F78E394AB} -
System32\Tasks\HPCustParticipation HP LaserJet MFP M129-M134 => C:\Program
Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6660744 2018-08-22]
(Hewlett Packard -> HP Inc.)
Task: {32AD0358-54B0-46BB-83D5-90999BF19CBE} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google
LLC)
Task: {3CF32B41-D786-408E-8C3D-848AA92C7E14} - System32\Tasks\R@1n-KMS\Windows®,
Professional edition => wmic path SoftwareLicensingProduct where
(ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {5A41379F-0FD1-4D36-BB49-15A250D6F0D0} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6A328A88-EE2D-4AB5-95DC-67B4D02B0E1E} - System32\Tasks\Opera scheduled
assistant Autoupdate 1603954038 => C:\Users\Jaya
Raya\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16] (Opera
Software AS -> Opera Software) -> --scheduledautoupdate
--component-name=assistant --component-path="C:\Users\Jaya
Raya\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6FD5300D-6440-4011-A397-AB36B398FA80} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {82DCB34F-6ED1-4FB6-A105-CE97BFC01591} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-16] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {859E031D-8E71-4969-A229-B61DC3CC0BEE} - System32\Tasks\Opera scheduled
Autoupdate 1603954032 => C:\Users\Jaya
Raya\AppData\Local\Programs\Opera\launcher.exe [2470608 2022-03-16] (Opera
Software AS -> Opera Software)
Task: {98ECE5A7-ACC1-45E1-9088-DDA22408CA54} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft
Corporation -> Microsoft Corporation)
Task: {9EDE6A34-CC42-4F2D-89D5-72204F6800FB} -
System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program
Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632
2015-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6023FAB-FF9D-4814-A6B5-6068EB412266} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-11] (Google LLC -> Google
LLC)
Task: {CAD84607-3255-45C1-86E2-97C1C1F13727} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F150B41C-6B47-4FC9-B8EA-27441DE0F529} - System32\Tasks\R@1n-KMS\Office
16, Office16ProPlusVL_KMS_Client edition => wmic path SoftwareLicensingProduct
where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {FFE6D3D6-E066-43E9-8114-203CFDCCD32B} - System32\Tasks\Intel PTT EK
Recertification =>
C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
[818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings:
[ProxySettingsPerUser] 1 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{3CA1CD31-93CE-4764-9546-2E4400E6B506}] => hxxp://127.0.0.1:86/
Tcpip\..\Interfaces\{4dc46bd7-2e18-43df-b939-d4e5bc5ddce9}: [NameServer]
8.8.8.8,8.8.4.4
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
DownloadDir: C:\Users\Jaya Raya\Downloads
Edge Notifications: HKU\S-1-5-21-3720672381-1331533200-1916140197-1001 ->
hxxps://download.id
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill
[not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer
[not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824
=>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools
[not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI
[not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaya Raya\AppData\Local\Microsoft\Edge\User Data\Default
[2022-03-31]
Edge DownloadDir: Default -> C:\Users\Jaya Raya\Downloads
Edge Notifications: Default -> hxxps://download.id
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation
-> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files
(x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft
Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-08-01] (Microsoft Corporation
-> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Default
[2022-03-31]
CHR Notifications: Default -> hxxps://hr.talenta.co; hxxps://mail.google.com;
hxxps://web.whatsapp.com
CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-11]
CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-11]
CHR Extension: (Google Drive) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-11]
CHR Extension: (Spreadsheet) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-11]
CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16]
CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Guest
Profile [2022-03-31]
CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 1
[2022-03-31]
CHR Notifications: Profile 1 -> hxxps://web.whatsapp.com
CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-10]
CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-10]
CHR Extension: (Google Drive) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-10]
CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-10]
CHR Extension: (Spreadsheet) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-10]
CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-10]
CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-10]
CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-10]
CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\Profile 2
[2022-03-31]
CHR Extension: (Slide) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-10]
CHR Extension: (Dokumen) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-10]
CHR Extension: (Google Drive) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-10]
CHR Extension: (YouTube) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-10]
CHR Extension: (Spreadsheet) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-10]
CHR Extension: (Google Dokumen Offline) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16]
CHR Extension: (Pembayaran Chrome Webstore) - C:\Users\Jaya
Raya\AppData\Local\Google\Chrome\User Data\Profile
2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-10]
CHR Extension: (Gmail) - C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User
Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-10]
CHR Profile: C:\Users\Jaya Raya\AppData\Local\Google\Chrome\User Data\System
Profile [2022-03-31]
Opera:
=======
OPR Profile: C:\Users\Jaya Raya\AppData\Roaming\Opera Software\Opera Stable
[2022-03-31]
OPR Notifications: Opera Stable -> hxxps://shopee.co.id
OPR DefaultSuggestURL: Opera Stable ->
hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Jaya Raya\AppData\Roaming\Opera
Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-10]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Jaya
Raya\AppData\Roaming\Opera Software\Opera
Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-19]
Brave:
=======
BRA Profile: C:\Users\Jaya Raya\AppData\Local\BraveSoftware\Brave-Browser\User
Data\Default [2022-03-31]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Jaya
Raya\AppData\Local\BraveSoftware\Brave-Browser\User
Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-03-29]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Jaya
Raya\AppData\Local\BraveSoftware\Brave-Browser\User
Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-03-29]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Jaya
Raya\AppData\Local\BraveSoftware\Brave-Browser\User
Data\cpoalefficncklhjfpglfiplenlpccdb [2022-03-29]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Jaya
Raya\AppData\Local\BraveSoftware\Brave-Browser\User
Data\oofiananboodjbbmdelgdommihjbkfag [2022-03-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-10-06]
(philandro Software GmbH -> philandro Software GmbH)
R2 DpHost; C:\Program Files\DigitalPersona\Pro Workstation\Bin\DpHostW.exe
[473424 2014-12-15] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
R2 EPSON_Device_Control_Log_Service; C:\Program
Files\epson\portcommunicationservice\DeviceControlLog.exe [408576 2019-08-02]
(SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program
Files\epson\portcommunicationservice\PCSVC.exe [582656 2019-08-02] (SEIKO EPSON
CORPORATION) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3595776
2022-02-28] (Microsoft Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher ->
Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
[12054872 2019-10-11] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-16] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-16] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07]
(Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07]
(Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-16]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-16]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-16]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-31 12:44 - 2022-03-31 12:44 - 000021516 _____ C:\Users\Jaya
Raya\Downloads\FRST.txt
2022-03-31 12:42 - 2022-03-31 12:42 - 000000000 ___HD C:\$WinREAgent
2022-03-31 12:28 - 2022-03-31 12:44 - 000000000 ____D C:\FRST
2022-03-31 12:28 - 2022-03-31 12:34 - 000013498 _____ C:\Users\Jaya
Raya\Downloads\Fixlog.txt
2022-03-31 12:28 - 2022-03-30 14:28 - 000005092 _____ C:\Users\Jaya
Raya\Downloads\listfix.txt
2022-03-31 12:28 - 2022-03-29 13:36 - 002365440 _____ (Farbar) C:\Users\Jaya
Raya\Downloads\FRST64.exe
2022-03-31 12:26 - 2022-03-30 15:19 - 000000104 _____ C:\removeproxyregistry.bat
2022-03-31 12:26 - 2022-03-30 15:19 - 000000025 _____ C:\resetproxynetsh.bat
2022-03-31 12:26 - 2022-03-18 13:43 - 000000142 _____ C:\resetproxy.bat
2022-03-31 08:25 - 2022-03-31 08:25 - 000026494 _____ C:\Users\Jaya
Raya\Downloads\KPI Dep TAF Feb 22.xlsx
2022-03-30 14:45 - 2022-03-30 14:45 - 000078003 _____ C:\Users\Jaya
Raya\Downloads\CV. BUMI MANUNGGAL G 30 MAR 22.pdf
2022-03-30 10:47 - 2022-03-30 10:47 - 000185791 _____ C:\Users\Jaya
Raya\Downloads\03. NPWP PT. PMP.pdf
2022-03-29 16:58 - 2022-03-29 16:58 - 001841744 _____ C:\Users\Jaya
Raya\Downloads\1-29.xls
2022-03-29 14:57 - 2022-03-29 14:57 - 000024909 _____ C:\Users\Jaya
Raya\Downloads\WhatsApp Image 2022-03-29 at 14.17.59.jpeg
2022-03-28 17:18 - 2022-03-28 17:18 - 000007351 _____ C:\Users\Jaya
Raya\Downloads\WhatsApp Image 2022-03-28 at 15.35.34.jpeg
2022-03-28 16:51 - 2022-03-28 16:51 - 000096432 _____ C:\Users\Jaya
Raya\Downloads\3300000002_031046709722000_48002029.pdf
2022-03-26 15:29 - 2022-03-26 15:29 - 000024564 _____ C:\Users\Jaya
Raya\Downloads\SRN_PAYMENT 396.pdf
2022-03-26 13:22 - 2022-03-26 13:22 - 000096413 _____ C:\Users\Jaya
Raya\Downloads\WhatsApp Image 2022-03-24 at 15.37.58.jpeg
2022-03-26 13:14 - 2022-03-26 13:14 - 000013849 _____ C:\Users\Jaya
Raya\Downloads\LIST TAGIHAN PENGAJUAN PAYMENT.xlsx
2022-03-25 11:00 - 2022-03-25 11:00 - 000224134 _____ C:\Users\Jaya
Raya\Downloads\Rekening baru (1).pdf
2022-03-25 09:21 - 2022-03-25 09:21 - 000026112 _____ C:\Users\Jaya
Raya\Downloads\SAP.xls
2022-03-24 16:46 - 2022-03-24 16:46 - 000230977 _____ C:\Users\Jaya
Raya\Downloads\Toyota, Fortuner L 1195 H(2).pdf
2022-03-24 16:42 - 2022-03-24 16:42 - 000090193 _____ C:\Users\Jaya
Raya\Downloads\Receipt (1).pdf
2022-03-23 16:06 - 2022-03-23 16:06 - 000051902 _____ C:\Users\Jaya
Raya\Downloads\CV BUMI MANUNGGAL 22 MAR 22.pdf
2022-03-22 14:58 - 2022-03-22 14:58 - 000012076 _____ C:\Users\Jaya
Raya\Downloads\TJMI Balikpapan (1).xlsx
2022-03-22 14:35 - 2022-03-22 14:35 - 000015080 _____ C:\Users\Jaya
Raya\Downloads\PO-09801....pdf
2022-03-22 13:55 - 2022-03-22 13:55 - 000030720 _____ C:\Users\Jaya
Raya\Downloads\SKU.xls
2022-03-21 17:15 - 2022-03-21 17:15 - 000292325 _____ C:\Users\Jaya
Raya\Downloads\SPPKP.pdf
2022-03-21 17:15 - 2022-03-21 17:15 - 000235147 _____ C:\Users\Jaya
Raya\Downloads\kepemilikan rekening bmg (2).pdf
2022-03-21 17:15 - 2022-03-21 17:15 - 000180195 _____ C:\Users\Jaya
Raya\Downloads\NIB.pdf
2022-03-21 17:15 - 2022-03-21 17:15 - 000162743 _____ C:\Users\Jaya
Raya\Downloads\SIUP.pdf
2022-03-21 17:11 - 2022-03-21 17:11 - 001038399 _____ C:\Users\Jaya
Raya\Downloads\SPPKP PS 2017 (3).PDF
2022-03-21 16:55 - 2022-03-21 16:55 - 000051138 _____ C:\Users\Jaya
Raya\Downloads\0322_Mandiri SLS idr _180322_ Sparepart - Pengajuan 222000128 -
Listiono Gunawan - 27.925.000.pdf
2022-03-21 14:42 - 2022-03-21 14:42 - 000030208 _____ C:\Users\Jaya
Raya\Downloads\KOBEXINDO (2).xls
2022-03-21 09:12 - 2022-03-21 09:12 - 000032768 _____ C:\Users\Jaya
Raya\Downloads\BSS (5).xls
2022-03-21 09:01 - 2022-03-21 09:01 - 000247401 _____ C:\Users\Jaya
Raya\Downloads\Surat Pemberitahuan Bank.pdf
2022-03-20 12:36 - 2022-03-20 12:36 - 000026112 _____ C:\Users\Jaya
Raya\Downloads\Kop Pamandiri.xls
2022-03-20 10:03 - 2022-03-20 10:03 - 000031744 _____ C:\Users\Jaya
Raya\Downloads\KTC (4).xls
2022-03-19 17:11 - 2022-03-19 17:11 - 000012413 _____ C:\Users\Jaya
Raya\Downloads\TRIWISNNA (1).xlsx
2022-03-19 16:21 - 2022-03-19 16:23 - 000058368 _____ C:\Users\Jaya
Raya\Downloads\TSB GROUP (5).xls
2022-03-18 17:09 - 2022-03-18 17:09 - 000030720 _____ C:\Users\Jaya
Raya\Downloads\MAP (2).xls
2022-03-18 11:37 - 2022-03-18 11:43 - 000028160 _____ C:\Users\Jaya
Raya\Downloads\PCP (1).xls
2022-03-18 09:20 - 2022-03-18 09:20 - 000009420 _____ C:\Users\Jaya
Raya\Downloads\Daftar buka tutup plafon.xlsx
2022-03-16 14:52 - 2022-03-16 14:52 - 000938098 _____ C:\Users\Jaya
Raya\Downloads\CamScanner 03-16-2022 13.22.pdf
2022-03-16 14:12 - 2022-03-16 14:12 - 000034816 _____ C:\Users\Jaya
Raya\Downloads\TJMI Kaliorang (2).xls
2022-03-16 14:12 - 2022-03-16 14:12 - 000011703 _____ C:\Users\Jaya
Raya\Downloads\TJMI Balikpapan.xlsx
2022-03-16 13:59 - 2022-03-16 13:59 - 000252605 _____ C:\Users\Jaya
Raya\Downloads\TRANSFER TO OTHER BANK (ONLINE)_RB0316140123148.pdf.pdf
2022-03-16 09:57 - 2022-03-16 14:34 - 000058640 _____ C:\Users\Jaya
Raya\Downloads\PENAGIHAN.pptx
2022-03-16 08:54 - 2022-03-16 08:54 - 000013824 _____ C:\Users\Jaya
Raya\Downloads\account_statement_1480019408122_15 March 2022-15 March
2022_20220316075343.xls
2022-03-15 15:24 - 2022-03-15 15:24 - 000015453 _____ C:\Users\Jaya
Raya\Downloads\AET Group (1).xlsx
2022-03-14 11:05 - 2022-03-14 11:05 - 000032768 _____ C:\Users\Jaya
Raya\Downloads\10.02.2022 Rekonsil Invoice Bumi Manunggal Gracia.xls
2022-03-14 10:01 - 2022-03-14 10:01 - 000257943 _____ C:\Users\Jaya
Raya\Downloads\Revisi kpuc.pdf
2022-03-14 09:56 - 2022-03-14 09:56 - 000196469 _____ C:\Users\Jaya
Raya\Downloads\Kpuc(2).pdf
2022-03-14 09:55 - 2022-03-14 09:55 - 000190658 _____ C:\Users\Jaya
Raya\Downloads\Rekening KPUC.pdf
2022-03-12 10:58 - 2022-03-12 10:58 - 000091332 _____ C:\Users\Jaya
Raya\Downloads\Flow permintaan karyawan_JRM.pptx
2022-03-11 15:50 - 2022-03-11 15:50 - 000028160 _____ C:\Users\Jaya
Raya\Downloads\Tunas Hijau MKP.xls
2022-03-11 14:09 - 2022-03-11 14:09 - 000520719 _____ C:\Users\Jaya
Raya\Downloads\Inv SLE (2).pdf
2022-03-10 16:47 - 2022-03-10 16:47 - 000995300 _____ C:\Users\Jaya
Raya\Downloads\JAYA RAYA MOTOR.pdf
2022-03-09 13:39 - 2022-03-09 13:39 - 000364940 _____ C:\Users\Jaya
Raya\Downloads\KPUC.pdf
2022-03-09 11:25 - 2022-03-09 11:25 - 000030720 _____ C:\Users\Jaya
Raya\Downloads\MAP.xls.xls
2022-03-09 10:55 - 2022-03-09 10:55 - 000030720 _____ C:\Users\Jaya
Raya\Downloads\Semindo.xls
2022-03-08 09:08 - 2022-03-08 09:08 - 001104255 _____ C:\Users\Jaya
Raya\Downloads\JAYA RAYA KE BUMI MANUNGGAL.pdf
2022-03-07 16:12 - 2022-03-07 16:12 - 000362454 _____ C:\Users\Jaya
Raya\Downloads\Surat Tarif PPN 11% Per 1 April 2022.pdf
2022-03-07 16:12 - 2022-03-07 16:12 - 000116874 _____ C:\Users\Jaya
Raya\Downloads\UU Nomor 7 Tahun 2021 tentang HPP Pasal 7 ayat 1 (1).pdf
2022-03-05 10:34 - 2022-03-05 10:34 - 000065538 _____ C:\Users\Jaya
Raya\Downloads\Tagihan macet (2).xlsx
2022-03-05 10:19 - 2022-03-05 10:19 - 000065538 _____ C:\Users\Jaya
Raya\Downloads\Tagihan macet.xlsx
2022-03-05 10:19 - 2022-03-05 10:19 - 000065538 _____ C:\Users\Jaya
Raya\Downloads\Tagihan macet (1).xlsx
2022-03-04 14:02 - 2022-03-04 14:02 - 000175653 _____ C:\Users\Jaya
Raya\Downloads\Meranti Sakti.pdf
2022-03-03 17:19 - 2022-03-03 17:19 - 000030208 _____ C:\Users\Jaya
Raya\Downloads\Gonusa.xls
2022-03-03 13:56 - 2022-03-03 13:56 - 000030208 _____ C:\Users\Jaya
Raya\Downloads\KOBEXINDO (1).xls
2022-03-03 13:31 - 2022-03-03 13:31 - 002468283 _____ C:\Users\Jaya
Raya\Downloads\PCP 3.pdf
2022-03-02 15:25 - 2022-03-02 15:25 - 000224134 _____ C:\Users\Jaya
Raya\Downloads\Rekening baru.pdf
2022-03-02 15:24 - 2022-03-02 15:24 - 000174034 _____ C:\Users\Jaya
Raya\Downloads\perubahan rekening.pdf
2022-03-02 14:55 - 2022-03-02 14:55 - 000025600 _____ C:\Users\Jaya
Raya\Downloads\EVANS.xls
2022-03-02 14:55 - 2022-03-02 14:55 - 000025600 _____ C:\Users\Jaya
Raya\Downloads\EVANS (1).xls
2022-03-02 10:54 - 2022-03-02 10:54 - 000154833 _____ C:\Users\Jaya
Raya\Downloads\PEMBERITAHUAN PERUBAHAN STEMPEL (3).pdf
2022-03-02 09:32 - 2022-03-02 09:32 - 000036864 _____ C:\Users\Jaya
Raya\Downloads\KRI (3).xls
2022-03-01 16:28 - 2022-03-01 16:28 - 000029696 _____ C:\Users\Jaya
Raya\Downloads\ATP.xls
2022-03-01 15:12 - 2022-03-01 15:12 - 000032256 _____ C:\Users\Jaya
Raya\Downloads\KED (4).xls
2022-03-01 14:52 - 2022-03-01 14:52 - 000031232 _____ C:\Users\Jaya
Raya\Downloads\SKP (4).xls
2022-03-01 14:36 - 2022-03-01 14:36 - 000310834 _____ C:\Users\Jaya
Raya\Downloads\SGM Ttd (1).pdf
2022-03-01 09:59 - 2022-03-01 09:59 - 000193112 _____ C:\Users\Jaya
Raya\Downloads\NPWP BMG.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-31 12:43 - 2020-12-01 16:31 - 000776042 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-31 12:43 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-31 12:39 - 2020-03-11 08:32 - 000000000 ____D C:\Program Files
(x86)\Google
2022-03-31 12:37 - 2019-12-07 17:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-03-31 12:36 - 2022-02-13 10:17 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-03-31 12:36 - 2020-12-01 16:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-31 12:36 - 2020-12-01 16:21 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-31 12:36 - 2019-09-06 10:41 - 000000000 ____D C:\ProgramData\NVIDIA
2022-03-31 12:36 - 2018-09-15 13:47 - 000000000 ____D C:\Program Files
(x86)\TeamViewer
2022-03-31 12:34 - 2019-12-07 17:03 - 000524288 _____
C:\WINDOWS\system32\config\BBI
2022-03-31 12:34 - 2019-09-10 11:39 - 000000000 ____D C:\Program Files
(x86)\AnyDesk
2022-03-31 12:31 - 2020-03-04 08:34 - 000000000 ____D C:\Users\Jaya
Raya\AppData\LocalLow\Temp
2022-03-31 12:28 - 2018-09-15 15:33 - 000000000 ___HD
C:\WINDOWS\system32\GroupPolicy
2022-03-31 12:08 - 2019-11-23 15:09 - 000000000 ____D C:\Users\Jaya
Raya\AppData\Roaming\WhatsApp
2022-03-31 10:08 - 2018-09-15 13:45 - 000000000 ____D C:\Users\Jaya
Raya\AppData\Local\Packages
2022-03-31 08:07 - 2020-12-01 16:26 - 000004176 _____
C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{95279D33-1815-4198-B1E6-9713B471E32B}
2022-03-30 13:06 - 2020-03-11 08:34 - 000002291 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-30 13:06 - 2020-03-11 08:34 - 000002250 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-30 12:49 - 2020-12-01 16:22 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-03-30 12:20 - 2019-12-07 17:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-03-30 12:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-30 09:55 - 2022-02-19 15:29 - 000000000 ____D C:\Users\Jaya
Raya\AppData\Local\WhatsApp
2022-03-29 12:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-29 12:09 - 2020-12-01 16:22 - 000447704 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-29 12:06 - 2019-12-07 17:54 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D
C:\WINDOWS\system32\appraiser
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D
C:\WINDOWS\ShellExperiences
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2022-03-29 12:06 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-29 12:06 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-29 12:06 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-29 08:04 - 2020-06-09 08:11 - 000002438 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-29 08:04 - 2020-06-09 08:11 - 000002276 _____
C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-25 08:02 - 2021-12-12 08:01 - 000003592 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-3720672381-1331533200-1916140197-1001
2022-03-25 08:02 - 2020-12-01 16:26 - 000003388 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-3720672381-1331533200-1916140197-1001
2022-03-25 08:02 - 2020-12-01 14:07 - 000002440 _____ C:\Users\Jaya
Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-24 08:13 - 2019-11-23 15:09 - 000000000 ____D C:\Users\Jaya
Raya\AppData\Local\SquirrelTemp
2022-03-22 08:16 - 2020-12-01 16:26 - 000004242 _____
C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1603954032
2022-03-22 08:16 - 2020-10-29 14:47 - 000001532 _____ C:\Users\Jaya
Raya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2022-03-20 08:32 - 2019-09-06 10:10 - 000000000 ____D C:\DIGI
2022-03-16 08:17 - 2018-09-15 13:42 - 000000000 ____D
C:\WINDOWS\system32\Drivers\wd
2022-03-11 08:13 - 2020-12-01 16:26 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-11 08:13 - 2020-12-01 16:26 - 000003356 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022
Ran by Jaya Raya (31-03-2022 12:45:35)
Running from C:\Users\Jaya Raya\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1466 (X64) (2020-12-01 08:26:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3720672381-1331533200-1916140197-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-3720672381-1331533200-1916140197-503 - Limited -
Disabled)
defaultuser0 (S-1-5-21-3720672381-1331533200-1916140197-1000 - Limited -
Disabled)
Guest (S-1-5-21-3720672381-1331533200-1916140197-501 - Limited - Enabled)
Jaya Raya (S-1-5-21-3720672381-1331533200-1916140197-1001 - Administrator -
Enabled) => C:\Users\Jaya Raya
WDAGUtilityAccount (S-1-5-21-3720672381-1331533200-1916140197-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
AChat v0.150 (HKLM-x32\...\AChat_is1) (Version: 0.150 - SourceForge.NET)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH)
BG-Soft Component Package (HKLM-x32\...\{BA7C0CAC-6880-4A85-8158-119FDE468B22})
(Version: 2.00.0000 - Bumi Global Komputindo)
Brave (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\BraveSoftware
Brave-Browser) (Version: 76.0.68.130 - Brave Software Inc)
DigitalPersona U.are.U RTE (HKLM\...\{3FE5B696-9DA2-41AA-8414-58E3936169A6})
(Version: 2.3.1.767 - DigitalPersona, Inc.)
EPSON APD4 Point and Print Support
(HKLM-x32\...\{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}) (Version: 4.58.0000 -
SEIKO EPSON CORPORATION)
EPSON L1110 Series Printer Uninstall (HKLM\...\EPSON L1110 Series) (Version: -
Seiko Epson Corporation)
EPSON LX-310 ESC/P Printer Utility Uninstall (HKLM\...\EPSON LX-310 ESC/P)
(Version: - SEIKO EPSON Corporation)
EPSON Port Communication Service
(HKLM\...\{24C64105-B4D2-42CF-9E18-0EFA731135F6}) (Version: 3.23.0 - SEIKO EPSON
CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.84 - Google LLC)
Herramientas de corrección de Microsoft Office 2016: español
(HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 -
Microsoft Corporation) Hidden
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33})
(Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F})
(Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version:
43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452})
(Version: 36.0.102.68541 - HP)
HP LaserJet MFP M129-M134 Basic Device Software
(HKLM\...\{B162F8E1-52A3-4D42-B119-3580C8D7FC62}) (Version: 44.3.2667.18234 - HP
Inc.)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599})
(Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C})
(Version: 43.0.0.0 - HP)
I.R.I.S OCR (HKLM-x32\...\{3913CCF7-436B-4A7A-A265-62E9FFDD03D9}) (Version:
15.2.10.1114 - HP Inc.)
IDAutomation.com Code 128 Font Package Demo (HKLM-x32\...\IDAutomation.com Code
128 Font Package Demo) (Version: - )
LM129 (HKLM-x32\...\{A2D25501-6F44-4CE2-9EFA-C9E5A0658FA9}) (Version: 0.00.0005
- HP)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244})
(Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft
Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version:
16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive
(HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\OneDriveSetup.exe)
(Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76})
(Version: 2.84.0.0 - Microsoft Corporation)
NVIDIA Graphics Driver 456.71
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version:
1.3.38.35 - NVIDIA Corporation)
Opera Stable 84.0.4316.42
(HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\Opera 84.0.4316.42)
(Version: 84.0.4316.42 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français
(HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 -
Microsoft Corporation) Hidden
Product Improvement Study for HP LaserJet MFP M129-M134
(HKLM\...\{2356481F-26D1-4BEE-BA39-CB9AE90953A0}) (Version: 44.3.2667.18234 - HP
Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.7.1965 - TeamViewer)
Update for Skype for Business 2016 (KB5001940) 64-Bit Edition
(HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D})
(Version: - Microsoft)
Update for Skype for Business 2016 (KB5001940) 64-Bit Edition
(HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D})
(Version: - Microsoft)
Update for Skype for Business 2016 (KB5001940) 64-Bit Edition
(HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1D5164B0-74E0-46B5-A6DF-6FC9F637E79D})
(Version: - Microsoft)
WhatsApp (HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\...\WhatsApp)
(Version: 2.2210.9 - WhatsApp)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.91 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.91.0 - win.rar
GmbH)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Packages:
=========
HP Smart -> C:\Program
Files\WindowsApps\AD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6
[2022-03-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2019-09-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2019-09-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe
[2022-03-26] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program
Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe
[2020-05-21] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-3720672381-1331533200-1916140197-1001_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32
-> C:\Users\Jaya
Raya\AppData\Local\BraveSoftware\Brave-Browser\Application\76.0.68.130\notification_helper.exe
(Brave Software, Inc. -> Brave Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll
[2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>
C:\Program Files (x86)\WinRAR\rarext64.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
=> C:\Program Files (x86)\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH ->
Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\removeproxyregistry - Shortcut.lnk ->
C:\removeproxyregistry.bat ()
Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\resetproxy - Shortcut.lnk -> C:\resetproxy.bat ()
Shortcut: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\resetproxynetsh - Shortcut.lnk -> C:\resetproxynetsh.bat
()
ShortcutWithArgument: C:\Users\Jaya Raya\Desktop\Nery yani - Chrome.lnk ->
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->
--profile-directory="Default"
ShortcutWithArgument: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\FINANCE
- Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Jaya Raya\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Listiono
- Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2019-08-02 08:51 - 2019-08-02 08:51 - 000159744 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\BluetoothIO.dll
2019-08-02 08:52 - 2019-08-02 08:52 - 000101376 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\DeviceControlLogLibrary.dll
2019-08-02 08:50 - 2019-08-02 08:50 - 000238080 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\EthernetDHCPIO.dll
2019-08-02 08:57 - 2019-08-02 08:57 - 000227840 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\EthernetIO31.dll
2019-08-02 08:56 - 2019-08-02 08:56 - 000175616 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\ParallelIO31.dll
2019-08-02 08:53 - 2019-08-02 08:53 - 000133632 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program
Files\epson\portcommunicationservice\PortConnector31.DLL
2019-08-02 08:55 - 2019-08-02 08:55 - 000159744 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program Files\epson\portcommunicationservice\SerialIO31.dll
2019-08-02 08:56 - 2019-08-02 08:56 - 000208384 _____ (SEIKO EPSON CORPORATION)
[File not signed] C:\Program Files\epson\portcommunicationservice\USBIO31.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2021-11-22]
(Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft
Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft
Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft
Office\Office16\OCHelper.dll [2021-04-14] (Microsoft Corporation -> Microsoft
Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper ->
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft
Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft
Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation ->
Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program
Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft
Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation ->
Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files
(x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation ->
Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 15:31 - 2022-03-29 12:32 - 000000852 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3720672381-1331533200-1916140197-1001\Control
Panel\Desktop\\Wallpaper -> \\192.168.1.172\Photo\background desktop.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{84652C4C-6384-483E-B45D-85EF1A2B536A}C:\program
files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe
(AChat team) [File not signed]
FirewallRules: [UDP Query User{7547588F-2A7C-447F-A039-5D2BA1E52D91}C:\program
files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe
(AChat team) [File not signed]
FirewallRules: [{24CEA163-3C8A-451A-B2B6-DD1E2FABC5A2}] => (Allow) C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{72AB07D6-84E3-4F07-B32E-0C22A37CC7E9}C:\program
files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe
(AChat team) [File not signed]
FirewallRules: [UDP Query User{64F0EC0D-5B83-4862-8984-7F63858681E3}C:\program
files (x86)\achat\achat.exe] => (Block) C:\program files (x86)\achat\achat.exe
(AChat team) [File not signed]
FirewallRules: [{0FE8B13D-B992-4CB1-AFBF-9B87C4B0E53A}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
FirewallRules: [{0C6AEE8F-F28C-4845-8595-269FA3FEAED2}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
FirewallRules: [{2045F0FB-FE1D-452D-BBE4-08E89EB88731}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
FirewallRules: [{3695F57D-DCD7-43F9-B7F0-83CEB5E678D4}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
FirewallRules: [{D78E82B2-DB79-4D3B-BB01-8399ECE2EA3E}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
FirewallRules: [{C690E61B-6A2C-44B8-87C6-26E7970ACFF8}] => (Allow) C:\Program
Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software
GmbH)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:97.06 GB) (Free:55.4 GB) (57%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/28/2022 09:23:33 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.52 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 55c
Start Time: 01d842425cce099d
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.52\identity_helper.exe
Report Id: 1ca2806b-3998-43dd-a552-8522ccaa12c1
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.46_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/20/2022 09:05:34 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.46 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 2a2c
Start Time: 01d83bf6866ec89a
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.46\identity_helper.exe
Report Id: 972e00ee-707f-4150-92e5-34b1e448b922
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.39_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/10/2022 09:04:55 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.36 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 1018
Start Time: 01d8341ac70f26b8
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.36\identity_helper.exe
Report Id: abefbfdc-7cab-415a-9533-a5c7952f2321
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_99.0.1150.30_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/06/2022 09:01:18 AM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program identity_helper.exe version 99.0.1150.30 stopped
interacting with Windows and was closed. To see if more information about the
problem is available, check the problem history in the Security and Maintenance
control panel.
Process ID: 6a8
Start Time: 01d830f59bc9a0a4
Termination Time: 4294967295
Application Path: C:\Program Files
(x86)\Microsoft\Edge\Application\99.0.1150.30\identity_helper.exe
Report Id: 55b385e2-c74e-4b24-a708-3a94611cb1eb
Faulting package full name:
Microsoft.MicrosoftEdge.Stable_98.0.1108.62_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (03/05/2022 01:03:40 PM) (Source: Application Hang) (EventID: 1002)
(User: )
Description: The program eStock.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is
available, check the problem history in the Security and Maintenance control
panel.
Process ID: 88c
Start Time: 01d83027c4403676
Termination Time: 16
Application Path: \\192.168.1.172\BBS-Soft\eStock.exe
Report Id: 8665fb43-df1a-489d-8a89-c84e316f116a
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-thread
Error: (03/05/2022 08:27:11 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: eStock.exe, version: 7.51.0.29, time
stamp: 0x61e8c4cc
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp:
0x9012d056
Exception code: 0xc0000005
Fault offset: 0x0004788e
Faulting process id: 0xbbc
Faulting application start time: 0x01d830279944f454
Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2527f5b8-30ca-4813-9b65-e25bbc8c477a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/05/2022 08:25:59 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: eStock.exe, version: 7.51.0.29, time
stamp: 0x61e8c4cc
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp:
0x9012d056
Exception code: 0xc0000005
Fault offset: 0x0004788e
Faulting process id: 0x278c
Faulting application start time: 0x01d830276e61718a
Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1e8eeabd-22ce-4d4f-824b-2170e1e92fde
Faulting package full name:
Faulting package-relative application ID:
Error: (03/05/2022 08:24:25 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: eStock.exe, version: 7.51.0.29, time
stamp: 0x61e8c4cc
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp:
0x9012d056
Exception code: 0xc0000374
Fault offset: 0x000e6c43
Faulting process id: 0xa64
Faulting application start time: 0x01d83026da8cf73d
Faulting application path: \\192.168.1.172\BBS-Soft\eStock.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5aaa438d-af16-4cc0-ba0d-ad4b55953c43
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service
service terminated unexpectedly. It has done this 1 time(s).
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The TeamViewer 14 service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 2000
milliseconds: Restart the service.
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The EPSON Device Control Log Service service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The Intel® Management and Security Application Local Management
Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The EPSON Port Communication Service service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/31/2022 12:28:44 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The DigitalPersona Authentication Service service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/31/2022 12:28:43 PM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The AnyDesk Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0
milliseconds: Restart the service.
Windows Defender:
================
Date: 2022-03-31 10:38:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-29 09:03:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-28 09:25:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-26 08:33:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-25 08:51:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-03-30 08:35:42
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume4\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load
\Device\HarddiskVolume4\Program Files\Common Files\microsoft
shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware
signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.20 11/23/2018
Motherboard: Micro-Star International Co., Ltd. H310M PRO-VH PLUS (MS-7C13)
Processor: Intel® Core™ i3-9100F CPU @ 3.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8134.27 MB
Available physical RAM: 4542.22 MB
Total Virtual: 9414.27 MB
Available Virtual: 5638.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.06 GB) (Free:55.3 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:125.91 GB) (Free:124.92 GB) NTFS
\\?\Volume{00e2fc41-cfb2-454b-b238-c98a5e286f98}\ () (Fixed) (Total:0.49 GB)
(Free:0.07 GB) NTFS
\\?\Volume{b4bef3d3-81f6-4165-8fa9-55868c2fd69e}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V157363 Read More
Read More Read More Read More Read More Read More Fake Trezor data breach emails
used to stealcryptocurrency wallets 1/1 Skip Ad Continue watching after the ad
Visit Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,709 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:17 AM
Posted 31 March 2022 - 08:29 AM
Greetings shdzazm and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal
forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please
call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================
Ground Rules:
* First, please keep in mind most of us at BleepingComputer volunteer our
assistance for your benefit in your time of need. Please try to match our
commitment to you with your patience toward us.
* It is important to not run any tools or take any steps other than those I
will provide for you.
* Please perform all steps in the order they are listed. If things are not
clear or you experience problems be sure to stop and let me know.
* Please copy and paste all logs into your post unless otherwise requested.
* When your computer is clean I will let you know, provide instructions to
remove tools and reports, and offer you information about how you can combat
future infections.
* If you do not reply to your topic after 5 days I will assume it has been
abandoned and I will close it.
===================================================
Now that I am assisting you, you can expect that I will be very responsive to
your situation. If you are able, I would request you check this thread at least
once per day so that we can try to resolve your issues effectively and
efficiently. If you are going to be delayed please be considerate and let me
know.
Please allow me some time to review what you have posted.
Edited by Oh My!, 31 March 2022 - 08:31 AM.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#3 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,709 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:17 AM
Posted 31 March 2022 - 09:02 AM
Unfortunately you are using a pirated copy of Windows 10 Professional and the
Windows Operating System is not properly activated. If you are able and willing
to properly activate Windows with a valid and legal Product Key please do so,
let me know it has been done, then run another scan. If you are unwilling or
unable to do that it will be necessary to close this topic.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#4 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,709 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:17 AM
Posted Yesterday, 08:04 AM
Greetings,
===================================================
Do You Still Need Help?
It has been 3 days since my last post.
* Do you still need help with this?
* If you have not replied within 48 hours I will assume you have abandoned the
Topic and it will be closed.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
0 members, 1 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy