Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019 Ran by SoBot (28-09-2019 20:58:55) Running from C:\Users\SoBot\Downloads Windows 7 Professional Service Pack 1 (X64) (2019-09-28 14:12:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3562657316-3913107346-467950137-500 - Administrator - Disabled) Convidado (S-1-5-21-3562657316-3913107346-467950137-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3562657316-3913107346-467950137-1002 - Limited - Enabled) SoBot (S-1-5-21-3562657316-3913107346-467950137-1001 - Administrator - Enabled) => C:\Users\SoBot ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Aurox-Global (HKLM-x32\...\Aurox-Global) (Version: - ) DLL-Files.com Client (HKLM-x32\...\DA71BA65-680A-4212-9150-6239217B53DC_DLL-Files.c~79141F26_is1) (Version: 2.3.0.8046 - DLL-Files.com Client) Fortera 12v6 (HKU\S-1-5-21-3562657316-3913107346-467950137-1001\...\Fortera 12v6) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Outbyte PC Repair (HKLM-x32\...\{D5C6DB0C-BC43-4A77-9121-D1A07591F855}_is1) (Version: 1.0.2.4 - Outbyte Computing Pty Ltd) WinRAR 5.71 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) X-Mouse Button Control 2.18.8 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.8 - Highresolution Enterprises) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============== 2019-09-28 19:28 - 2019-09-28 19:28 - 000014848 _____ () [File not signed] C:\Users\SoBot\AppData\Local\Temp\nsv12D3.tmp\InstallOptions.dll 2019-09-28 19:28 - 2019-09-28 19:28 - 000009728 _____ () [File not signed] C:\Users\SoBot\AppData\Local\Temp\nsv12D3.tmp\nsDialogs.dll 2019-09-28 19:28 - 2019-09-28 19:28 - 000010752 _____ () [File not signed] C:\Users\SoBot\AppData\Local\Temp\nsv12D3.tmp\System.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000976677 _____ () [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-1-6.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000328203 _____ () [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000119296 _____ () [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll 2017-02-08 18:46 - 2019-09-28 19:24 - 000167424 _____ () [File not signed] C:\Users\SoBot\Desktop\Xenobot\lua5.1.dll 2017-02-08 18:46 - 2019-09-28 19:24 - 002198016 _____ () [File not signed] C:\Users\SoBot\Desktop\Xenobot\QtCore4.dll 2017-02-08 18:46 - 2019-09-28 19:24 - 007779328 _____ () [File not signed] C:\Users\SoBot\Desktop\Xenobot\QtGui4.dll 2017-02-08 18:46 - 2019-09-28 19:24 - 000804352 _____ () [File not signed] C:\Users\SoBot\Desktop\Xenobot\QtNetwork4.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000590631 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\libwinpthread-1.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000463872 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\freebl3.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000248320 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\lgpllibs.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 001922560 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\mozavcodec.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000310272 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\mozavutil.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000996352 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\mozglue.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 001951744 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\nss3.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000430080 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\nssckbi.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000225280 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\softokn3.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 092623893 _____ (Mozilla Foundation) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\xul.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 003008269 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\LIBEAY32.dll 2000-01-01 01:00 - 2000-01-01 01:00 - 000817559 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\SoBot\Desktop\Tor Browser\Browser\TorBrowser\Tor\SSLEAY32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3562657316-3913107346-467950137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SoBot\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.15.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{1B83B1EC-3283-4BD9-AC46-128F510F54FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 28-09-2019 19:53:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 28-09-2019 19:54:00 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 ==================== Faulty Device Manager Devices ============= Name: Dispositivo USB de Introdução de Texto Description: Dispositivo USB de Introdução de Texto Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Dispositivos padrão de sistema) Service: HidUsb Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Dispositivo de sistema base Description: Dispositivo de sistema base Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2019 03:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (09/28/2019 07:45:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 40. Error: (09/28/2019 07:45:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 70. Error: (09/28/2019 07:45:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 70. Error: (09/28/2019 07:22:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 40. Error: (09/28/2019 07:22:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 70. Error: (09/28/2019 07:22:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Foi recebido o seguinte alerta fatal: 70. ==================== Memory info =========================== BIOS: innotek GmbH VBOX - 1 12/01/2006 Motherboard: Oracle Corporation VirtualBox Processor: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz Percentage of memory in use: 92% Total physical RAM: 2047.55 MB Available physical RAM: 154.79 MB Total Virtual: 5855.11 MB Available Virtual: 529.53 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:31.9 GB) (Free:18.36 GB) NTFS Drive d: (GSP1RMCPRXFREO_PT_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF \\?\Volume{7979349d-e1f8-11e9-89ea-806e6f6e6963}\ (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 32 GB) (Disk ID: 63EAF4CD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=31.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================