Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017 Ran by SYSTEM on MININT-ERB9FCN (05-03-2017 16:51:11) Running from f:\ Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202008 2013-10-17] (Realtek Semiconductor) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.) HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-12] (Razer Inc) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [ManOWarHelper] => C:\Program Files (x86)\Razer\Razer_ManOWar_Driver\Drivers\SysAudio\ManOWarHelper.exe [1599464 2016-04-06] (Razer Inc) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [9926112 2016-03-10] (Malwarebytes) Startup: C:\Users\Tony Gomez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2016-07-18] ShortcutTarget: PlutoTV.lnk -> C:\Users\Tony Gomez\AppData\Roaming\Pluto TV\PlutoTV.exe () GroupPolicy: Restriction <======= ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-04-23] (EasyAntiCheat Ltd) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.) S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\NS.exe [289080 2016-11-11] (Symantec Corporation) S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-04-21] () S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-17] (Razer Inc.) S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [214104 2016-05-09] () S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [255256 2016-08-23] (RaMMicHaeL) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160627.002\BHDrvx64.sys [1832176 2016-05-20] (Symantec Corporation) S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation) S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-31] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-31] (Symantec Corporation) S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160630.001\IDSvia64.sys [876248 2016-05-30] (Symantec Corporation) S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-01-24] () <==== ATTENTION (zero byte File/Folder) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_e9418cd4947d9b45\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation) S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc) S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer Inc) S2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.) S0 SymEFASI; C:\Windows\System32\drivers\NSx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NSx64\1608010.00E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation) S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-10] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NSx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-05 16:51 - 2017-03-05 16:51 - 00000000 ____D C:\FRST 2017-03-05 16:38 - 2017-03-05 16:38 - 00000000 ___HD C:\$SysReset 2017-03-05 16:38 - 2017-03-05 16:38 - 00000000 ____D C:\$WINDOWS.~BT ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) Files to move or delete: ==================== C:\Windows\Tasks\{091AF566-E686-A2DC-8998-6689138B5E4B}.job Some files in TEMP: ==================== 2016-09-27 15:13 - 2017-01-24 16:35 - 0619840 ____N () C:\Users\Tony Gomez\AppData\Local\Temp\0Kraken71ChromaDevProps.dll 2016-12-26 13:42 - 2017-01-24 16:35 - 0619616 ____N () C:\Users\Tony Gomez\AppData\Local\Temp\0ManOWarDevProps.dll ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0674304 ____A (Microsoft Corporation) 770DB86BF679CA34FC927F25FBAA350C C:\Windows\System32\wininit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70 C:\Windows\explorer.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 4673304 ____A (Microsoft Corporation) 05181A5AC4197D6C5C02ACE6070AF234 C:\Windows\SysWOW64\explorer.exe [2016-07-16 03:43] - [2016-07-16 03:43] - 4312248 ____A (Microsoft Corporation) 8931C71ADDC9B0944332336B9F4A3505 C:\Windows\System32\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC C:\Windows\SysWOW64\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B C:\Windows\System32\services.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0454600 ____A (Microsoft Corporation) 133390D061D94917125DC666DA67ECD0 C:\Windows\System32\User32.dll [2016-09-27 15:02] - [2016-09-27 15:02] - 1461200 ____A (Microsoft Corporation) 958AD14CDF4EBB6BADDB13F8B39A97CF C:\Windows\SysWOW64\User32.dll [2016-09-27 15:02] - [2016-09-27 15:02] - 1435896 ____A (Microsoft Corporation) 039C8465C730E7E9713819AB859505E9 C:\Windows\System32\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69 C:\Windows\SysWOW64\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B C:\Windows\System32\rpcss.dll [2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6 C:\Windows\System32\dnsapi.dll [2016-07-16 03:42] - [2016-07-16 03:42] - 0646136 ____A (Microsoft Corporation) 9BA2C83C355EAC4278F17BEF0852823A C:\Windows\SysWOW64\dnsapi.dll [2016-07-16 03:42] - [2016-07-16 03:42] - 0496872 ____A (Microsoft Corporation) 6C1D303C703B27FE40D392899BC22E14 C:\Windows\System32\Drivers\volsnap.sys [2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230 ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8119.64 MB Available physical RAM: 7292.91 MB Total Virtual: 8119.64 MB Available Virtual: 7336.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:921.23 GB) (Free:0.12 GB) NTFS Drive e: (Recovery Image) (Fixed) (Total:9.77 GB) (Free:4.12 GB) NTFS Drive f: (PATRIOT) (Removable) (Total:28.85 GB) (Free:28.85 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB69BB69) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: A652735A) Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C) LastRegBack: 2017-01-19 22:15 ==================== End of FRST.txt ============================