I believe it's related to mbamswissarmy.sys corruption. No restore points.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by SYSTEM on MININT-ONFOF2B (26-04-2017 14:16:10)
Running from f:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs51388835.exe [5138944 2014-02-18] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [VIRTU MVP 2.0] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe [1238248 2014-04-29] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D-Link D-Link DWA-566] => C:\Program Files (x86)\D-Link\DWA-566\AirNCFG.exe [1074496 2011-08-12] (D-Link Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-10] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs51388835.exe [5138944 2014-02-18] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\Gaming Keyboard\Gaminghid.exe [245760 2010-04-20] ()
HKLM-x32\...\Run: [GamingKeyboardOSD] => C:\Program Files (x86)\Gaming Keyboard\OSD.exe [1797120 2010-04-20] (OSD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [532200 2014-04-29] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [482536 2014-04-29] (Lucidlogix Inc.)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-05-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Restriction <======= ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2014-02-18] ()
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-06-30] ()
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-04-05] ()
S2 D_Link_DWA-566_WPS; C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe [53248 2010-07-12] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LucidSvc; C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [20712 2014-04-29] (LucidLogix)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-16] (Electronic Arts)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [743320 2012-10-02] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel® Corporation)
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2798592 2012-03-19] (Atheros Communications, Inc.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-12] ()
S3 GamingKB; C:\Windows\System32\drivers\GamingKB.sys [24576 2010-04-21] ()
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-29] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [177952 2015-06-12] (Intel Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 Tosrfcom; no ImagePath
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2017-04-24] ()
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-26 14:15 - 2017-04-26 14:16 - 00000000 ____D C:\FRST
2017-04-26 09:47 - 2017-04-26 09:47 - 00000000 _____ C:\Windows\System32\Drivers\0A6B4757.sys
2017-04-26 09:38 - 2017-04-26 09:38 - 00000218 _____ C:\Users\William\AppData\Local\recently-used.xbel
2017-04-26 09:34 - 2017-04-26 09:38 - 645136781 _____ C:\Users\William\Downloads\Factorio.v0.15.0.rar
2017-04-24 09:18 - 2017-04-24 09:18 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2017-04-14 17:49 - 2017-04-14 17:51 - 194953231 _____ C:\Users\William\Downloads\[snahp.it]rick.and.morty.s03e01.720p.hdtv.x265-Snahp.mkv
2017-03-30 16:03 - 2017-03-30 16:03 - 14990142 _____ C:\Users\William\Downloads\The Anarchist Cookbook by William Powell (1971).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-26 10:06 - 2017-01-19 00:06 - 00000274 _____ C:\Windows\Tasks\{79D0B2F9-CA58-53FD-FD93-58D840A7059F}.job
2017-04-26 09:49 - 2017-01-28 14:05 - 00000000 ____D C:\Users\William\Downloads\New folder
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\mbam.sys
2017-04-26 09:33 - 2015-02-16 11:31 - 00000000 ____D C:\Users\William\AppData\Roaming\deluge
2017-04-26 08:32 - 2017-03-22 09:17 - 00082720 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-04-26 01:59 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-26 01:59 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-25 18:19 - 2012-10-21 22:22 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-24 21:26 - 2016-11-15 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-24 09:25 - 2012-10-23 20:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-24 09:24 - 2009-07-13 21:13 - 00862168 _____ C:\Windows\System32\PerfStringBackup.INI
2017-04-24 09:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-04-24 09:21 - 2016-11-16 09:18 - 00000000 ____D C:\Users\William\AppData\LocalLow\Mozilla
2017-04-24 09:19 - 2017-03-22 09:17 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-04-24 09:18 - 2012-10-21 22:31 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2017-04-24 09:18 - 2012-10-21 22:22 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-24 09:17 - 2012-10-21 23:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-24 09:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 23:06 - 2017-01-20 07:00 - 00000318 _____ C:\Users\William\AppData\Roaming\WB.CFG
2017-04-14 17:52 - 2013-01-19 23:33 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2017-04-12 14:41 - 2017-03-22 09:17 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-04-11 17:06 - 2016-11-11 16:29 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 17:06 - 2014-12-19 12:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 17:06 - 2014-12-19 12:29 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 17:06 - 2012-10-22 01:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 17:06 - 2012-10-22 01:08 - 00000000 ____D C:\Windows\System32\Macromed
2017-04-11 07:28 - 2014-04-26 13:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 07:28 - 2014-04-26 13:06 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-08 12:46 - 2014-12-29 00:38 - 00000000 ____D C:\Users\William\AppData\Roaming\.minecraft
2017-04-08 11:17 - 2015-09-27 21:10 - 00001005 _____ C:\Users\William\Desktop\nativelog.txt
2017-04-08 11:17 - 2014-12-29 00:37 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-07 14:06 - 2012-10-21 23:42 - 00532136 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-04-05 14:29 - 2014-04-26 13:07 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 09:15 - 2013-03-25 20:28 - 00000000 ____D C:\Users\William\Documents\Camtasia Studio
2017-03-30 16:04 - 2012-12-17 13:13 - 00000000 ____D C:\Program Files\PeerBlock
2017-03-29 10:42 - 2017-03-22 09:18 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
Files to move or delete:
Some files in TEMP:
2017-01-18 20:48 - 2017-01-18 20:48 - 0739904 _____ (Oracle Corporation) C:\Users\William\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-09-20 09:18 - 2016-09-20 09:18 - 6417944 _____ (Black Tree Gaming ) C:\Users\William\AppData\Local\Temp\Nexus Mod Manager-0.62.0.exe
2016-01-21 05:11 - 2016-01-21 05:11 - 6350128 _____ (Black Tree Gaming ) C:\Users\William\AppData\Local\Temp\Nexus%20Mod%20Manager-0.61.6.exe
2016-02-02 14:07 - 2016-02-02 14:09 - 263289648 _____ (AMD Inc.) C:\Users\William\AppData\Local\Temp\tmp8AD1.exe
2016-04-01 16:11 - 2016-04-01 16:11 - 28849904 _____ () C:\Users\William\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Known DLLs (Whitelisted) =========================
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8086.02 MB
Available physical RAM: 7221.64 MB
Total Virtual: 8084.17 MB
Available Virtual: 7227.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:1.64 GB) NTFS
Drive f: () (Removable) (Total:14.92 GB) (Free:7.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CB39B662)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Disk: 1 (Size: 14.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.
LastRegBack: 2017-03-04 00:38
==================== End of FRST.txt ============================
Edited by Pickledsoul, 26 April 2017 - 03:30 PM.