Hello Broni, as per request here is the frst log, hopefully this yields something different.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by SYSTEM on MININT-M2H9OQE on 29-06-2015 19:26:25
Running from d:\
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-03-31] (NVIDIA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [SacReminderBOX] => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-01] (SAC)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-01] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-30] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\greg\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\greg\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\greg\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe [927920 2015-05-18] (Adobe Systems Incorporated)
HKU\Guest\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [] => [X]
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-03-31] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-03-31] (NVIDIA Corporation)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1522664 2015-05-17] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-17] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-17] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S4 CFUACProxy_boxsoftware; C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [83792 2011-11-01] (Storage Appliance Corp.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-06] (Microsoft Corporation)
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-05] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-13] (Malwarebytes Corporation)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-23] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-26] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-10] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-19] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-26] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-06] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-14] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-06] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-19] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-03] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-11] (EldoS Corporation)
S5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-24] (Huawei Technologies Co., Ltd.)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2015-05-09] (Kingsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-13] (Malwarebytes Corporation)
S0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-26 02:11 - 2015-06-29 03:21 - 00001187 _____ C:\Windows\setupact.log
2015-06-26 02:11 - 2015-06-26 02:11 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-26 02:11 - 2015-06-26 02:11 - 00000000 _____ C:\Windows\setuperr.log
2015-06-13 04:43 - 2015-06-13 04:43 - 00000207 _____ C:\Windows\tweaking.com-regbackup-REDMACK620-Windows-8.1-(64-bit).dat
2015-06-13 04:43 - 2015-06-13 04:43 - 00000000 ____D C:\RegBackup
2015-06-03 07:32 - 2015-06-03 07:32 - 00002113 _____ C:\mbamscan.txt
2015-06-03 03:28 - 2015-06-03 07:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-06-03 03:24 - 2015-06-03 03:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-03 03:24 - 2015-04-13 17:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-06-03 03:24 - 2015-04-13 17:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-06-03 03:12 - 2015-06-03 06:51 - 00035064 _____ C:\Windows\System32\Drivers\TrueSight.sys
2015-06-03 03:12 - 2015-06-03 03:14 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-02 09:02 - 2015-06-03 03:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 08:43 - 2015-06-17 05:02 - 00000000 ____D C:\FRST
2015-06-02 08:34 - 2015-06-02 08:34 - 00000000 ____D C:\NPE
2015-06-02 08:29 - 2015-06-14 02:34 - 00000000 ____D C:\Users\greg\AppData\Local\NPE
2015-06-02 08:17 - 2015-06-26 01:51 - 00053978 _____ C:\Windows\WindowsUpdate.log
2015-05-31 23:45 - 2015-05-31 23:45 - 00000000 ____D C:\Program Files (x86)\ESET
2015-05-31 20:25 - 2015-06-13 04:05 - 00000000 ____D C:\AdwCleaner
2015-05-31 20:18 - 2015-06-03 03:24 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 20:18 - 2015-06-03 03:24 - 00000000 ____D C:\Users\greg\AppData\Roaming\Malwarebytes
2015-05-31 20:18 - 2015-06-03 03:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-31 20:18 - 2015-04-13 17:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-05-30 03:30 - 2015-05-30 03:30 - 00000000 ____D C:\Windows\pss
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-29 03:22 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 06:27 - 2014-11-21 00:44 - 00863592 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-28 06:13 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\System32\config\BBI
2015-06-28 06:00 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\System32\sru
2015-06-26 01:48 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-26 01:46 - 2015-05-05 03:42 - 00000000 ___RD C:\Users\greg\OneDrive
2015-06-23 03:36 - 2015-05-29 08:23 - 00000000 ____D C:\Users\greg\Camera Roll
2015-06-23 03:36 - 2015-04-30 21:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144771067-2304087280-3493909680-1002
2015-06-17 05:09 - 2015-04-30 22:39 - 00000000 ____D C:\Users\greg\AppData\Local\CrashDumps
2015-06-04 17:25 - 2015-05-01 05:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 17:07 - 2015-05-01 20:53 - 00000000 ____D C:\users\greg
2015-06-03 03:06 - 2015-04-30 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-31 20:12 - 2015-05-04 23:08 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-05-30 03:21 - 2015-04-30 22:45 - 00000000 ____D C:\ProgramData\MFAData
2015-05-30 00:35 - 2015-05-01 20:53 - 00000000 ____D C:\users\Guest
2015-05-30 00:35 - 2015-05-01 20:53 - 00000000 ____D C:\users\Administrator
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe
[2014-11-21 01:15] - [2014-11-21 01:15] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
C:\Windows\System32\wininit.exe
[2014-11-21 01:15] - [2014-11-21 01:15] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
C:\Windows\explorer.exe
[2015-05-02 12:03] - [2015-05-02 12:03] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88
C:\Windows\SysWOW64\explorer.exe
[2015-05-02 12:03] - [2015-05-02 12:03] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225
C:\Windows\System32\svchost.exe
[2014-11-21 01:15] - [2014-11-21 01:15] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47
C:\Windows\SysWOW64\svchost.exe
[2014-11-21 01:16] - [2014-11-21 01:16] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D
C:\Windows\System32\services.exe
[2015-05-13 00:21] - [2015-04-08 14:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45
C:\Windows\System32\User32.dll
[2014-11-21 01:16] - [2014-11-21 01:16] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5
C:\Windows\SysWOW64\User32.dll
[2014-11-21 01:15] - [2014-11-21 01:15] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
C:\Windows\System32\userinit.exe
[2014-11-21 01:15] - [2014-11-21 01:15] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
C:\Windows\SysWOW64\userinit.exe
[2014-11-21 01:16] - [2014-11-21 01:16] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
C:\Windows\System32\rpcss.dll
[2014-11-21 01:15] - [2014-11-21 01:15] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-05-18 18:40:55
Restore point made on: 2015-05-22 19:40:35
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 3960.15 MB
Available physical RAM: 3070.34 MB
Total Pagefile: 3960.15 MB
Available Pagefile: 3089.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB
==================== Drives ================================
Drive c: (TI31053700C) (Fixed) (Total:682.69 GB) (Free:626.89 GB) NTFS
Drive d: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.44 GB) FAT32
Drive f: () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2015-05-22 02:00
==================== End of log ============================