Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Michał (administrator) on TOSHIBA on 25-01-2014 18:30:23
Running from C:\Users\Michał\Desktop
Windows 7 Ultimate (X64) OS Language: Polish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Programy\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVAST Software) C:\Programy\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Michał\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Mozilla Corporation) C:\Programy\Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Programy\Avast\AvastUI.exe [3764024 2014-01-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
MountPoints2: {fee7e35a-4230-11e3-9715-00266c65364c} - F:\SETUP.EXE
Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michał\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programy\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programy\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programy\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programy\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Programy\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\y9gs9ski.default-1390670000944
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Programy\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Programy\Avast\WebRep\FF [2013-09-30]

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================

R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-31] (Disc Soft Ltd)
R5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [78648 2014-01-04] (AVAST Software)
R5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1034464 2014-01-04] (AVAST Software)
R5 aswSP; C:\Windows\System32\Drivers\aswSP.sys [422216 2014-01-04] (AVAST Software)
R5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [79672 2014-01-04] (AVAST Software)
R5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-04] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 18:30 - 2014-01-25 18:30 - 00005836 _____ C:\Users\Michał\Desktop\FRST.txt
2014-01-25 18:25 - 2014-01-25 18:26 - 00000000 ____D C:\AdwCleaner
2014-01-25 18:24 - 2014-01-25 18:24 - 01236282 _____ C:\Users\Michał\Desktop\AdwCleaner.exe
2014-01-25 18:21 - 2014-01-25 18:21 - 00000000 ____D C:\MATS
2014-01-25 18:16 - 2014-01-25 18:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Michał\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.196314097388152841.1.1.Run.exe
2014-01-25 18:13 - 2014-01-25 18:13 - 00000000 ____D C:\Users\Michał\Desktop\Stare dane programu Firefox
2014-01-25 17:08 - 2014-01-25 17:08 - 00000000 ____D C:\FRST
2014-01-24 22:10 - 2014-01-24 22:10 - 02077696 _____ (Farbar) C:\Users\Michał\Desktop\FRST64.exe
2014-01-24 19:11 - 2014-01-24 19:11 - 00602112 _____ (OldTimer Tools) C:\Users\Michał\Desktop\OTL.exe
2014-01-19 10:40 - 2014-01-19 10:40 - 00109296 _____ C:\Users\Michał\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 10:11 - 2014-01-19 10:11 - 00000000 ____D C:\Users\Michał\AppData\Local\VS Revo Group
2014-01-19 10:11 - 2014-01-19 10:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-19 09:57 - 2014-01-25 18:27 - 00004592 _____ C:\Windows\setupact.log
2014-01-19 09:57 - 2014-01-19 09:57 - 00416144 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 09:57 - 2014-01-19 09:57 - 00000576 _____ C:\Windows\PFRO.log
2014-01-19 09:57 - 2014-01-19 09:57 - 00000000 _____ C:\Windows\setuperr.log
2014-01-19 09:55 - 2014-01-19 09:55 - 00003100 _____ C:\Windows\System32\Tasks\{7696968D-C1F8-4C89-86E1-61F9C1254F44}
2014-01-15 18:00 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 18:00 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 18:00 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 18:00 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 22:56 - 2014-01-11 20:53 - 00572200 _____ C:\spyhunter.fix
2014-01-06 22:20 - 2014-01-25 18:15 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2014-01-06 20:22 - 2014-01-06 20:22 - 00000000 _____ C:\autoexec.bat
2014-01-06 20:21 - 2014-01-06 22:18 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-04 01:25 - 2014-01-04 01:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-03 22:37 - 2014-01-19 09:55 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-02 17:49 - 2014-01-02 17:49 - 00000000 ____D C:\Windows\SysWOW64\log

==================== One Month Modified Files and Folders =======

2014-01-25 18:31 - 2014-01-25 18:30 - 00005836 _____ C:\Users\Michał\Desktop\FRST.txt
2014-01-25 18:28 - 2013-09-30 23:09 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Dropbox
2014-01-25 18:27 - 2014-01-19 09:57 - 00004592 _____ C:\Windows\setupact.log
2014-01-25 18:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 18:26 - 2014-01-25 18:25 - 00000000 ____D C:\AdwCleaner
2014-01-25 18:26 - 2013-09-30 19:00 - 00000999 _____ C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 18:26 - 2013-09-30 18:56 - 01455884 _____ C:\Windows\WindowsUpdate.log
2014-01-25 18:24 - 2014-01-25 18:24 - 01236282 _____ C:\Users\Michał\Desktop\AdwCleaner.exe
2014-01-25 18:21 - 2014-01-25 18:21 - 00000000 ____D C:\MATS
2014-01-25 18:21 - 2013-09-30 19:51 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 18:16 - 2014-01-25 18:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Michał\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.196314097388152841.1.1.Run.exe
2014-01-25 18:15 - 2014-01-06 22:20 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-01-25 18:13 - 2014-01-25 18:13 - 00000000 ____D C:\Users\Michał\Desktop\Stare dane programu Firefox
2014-01-25 17:08 - 2014-01-25 17:08 - 00000000 ____D C:\FRST
2014-01-25 07:07 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 07:07 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 22:10 - 2014-01-24 22:10 - 02077696 _____ (Farbar) C:\Users\Michał\Desktop\FRST64.exe
2014-01-24 20:31 - 2013-09-30 19:00 - 00000000 ____D C:\Users\Michał
2014-01-24 19:11 - 2014-01-24 19:11 - 00602112 _____ (OldTimer Tools) C:\Users\Michał\Desktop\OTL.exe
2014-01-20 20:11 - 2013-09-30 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 20:11 - 2013-09-30 19:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-20 20:11 - 2013-09-30 19:51 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-20 20:10 - 2013-09-30 20:14 - 00000000 ____D C:\Users\Michał\AppData\Local\Adobe
2014-01-19 11:19 - 2013-11-24 13:06 - 00000000 ____D C:\Users\Michał\AppData\Local\Deployment
2014-01-19 10:40 - 2014-01-19 10:40 - 00109296 _____ C:\Users\Michał\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 10:14 - 2010-09-20 21:35 - 00000000 ____D C:\Users\Michał\Desktop\Teledyski
2014-01-19 10:11 - 2014-01-19 10:11 - 00000000 ____D C:\Users\Michał\AppData\Local\VS Revo Group
2014-01-19 10:11 - 2014-01-19 10:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2014-01-19 09:57 - 2014-01-19 09:57 - 00416144 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 09:57 - 2014-01-19 09:57 - 00000576 _____ C:\Windows\PFRO.log
2014-01-19 09:57 - 2014-01-19 09:57 - 00000000 _____ C:\Windows\setuperr.log
2014-01-19 09:55 - 2014-01-19 09:55 - 00003100 _____ C:\Windows\System32\Tasks\{7696968D-C1F8-4C89-86E1-61F9C1254F44}
2014-01-19 09:55 - 2014-01-03 22:37 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-16 06:42 - 2013-09-30 23:09 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 06:42 - 2013-09-30 19:00 - 00000000 ___RD C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 19:54 - 2013-09-30 22:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 19:54 - 2013-09-30 21:57 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 19:52 - 2013-09-30 21:56 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 06:42 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-11 20:53 - 2014-01-07 22:56 - 00572200 _____ C:\spyhunter.fix
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2014-01-06 22:18 - 2014-01-06 20:21 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-06 22:17 - 2009-07-14 18:55 - 00740354 _____ C:\Windows\system32\perfh015.dat
2014-01-06 22:17 - 2009-07-14 18:55 - 00155896 _____ C:\Windows\system32\perfc015.dat
2014-01-06 22:17 - 2009-07-14 06:13 - 01669218 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 20:22 - 2014-01-06 20:22 - 00000000 _____ C:\autoexec.bat
2014-01-06 20:19 - 2013-09-30 19:57 - 00004142 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-05 14:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-04 20:50 - 2013-10-31 18:47 - 00000000 ____D C:\Users\Michał\AppData\Roaming\DAEMON Tools Lite
2014-01-04 01:25 - 2014-01-04 01:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-04 01:25 - 2013-09-30 19:58 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-04 01:25 - 2013-09-30 19:57 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-04 01:25 - 2013-09-30 19:57 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-04 01:25 - 2013-09-30 19:57 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-04 01:25 - 2013-09-30 19:57 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-04 01:25 - 2013-09-30 19:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-04 01:24 - 2013-11-18 21:36 - 01641096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-02 17:49 - 2014-01-02 17:49 - 00000000 ____D C:\Windows\SysWOW64\log

Some content of TEMP:
====================
C:\Users\Michał\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 09:35

==================== End Of Log ============================