Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-24 10:55:54 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Reg: reg export HKLM\SYSTEM\ControlSet001\Services\Winmgmt H:\winmgmt.reg
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [x]
HKU\Mirek\...\Run: [baacafecaacc] - C:\ProgramData\baacafecaacc.exe [296448 2013-09-21] ()
HKU\Mirek\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-18] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-18] (DealPly Technologies Ltd)
S4 eabfiltr;
S2 Winmgmt; C:\PROGRA~3\27tw8zowl.pss [61544 2013-10-23] (Microsoft Corporation)
C:\ProgramData\27tw8zowl.bxx
C:\ProgramData\27tw8zowl.fvv
C:\ProgramData\27tw8zowl.pss
C:\ProgramData\lwoz8wt72.dss
C:\ProgramData\baacafecaacc.exe
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\libnspr4.dll
C:\ProgramData\lsass.exe
C:\Users\Mirek\AppData\Local\{*}
C:\Users\Mirek\AppData\Local\BIT*.tmp
C:\Users\Mirek\AppData\Local\Temp\*.exe
C:\Users\Mirek\AppData\Local\Temp\*.dll
C:\Users\Mirek\AppData\Roaming\cache.ini
C:\Users\Mirek\AppData\Roaming\Other.res
C:\Users\Mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\27tw8zowl.lnk
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
C:\Windows\Tasks\Dealply.job
*****************


========= reg export HKLM\SYSTEM\ControlSet001\Services\Winmgmt H:\winmgmt.reg =========

Operacja ukonczona pomyslnie.


========= End of Reg: =========

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\Mirek\Software\Microsoft\Windows\CurrentVersion\Run\\baacafecaacc => Value deleted successfully.
HKU\Mirek\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
dealplylive => Service deleted successfully.
dealplylivem => Service deleted successfully.
eabfiltr => Service deleted successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\27tw8zowl.bxx => Moved successfully.
C:\ProgramData\27tw8zowl.fvv => Moved successfully.
C:\ProgramData\27tw8zowl.pss => Moved successfully.
C:\ProgramData\lwoz8wt72.dss => Moved successfully.
C:\ProgramData\baacafecaacc.exe => Moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully.
C:\ProgramData\libnspr4.dll => Moved successfully.
C:\ProgramData\lsass.exe => Moved successfully.
"C:\Users\Mirek\AppData\Local\{*}" => Could not move.
C:\Users\Mirek\AppData\Local\BIT*.tmp => Moved successfully.
C:\Users\Mirek\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Mirek\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Mirek\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Mirek\AppData\Roaming\Other.res => Moved successfully.
C:\Users\Mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\27tw8zowl.lnk => Moved successfully.
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\Dealply.job => Moved successfully.

==== End of Fixlog ====