Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the > Fix < button just once and wait.start
CreateRestorePoint:
CloseProcesses:
c:\Program Files\YeaDesktop
EmptyTemp:
Hosts:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~
For items found infected in your restore points.
When we are finished we will delete restore points and create a new , clean one. Don't do this till the above infection has gone.
https://www.bleepingcomputer.com/tut...restore-guide/
I did see an entry point for this earlier (YeaDesktop).
µTorrent (HKU\S-1-5-21-1214440339-1343024091-1202660629-1003\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
1.0.0.1 (HKLM\...\YeaDesktop) (Version: 1.0.0.1 - )
So in your case, uTorrent placed it on your machine.