You have the following Peer-to-Peer program(s) installed:
uTorrent
GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.
Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.
If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.
All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in black.
Step-1,
Malicious program uninstalls and Optional Removals
1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):
IObit Toolbar v5.8
uTorrent
3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.
Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)
1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files (x86)\uTorrent
2. Close Windows Explorer.
Step-2.
OTL Fix
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS [CREATERESTOREPOINT] :OTL IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found :REG ipconfig /flushdns /c :COMMANDS [EMPTYTEMP]
Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.
Step-3.
Virustotal File Upload:
To use Virustotal go Here
- Click the Choose File button in the middle of the screen. This will open a File Upload window.
- On the File Upload window, in the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
- C:\Windows\SysWow64\D81DEDD44C.sys
- C:\Users\DLee\l.php.
- This will put the file in the box on the Virustotal page.
- Click the Scan it! button.
- Please be patient while the file is scanned. It may take several minutes.
- Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
- Repeat 1 thru 6 for each file listed.
Step-4.
Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt file
3. The results from VirusTotal
4. Tell me if any problems remain