Welcome to TechSpot, iankbailey. I'll help with the malware.
I do have ad-aware installed which seems to be considered a threat by most of the virus protection programs.
I don't see AdAware from Lavasoft on the system. But Malwarebytes found this:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert)
Rogue
A rogue program is a malicious program that is disguised, for instance, as trustworthy anti-spyware programs or registry cleaners. But these programs are only put on the market to scare you into buying these programs because they make exaggerated claims about the safety of your computer or, worse still, give erroneous scan results or put their own malware in your system.
From Malwarebytes.org
From SpywareWarrior:
Vendors of "rogue/suspect" anti-spyware products advertise heavily via Google's "AdWords" ("Sponsored Links" on Google's own search pages) and "AdSense" (Google-driven advertising delivered to third-party web sites).
FYI:
One of the most frequent, heavy advertisers of rogue spyware is
AdwareAlert. this program exploits the name of the legitimate program AdAware from Lavasoft the same way a program named Spwarebot does for Spybot Search & Destroy.
This is the reason why it is so important to use the links we give.
Please revisit Step 3 for instructions on stopping TeaTimer.
Please reopen HijackThis to
'do system scan only'.. Check each of the following, if present: NOTE: optional removals are in green.
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Search Settings\SearchSettings.exe
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll>See Optional 1
O2 - BHO: (no name) - {4E45C414-5019-4966-9013-6950C35E6C06} - (no file) See Special
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll> See Optional 1
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)(McAfee Site Advisor)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\btdna.exe"> See Optional 2
O16 - DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} (PbEbkick Control) - http://210.166.234.104/activex/pbebkick.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all Windows except HijackThis and click on
"Fix Checked"
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Click on Start > Settings > Control Panel >
Add/Remove Programs > highlight and remove. These are all optional removals, but I recommend removing ALL of the,
Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
SearchSettings
BitTorrent
Access Windows Explorer: Right click on Start> Run> My Computer> Local Drive (C)> go to Tools> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide operating sysdtem files- Recommended> Apply> OK
Go to Programs and do a right click> delete on these Program folders:
C:\Program Files\Viewpoint
C:\Program Files\BitTorrent
C:\Program Files\Search Settings
Click on Start > Run and type:
services.msc> OK
- Click the "Extended tab".
- Double-click on "Viewpoint Manager Service"
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
Open Internet Explorer> Tools> Manage add-on> look for
PbEbkick Control and click to highlight> click on Disable.
Go back and hide the files and Folders.
Empty the recycle Bin
Special: this toolbar is for a Parasite producing false spyware warnings and redirecting to fake security sites, member of the FakeAlert aka SmitFraud malware family.
Optional 1: Foistware>> Not a virus or malware. Usually bundled with something you downloaded and installs without your knowledge or permission. The removals are optional but I do recommend foistware be removed.
Viewpoint: You have Viewpoint Media Player installed on your system.
SearchSettings: Vendio "Search Settings" foistware, bundled with its Dealio toolbar or PDF Creator, which is in turn bundled with numerous third party applications.
Optional 2: P2P Warning: Bit Torrent
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall BitTorrent for the following reasons:
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
The warning you're getting has to do with the 'fake alert' and it's in the temp files.
Reboot into Normal Mode when you have finished:
TFC (Temp File Cleaner)
Download
TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Then run new scan with HijackThis.
Please paste the log into the next reply.
