Hi
Thank you for pointing out that I was still running through a proxy server. I do that when I am checking multiple Twitter accounts so I don't make it too obvious that they are all run from the same IP address. I must have forgotten to untick the proxy when I finished.
I am still getting a problem with the software telling me there is no disk in the drive and to insert a disk into \Device\Harddisk5\DR5
Here are the results of AdwCleaner:
# AdwCleaner v6.047 - Logfile created 08/06/2017 at 05:56:44
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Graham - GRAHAM-PC
# Running from : C:\Users\Graham\Desktop\Tools\AdwCleaner.exe
# Mode: Clean
# Support :
https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: PenWesController
[-] Service deleted: YahooAUService
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Graham\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\Graham\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Graham\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\ProgramData\PenWes
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PenWes
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files\PenWes
[-] Folder deleted: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh
[-] Folder deleted: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh
***** [ Files ] *****
[-] File deleted: C:\Windows\system32\drivers\swdumon.sys
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: PenWes
[-] Task deleted: iorrt
***** [ Registry ] *****
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\yahooauserv ice
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\penwescontr oller
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\yahooauservice
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3597907355-2430030293-454580081-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Penwes
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Search Protection
***** [ Web browsers ] *****
[-] Firefox preferences cleaned: "avg.toolbar.buttons_label" - ",Search,Active Surf-Shield,Active Surf-Shield,Search-Shield,AVG Info ,AVG Info ,Get More"
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0Bt CyB0F0C0FyEtCtDyB0CtN0D0Tzu0CyByDyEtN1L2XzutBtFtBt FtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=552127649&i r=
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jgceplfonlgodadnpognljgdjlcnpjnh
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: uk.ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4778 Bytes] - [08/06/2017 05:56:44]
C:\AdwCleaner\AdwCleaner[R0].txt - [18476 Bytes] - [08/06/2014 10:39:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [18433 Bytes] - [08/06/2014 10:40:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [4982 Bytes] - [08/06/2017 05:55:10]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5072 Bytes] ##########
I have left Junkware Removal Tool running on my computer while I am here at the office. However, I am not certain it is running properly. At the moment there is no internet in the area around my home. I think the program may need some internet access. It succeeded in finding a restore point but failed to validate it. It has gone through all the following:
Processes
Startup - Logon
Startup - Scheduled Tasks
Services
File System
Browsers
Shortcuts
I am not sure if that is everything or if it is still running, but I have left it on just in case. But so far it has not produced a text file. I will check again when I get home this evening and if it has not produced a file I will let you know. If it has I will continue with ComboFix and then post both JRT and Combofix in my reply.
Kind regards
Graham