I first noticed my internet was slow (win 10) and found
Privoxy in my task manager was using lots of bandwidth. Tried to remove it with Mbam and it just comes back. If I stop the task I lose internet browsing ability.
Then I noticed that I was getting small square pop up adds when browsing (bottom left of browser, Chrome). I also noticed I now have
pSP2Clnt running in my tasks. If I stop it, the op ups go away. I can delete the folder it lives in (/pSP2Clnt/service) and it will come back on reboot (as will Privoxy if I delete it /Programfiles (x86)/SystemWin ).
Mbam finds it (see logs) in the reg and deletes some keys but it makes no difference. I've also tried Superantispyware, and esetonline cleaner). Is seems they are not clasified as malware - even though they keep re installing themselves. Windows AV, and Avast neither see them at all.
When I reboot after a run of Mbam, somthing tries to change the file associations for lots of things (windows message centre tells me there were problems changing the associations with lots of apps - i.e., music, films, mp4 , etc etc)
I have run the apps as requested, logs below:
# AdwCleaner v6.010 - Logfile created 02/09/2016 at 10:02:02
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-01.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : RogerD - ROGERD-PC_SSD
# Running from : C:\Users\RogerD\Desktop\Malware cleaning\adwcleaner_6.010.exe
# Mode: Scan
# Support :
https://toolslib.net/forum***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1701 Bytes] - [31/08/2016 21:48:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [9319 Bytes] - [02/02/2015 20:52:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [9151 Bytes] - [02/02/2015 20:53:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2078 Bytes] - [31/08/2016 21:47:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1429 Bytes] - [01/09/2016 12:05:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1365 Bytes] - [02/09/2016 10:02:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1438 Bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 02/09/2016
Scan Time: 10:06
Logfile: mwb.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.09.02.04
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: RogerD
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334860
Time Elapsed: 3 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 3
PUM.Optional.ProxyHijacker, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [eb7134394753ca6ccdfbdbf6a65d23dd]
PUM.Optional.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [d8840964d1c977bfd0f8864b4eb57d83]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2320827147-2089162960-84885740-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [4a123637edad3ff7e8e06f6230d337c9]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Defender
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Adobe Flash Player 22.0.0.209
Google Chrome (52.0.2743.116)
Google Chrome (52.0.2743.82)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u]
RogerD Desktop Malware cleaning SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]