Cannot remove Privoxy and pSP2Clnt

[RogerDonoghue]

I first noticed my internet was slow (win 10) and found Privoxy in my task manager was using lots of bandwidth. Tried to remove it with Mbam and it just comes back. If I stop the task I lose internet browsing ability.

Then I noticed that I was getting small square pop up adds when browsing (bottom left of browser, Chrome). I also noticed I now have pSP2Clnt running in my tasks. If I stop it, the op ups go away. I can delete the folder it lives in (/pSP2Clnt/service) and it will come back on reboot (as will Privoxy if I delete it /Programfiles (x86)/SystemWin ).

Mbam finds it (see logs) in the reg and deletes some keys but it makes no difference. I've also tried Superantispyware, and esetonline cleaner). Is seems they are not clasified as malware - even though they keep re installing themselves. Windows AV, and Avast neither see them at all.

When I reboot after a run of Mbam, somthing tries to change the file associations for lots of things (windows message centre tells me there were problems changing the associations with lots of apps - i.e., music, films, mp4 , etc etc)

I have run the apps as requested, logs below:

# AdwCleaner v6.010 - Logfile created 02/09/2016 at 10:02:02
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-01.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : RogerD - ROGERD-PC_SSD
# Running from : C:\Users\RogerD\Desktop\Malware cleaning\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1701 Bytes] - [31/08/2016 21:48:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [9319 Bytes] - [02/02/2015 20:52:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [9151 Bytes] - [02/02/2015 20:53:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2078 Bytes] - [31/08/2016 21:47:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1429 Bytes] - [01/09/2016 12:05:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1365 Bytes] - [02/09/2016 10:02:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1438 Bytes] ##########



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/09/2016
Scan Time: 10:06
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.02.04
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: RogerD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334860
Time Elapsed: 3 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 3
PUM.Optional.ProxyHijacker, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [eb7134394753ca6ccdfbdbf6a65d23dd]
PUM.Optional.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [d8840964d1c977bfd0f8864b4eb57d83]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2320827147-2089162960-84885740-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [4a123637edad3ff7e8e06f6230d337c9]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender   
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Flash Player    22.0.0.209 
 Google Chrome (52.0.2743.116)
 Google Chrome (52.0.2743.82)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 RogerD Desktop Malware cleaning SecurityCheck.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[RogerDonoghue]

p.s. I cannot find anything untoward in "add/remove prgrams". I did install DVD shrink recently which I think brought this problem. I've removed it.

[RogerDonoghue]

A little update - after Mbam deleted the reg entries, I removed the two folders and all the files of psp2clnt and privoxy, and I found a psp2clnt service, which I disabled,  and on this reboot, so far, they are not in the task manager.. and I can browse ad free.... so far... though I'd appreciate being sure...

[RogerDonoghue]

Here are teh updated logs since above. Mbam still found reg keys, and when it removed them I got file association warnings from win 10 again - though no sign of the tasks or services still.

# AdwCleaner v6.010 - Logfile created 02/09/2016 at 11:56:35
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-01.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : RogerD - ROGERD-PC_SSD
# Running from : C:\Users\RogerD\Desktop\Malware cleaning\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1701 Bytes] - [31/08/2016 21:48:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [9319 Bytes] - [02/02/2015 20:52:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [9151 Bytes] - [02/02/2015 20:53:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2078 Bytes] - [31/08/2016 21:47:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1429 Bytes] - [01/09/2016 12:05:24]
C:\AdwCleaner\AdwCleaner[S3].txt - [1365 Bytes] - [02/09/2016 11:56:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1438 Bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/09/2016
Scan Time: 11:58
Logfile: mbam2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.02.05
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: RogerD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334775
Time Elapsed: 3 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
PUM.Optional.ProxyHijacker, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [ec717af39ffb2313bc0ce9e85da67789]
PUM.Optional.ProxyHijacker, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [75e809646e2c7cba7d4bf6db9b6822de]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Windows Defender   
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Flash Player    22.0.0.209 
 Google Chrome (52.0.2743.116)
 Google Chrome (52.0.2743.82)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 RogerD Desktop Malware cleaning SecurityCheck.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Win 10 comes with its own AV called Windows Defender. If you wish to use another AV, make sure WD is disabled.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[RogerDonoghue]

Hiya - thanks. : log below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by RogerD (Administrator) on 02/09/2016 at 23:40:38.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Failed to delete: C:\Program Files (x86)\Common Files\innovative solutions (Folder)
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\ProgramData\innovative solutions (Folder)
Successfully deleted: C:\Users\RogerD\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\RogerD\AppData\Local\innovative solutions (Folder)
Successfully deleted: C:\WINDOWS\prefetch\AVAST_FREE_ANTIVIRUS_SETUP_ON-67E668C3.pf (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/09/2016 at 23:41:43.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[RogerDonoghue]

Hi - Eset finds nothing (and produces no log)

[SuperDave]

Any other issues with your computer?