why PUM.Proxy doesn't detected by AdwCleaner or Malwarebytes !!

[REDACTED]

RogueKiller always detect  PUM.Proxy that doesn't detected by AdwCleaner or Malwarebytes or even JRT

 i use vpn add-in with Firefox called ""browsec""
add-in website : https://browsec.com
i am the lonely user for this pc that has one profile only  ,could u check the log for any further risks !!!!
  report is attached

[Eddy]

We use other tools/logs to check things > http://forum.avast.com/index.php?topic=53253.0

[Pondus]

PUM = Possible Unwanted Modification ... Rkill does not know if you or malware did that modification so it warns

[REDACTED]

ok here is farbar and adwcleaner report

[Eddy]

FRST.txt is not complete.

You need to remove Kaspersky and Hitman Pro if you want to use avast.

[DavidR]

<snip>
You need to remove Kaspersky and Hitman Pro if you want to use avast.

Yes on a 2nd AV (Kaspersky), however, Hitman Pro isn't a resident AV but a multi-engine on-demand scanner. That said Hitman Pro can cause issues with autonomous actions to delete detected files.

[REDACTED]

removed  Kaspersky and Hitman Pro
and attached fresh scan of farbar and Malwarebytes

[essexboy]

Did you set this proxy or is it part of browsec ?

FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 49736
FF NetworkProxy: "no_proxies_on", "localhost, localdomain, .localdomain, local, .local, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, www.google-analytics.com"
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 49736
FF NetworkProxy: "type", 4

[REDACTED]

well yes this proxy set automatically when i activated  browsec addin

[essexboy]

That is what RK is detecting and why it is potentially unwanted

[REDACTED]

That is what RK is detecting and why it is potentially unwanted

so do u think should i remove it !!! what is the possibly risks if i keep it !!!

[essexboy]

When you use a vpn like this you are opening your system to proxy addresses

Browsec’s privacy policy discloses that they collect information about your surfing habits when the proxy is switched on and data can be used for monitoring and research, it is also disclosed that after anonymising the data, it can be shared with business partners, a standard way of funding for most unlimited VPN providers, you normally get hassled to upgrade the service to a paid package or, like in this case the company makes money selling your data to outsiders.

http://www.hacker10.com/other-computing/review-free-anonymous-surfing-proxy-browsec/

but the choice is yours,

[REDACTED]

thanks Mr.essexboy  Mr.Eddy and Mr.Pondus Mr.DavidR "You guys are the best"
browsec  seem doing more than collect information about my surfing habits
however i remove this browsec  and i replaced with hotspot shield ( which seems worst )
one more  last 3  thing
1-my avast objects board gets hidden or error massage tells i am not protcted just  in case if i temporary disable it for 10 min or more (it works fine after restart )
2-any fixlist for host files !!
3-windows update disabled permanently
attached photo of my avast board and fresh farbar scan

[essexboy]

HOST file appears good

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 14:04 - 2016-04-19 19:22 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   localhost

Try a repair of Avast and see if that resets the GUI

Did you disable windows updates ?
Download and run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[REDACTED]

Farbar Service Scanner Version: 27-01-2016
Ran by ME (administrator) on 21-04-2016 at 00:37:54
Running from "C:\Users\ME\Downloads\Programs"
Microsoft Windows 10 Enterprise  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend: "%SystemRoot%\System32\svchost.exe -k secsvcs".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****