Connection not private - ongoing

Do other browsers have the same issue or Chrome?

Are you running a VPN?

Yes, all browsers have the same problem.

I have AVG vpn installed but it isnt set to auto connect, so I dont use it all that much.

@maramessi Would you like to check for malware/adware? Or have you already done that? We can go thru and clean up the machine in the process of removing any malware/adware. With the tools used in malware removal it should give me a decent idea of what is going even if it is not a malware issue.

I am happy do that, not done it yet.

Should I do it on my own or will you give me some advice?

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as administrator. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]

---

.

Ok, these logs take while to go over, while I check them please run these two tools.

Adware Cleaner

[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

---

Download Malwarebytes v.4 . Install and run.
[ul]
[li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]

Here are the reports you asked for, hope I’ve done everything right - I think I have

Uninstall Useless programs!
Hit the windows key and R at the same time.
Type [COLOR=rgb(184, 49, 47)]appwiz.cpl hit ok.
Uninstall these programs below.

Driver Easy 5.7.3

---

Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk

Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.

[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif

---

Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.

[ICODE]O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software (empty) O22 - Tasks: (disabled) Driver Easy Scheduled Scan - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe O22 - Tasks: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)[/ICODE]

---

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][li]Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.[/li][/ol]
Please Attach the contents of these logs in your next post for review by our Security Team[/IMG][/COLOR]

I wasn’t able to remove the below from Hijack This - presumably because I deleted it after advice a few posts ago. The other 2 were removed no problem.

O22 - Tasks: (disabled) Driver Easy Scheduled Scan - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

Download and run Startup lite.

---

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[ICODE] Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X] C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3a875e6f-2e40-4768-bda4-fefa751dbca2}: [DhcpNameServer] 192.168.15.52 Tcpip\..\Interfaces\{6216a534-b922-4cef-9d95-8aa9039f6fbb}: [NameServer] 100.120.30.1 Tcpip\..\Interfaces\{63e8001e-faba-418f-a62a-c98a9380e3e7}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{eb8c6cba-ebc5-479c-8e25-a48edc6943c7}: [DhcpNameServer] 192.168.15.52 FirewallRules: [TCP Query User{F24EAD7D-B830-4521-86D7-DD318BA1F3B3}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{35BB12DE-AD7F-405B-B24D-C2DC88CAA809}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortnit eclient-win64-shipping.exe => No File FirewallRules: [{4F892332-3556-4238-9E97-6F02E2F61F81}] => (Allow) D:\SteamLibrary\steamapps\common\Golf It!\GolfIt.exe => No File FirewallRules: [{C126190A-8487-4BE8-9A9A-171F12205D0A}] => (Allow) D:\SteamLibrary\steamapps\common\Golf It!\GolfIt.exe => No File FirewallRules: [{D1CD37FF-6417-4CC9-A639-DD1E39F22DF3}] => (Allow) C:\Users\David Lindsay\AppData\Local\Temp\EpInsNav\DL\3013\Networ k\EpsonNetSetup\Data\ENEasyApp.exe => No File FirewallRules: [{28254DD9-FEB9-4776-B43D-93DA6BD0F46A}] => (Allow) C:\Users\David Lindsay\AppData\Local\Temp\EpInsNav\DL\3013\Networ k\EpsonNetSetup\Data\ENEasyApp.exe => No File C:\WINDOWS\system32\drivers\etc\hosts Hosts: ShortcutWithArgument: C:\Users\David Lindsay\Desktop\David - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\David Lindsay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\David (alloccasionscateringevents.com) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: net stop bits Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*. db C:\ProgramData\Microsoft\Network\Downloader\qmgr*. db.old cmd: net start bits cmd: bitsadmin /list /allusers CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R" CMD: "%WINDIR%\SysWOW64\lodctr.exe /R" CMD: "C:\Windows\SYSTEM32\lodctr.exe /R" CMD: "C:\Windows\SysWOW64\lodctr.exe /R" CMD: del /f /s /q %windir%\prefetch\*.* CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.* CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\Use r Data\Default\Cache\*.*" cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\Us er Data\Default\Cache\*.*" cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*" CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" CMD: ipconfig /flushdns C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp emptytemp: Reboot: End::[/ICODE][/COLOR]

Ok, no problem, move onto the fix with FRST.

I’ve done the scan and its rebooted, files attached but what was I to do with the text you told me to copy above? I can’t see you telling me to paste it anywhere.

When you copy it to the clipboard, it is what the FRST program will use, to create a fixlog, that you just posted. Those items are fixed/removed from within the clipboard via FRST.

How is the original issue now? Can you test and see what happens please.