javadth

New Member
hi yesterday i was looking for a pdf edit soft so i find
Code:
pdfill.com
, then i installed it , but after some minutes i got there was a problem in my mozilla because every time i click in page , my popupblocker plugin shows a message and opens a unwanted page so i got that i have browser hijack issue
i tried this ways

1 - installing : Malwarebytes , Adaware Antivirus , IObit Malware Fighter , windows 10 malware remover
https://malwaretips.com/blogs/remove-tradeadexchange-com-popup/#malwarebytes
and some of them find some problems and i removed them

2 - restarting Firefox , removing tags from Firefox properties

but problem didnt solved and still i have browser hijack issue
 

javadth

New Member
this is a log from AdwCleaner 7.0.1.0


# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 06 09:30:23 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Enterprise (X64)
# Mode: clean
# Support: Customer Support & Help Center

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\javad\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Speedup
Deleted: C:\Program Files (x86)\Disk Speedup
Deleted: C:\Users\javad\AppData\Roaming\ProgSense
Deleted: C:\Users\javad\AppData\Local\DriverToolkit
Deleted: C:\Users\javad\AppData\Roaming\GrabPro
Deleted: C:\ProgramData\Uniblue
Deleted: C:\ProgramData\Application Data\Uniblue
Deleted: C:\Program Files (x86)\Uniblue
Deleted: C:\Users\All Users\Uniblue
Deleted: C:\Program Files (x86)\lavasoft\web companion
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Users\javad\AppData\Roaming\DRPSu
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown
Deleted: C:\ProgramData\Audyssey Labs
Deleted: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}


***** [ Files ] *****

Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWETIi0x4Fc8s%2FzHiEGk82WwfBa2vCIDLrLjR0YewvGdFRqMcBfRzhc%3D]
Cleaned: C:\Users\Public\Desktop\Opera Browser.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWETIi0x4Fc8s%2FzHiEGk82WwfBa2vCIDLrLjR0YewvGdFRqMcBfRzhc%3D]


***** [ Tasks ] *****

Deleted: DRIVERTOOLKIT AUTORUN
Deleted: DriverPack Notifier


***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\ProgSense
Deleted: [Key] - HKCU\Software\ProgSense
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Orbit
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Orbit
Deleted: [Key] - HKCU\Software\Orbit
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Deleted: [Key] - HKLM\SOFTWARE\Uniblue
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Reimage
Deleted: [Key] - HKCU\Software\Reimage
Deleted: [Key] - HKLM\SOFTWARE\WISECLEANER
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted: [Key] - HKLM\SOFTWARE\drpsu
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: MSN Homepage & Bing Search Engine -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8505 B] - [2017/8/6 9:27:41]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

javadth

New Member
I REMOVED Adaware Antivirus , IObit Malware Fighter & Malware Hunter Pro and Mozilla folder in appdata folder so problem solved