Solved how can remove tradeadexchange browser hijacker

javadth

New Member
Thread author
Aug 6, 2017
3
hi yesterday i was looking for a pdf edit soft so i find
Code:
pdfill.com
, then i installed it , but after some minutes i got there was a problem in my mozilla because every time i click in page , my popupblocker plugin shows a message and opens a unwanted page so i got that i have browser hijack issue
i tried this ways

1 - installing : Malwarebytes , Adaware Antivirus , IObit Malware Fighter , windows 10 malware remover
https://malwaretips.com/blogs/remove-tradeadexchange-com-popup/#malwarebytes
and some of them find some problems and i removed them

2 - restarting Firefox , removing tags from Firefox properties

but problem didnt solved and still i have browser hijack issue
 

javadth

New Member
Thread author
Aug 6, 2017
3
this is a log from AdwCleaner 7.0.1.0


# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 06 09:30:23 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 10 Enterprise (X64)
# Mode: clean
# Support: Customer Support & Help Center

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\javad\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Speedup
Deleted: C:\Program Files (x86)\Disk Speedup
Deleted: C:\Users\javad\AppData\Roaming\ProgSense
Deleted: C:\Users\javad\AppData\Local\DriverToolkit
Deleted: C:\Users\javad\AppData\Roaming\GrabPro
Deleted: C:\ProgramData\Uniblue
Deleted: C:\ProgramData\Application Data\Uniblue
Deleted: C:\Program Files (x86)\Uniblue
Deleted: C:\Users\All Users\Uniblue
Deleted: C:\Program Files (x86)\lavasoft\web companion
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Users\javad\AppData\Roaming\DRPSu
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown
Deleted: C:\ProgramData\Audyssey Labs
Deleted: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}


***** [ Files ] *****

Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWETIi0x4Fc8s%2FzHiEGk82WwfBa2vCIDLrLjR0YewvGdFRqMcBfRzhc%3D]
Cleaned: C:\Users\Public\Desktop\Opera Browser.lnk[https:\\launchpage.org\?uid=oTlKGGjMhxpsXWETIi0x4Fc8s%2FzHiEGk82WwfBa2vCIDLrLjR0YewvGdFRqMcBfRzhc%3D]


***** [ Tasks ] *****

Deleted: DRIVERTOOLKIT AUTORUN
Deleted: DriverPack Notifier


***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\ProgSense
Deleted: [Key] - HKCU\Software\ProgSense
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Orbit
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Orbit
Deleted: [Key] - HKCU\Software\Orbit
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Deleted: [Key] - HKLM\SOFTWARE\Uniblue
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\Reimage
Deleted: [Key] - HKCU\Software\Reimage
Deleted: [Key] - HKLM\SOFTWARE\WISECLEANER
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted: [Key] - HKLM\SOFTWARE\drpsu
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\drpsu
Deleted: [Key] - HKCU\Software\drpsu
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-1791944167-172722019-4007715338-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: MSN Homepage & Bing Search Engine -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8505 B] - [2017/8/6 9:27:41]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

javadth

New Member
Thread author
Aug 6, 2017
3
I REMOVED Adaware Antivirus , IObit Malware Fighter & Malware Hunter Pro and Mozilla folder in appdata folder so problem solved
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top