Browser Redirecting to unwanted websites

[essexboy]

This will reset the chrome start page

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=042913","hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_37&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtD0EtAyByEtDzzyBtC0DtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2S0EtBzztAtA0EzzzztG0DyDtBzytGyE0EyByDtGzz0DyByCtG0Bzy0F0ByE0F0EyE0AtB0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DtAzy0FyB0D0DtG0CzztC0EtGyE0ByB0FtGzzzytA0CtG0Dzy0CtA0Fzy0EtD0DzytD0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1684186756%26a%3Dwncy_pwrisofs_15_37%26os%3DWindows%2B7%2BProfessional"
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

I guess it has something to do with connectify installation. Malwareware bite was showing attachment of tradeexachene.com to connectfy.exe apart from chrome.exe. Now i have uninstalled connectify

[essexboy]

Has that remedied the problem ?

[REDACTED]

nope.problem still persists

[essexboy]

Whereabouts are you as your DNS server is in the UK

[REDACTED]

I am from India. My ISP is an Indian public company(BSNL)

[essexboy]

OK run this please

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 31.3.244.138 31.3.244.131
Tcpip\..\Interfaces\{861676AB-200C-4F90-931E-6BCB4276B1C6}: [DhcpNameServer] 31.3.244.138 31.3.244.131
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

No luck mate.
PFA

[essexboy]

The only thing I can think of now, as it affects all browsers, is that it is built in to your network modem can you reset that ?

[REDACTED]

yes i was thinking the same. i have done it before but not after we started disinfection process.

[essexboy]

OK if you could reset it and then see when or if it re-occurs...  I am thinking here that there may be a webpage that is infected

[REDACTED]

Problem still there after modem reset. MBAM showing redirection happening through terraclick.com unlike earlier tradexcahnge.com

Many credible sites being redirected including independent.co.uk. so i am ruling out any particular webpage being infected

[essexboy]

OK lets reset Chrome and see if that helps

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2.Go into the dashboard. Log in. https://www.google.com/settings/dashboard?hl=en
3.Scroll down to “Chrome Sync” and click “Manage Chrome Sync” on the right.
4.Go to bottom of resulting summary page and click “Stop and Clear.” It will ask you if you really want to, and if you do, in fact, really want to, click “Ok.”
5. Now we need to uninstall chrome.
 Note: When asked about user data or settings you must remove this also so please check the box.
6. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
7. Import your bookmarks back into Chrome
8. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

[REDACTED]

adware still lurking after chrome reinstallation

[essexboy]

Please download and install Glasswire
Once it is installed then leave it running in the system tray
When an alert is received open Glasswire
Select the alerts tab
Locate on the right the address tradexchange.com
Hover over the file name under that address and either post a screenshot or let me know what file it is
To get the full file name and path if it is truncated cursor over the file name
In my example it is my Kingsoft updater running