Solved Homepage and searchbar adware

[StabbyMW]

So I was looking for an ISO boot software and since I have used daemon tools in the past I decided to install the lite version, biggest mistake i've made.
I noticed immediately something was wrong so I performed a malware scan which removed most of the problems, I also ran a rootkit scan and used the adwcleaner software they provide, this got rid of most of the viruses.
After a while I noticed a PuP keept reappearing even though I moved it to quarantine and deleted it, it was located in the google chrome folder under Secure Preferences.
I looked at the setting and noticed a strange string of characters and letters under my home button.
I googled a bit the issue and came across a thread on this forum about a guy with a similar issue so I installed FRST64 performed a scan and there they were, now I have located the malware but i don't have the knowledge to make a fixlist.txt so I decided to ask you for help.

 

[TwinHeadedEagle]

Hello,


Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[StabbyMW]

Thanks, it seems as for now the virus has been removed I will scan in the future again to see if it comes back.
I wanna know since this antivirus seemed to do a better job should I keep this or just leave it to Malwarebytes, also do you have any advice on which antivirus would be better in general?
I also noticed these two files which I think I remains from the daemon tools uninstall, is there a way to get rid of them?
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-12-27] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-27] (Disc Soft Ltd)

 

[TwinHeadedEagle]

Try these commands in Command Prompt

sc delete dtlitescsibus
sc delete dtliteusbbus

del C:\Windows\System32\DRIVERS\dtlitescsibus.sys
del C:\Windows\System32\DRIVERS\dtliteusbbus.sys

 

[StabbyMW]

Try these commands in Command Prompt

sc delete dtlitescsibus
sc delete dtliteusbbus

del C:\Windows\System32\DRIVERS\dtlitescsibus.sys
del C:\Windows\System32\DRIVERS\dtliteusbbus.sys

Looks like access is denied.

 

[TwinHeadedEagle]

Yes. Try this fix please:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[StabbyMW]

Yes. Try this fix please:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Thanks a lot you really helped me, should I keep both antiviruses?

 

[TwinHeadedEagle]

Yes, you can.