Jump to content

Scorpion Saver- Help please!


Recommended Posts

I have managed to give my poor lappy a disease. I have browsed over other topics with similar issues and have followed the steps there.


DDS (Ver_2012-11-20.01)
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2012 6:12:03 AM
System Uptime: 12/4/2013 1:10:55 PM (0 hours ago)
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | U3E1 | 2200/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 688 GiB total, 520.312 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP58: 11/14/2013 3:57:57 AM - Windows Update
RP59: 11/21/2013 3:58:15 PM - Scheduled Checkpoint
RP61: 11/29/2013 8:22:19 PM - Scheduled Checkpoint
RP62: 12/3/2013 10:20:06 AM - Removed ScorpionSaver Services
RP63: 12/4/2013 11:02:14 AM - Removed ScorpionSaver
==== Installed Programs ======================
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
BitRaider Web Client
Business Contact Manager for Microsoft Outlook 2010
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
Guild Wars 2
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 25 (64-bit)
League of Legends
Malwarebytes Anti-Malware version
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Movie Maker
Norton 360
Norton Anti-Theft
Norton Online Backup
Norton Online Backup ARA
Norton PC Checkup
Norton Security Dashboard
Pando Media Booster
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
Premium Sound HD
Realtek Bluetooth Filter Driver Package
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Skype™ 6.3
Sql Server Customer Experience Improvement Program
Star Wars The Old Republic
Star Wars: The Old Republic
StarCraft II
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Warcraft
==== Event Viewer Messages From Past Week ========
12/3/2013 11:32:34 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.
12/3/2013 11:30:34 AM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tanja at 13:21:05 on 2013-12-04
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8076.6410 [GMT -7:00]
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
============== Running Processes ===============
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\\N360.exe
C:\Program Files (x86)\Norton 360\Engine\\N360.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by TOSHIBA

mWindow Title = Internet Explorer provided by TOSHIBA

mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\\IPS\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\\coieplg.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E} : DHCPNameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E}\2456C6B696E6F5E4F575962756C6563737F5736343541473 : DHCPNameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E}\3456E647572797C496E6B613936383 : DHCPNameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E}\75966496 : DHCPNameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E}\76F61647 : DHCPNameServer =
TCP: Interfaces\{5C9B56D8-521B-4698-B8BE-1F2C2E65D93E}\C6160747F607D275962756C6563737 : DHCPNameServer =
TCP: Interfaces\{C1667D8F-C027-4DD8-B3E2-3CAB6B6E955A} : DHCPNameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-mWindow Title = Internet Explorer provided by TOSHIBA

x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\\CoIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\\CoIEPlg.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
============= SERVICES / DRIVERS ===============
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-26 645952]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-10-26 499096]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-9-3 168608]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-23 150104]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-26 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-26 166720]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\\N360.exe [2013-11-18 264360]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe [2013-10-23 232424]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-6-12 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe [2012-9-3 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-24 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-26 365376]
R3 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ccSet_N360;N360 Settings Manager;C:\windows\System32\Drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-18 162392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2012-10-26 9216]
R3 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\\Definitions\IPSDefs\20131203.002\IDSviA64.sys [2013-12-3 521816]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-10-26 315536]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\windows\System32\Drivers\RtkBtfilter.sys [2012-10-26 24208]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-10-26 1498256]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]
R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1501000.012\SymDS64.sys [2013-11-18 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-18 1147480]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1501000.012\Ironx64.sys [2013-11-18 264280]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1501000.012\symnets.sys [2013-11-18 590936]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1501000.012\SymELAM.sys [2013-11-18 23568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-11-21 477960]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2012-12-30 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
=============== Created Last 30 ================
2013-12-04 20:11:23 -------- d-----w- C:\ProgramData\boost_interprocess
2013-12-04 20:06:00 -------- d-----w- C:\AdwCleaner
2013-11-30 09:05:23 -------- d-----w- C:\Users\Tanja\AppData\Roaming\Acreon
2013-11-30 09:05:21 -------- d-----w- C:\Users\Tanja\AppData\Local\._LiveCode_
2013-11-29 00:29:18 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-28 20:08:10 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-11-23 20:57:26 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2013-11-23 20:57:11 -------- d-----w- C:\Users\Tanja\AppData\Roaming\Guild Wars 2
2013-11-22 14:40:19 -------- d-----w- C:\Users\Tanja\AppData\Local\SWTOR
2013-11-22 06:53:11 -------- d-----w- C:\ProgramData\BitRaider
2013-11-22 06:52:59 -------- d-----w- C:\Users\Tanja\AppData\Local\SWTORPerf
2013-11-22 06:46:12 4991496 ----a-w- C:\windows\System32\D3DX9_38.dll
2013-11-22 06:46:12 3850760 ----a-w- C:\windows\SysWow64\D3DX9_38.dll
2013-11-22 06:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2013-11-18 22:08:03 858200 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-11-18 22:08:03 590936 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-11-18 22:08:03 493656 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2013-11-18 22:08:03 36952 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2013-11-18 22:08:03 264280 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-11-18 22:08:03 23568 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2013-11-18 22:08:03 162392 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-11-18 22:08:03 1147480 ----a-r- C:\windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-11-18 22:07:56 -------- d-----w- C:\windows\System32\drivers\N360x64\1501000.012
2013-11-17 17:46:30 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-11-17 17:46:30 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-11-16 02:52:35 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-16 02:52:34 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 07:39:46 -------- d-----w- C:\Users\Tanja\AppData\Roaming\Azureus
2013-11-13 07:16:18 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-11-13 07:16:18 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-11-13 07:16:17 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2013-11-13 07:16:17 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-11-13 07:16:16 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-11-13 07:16:15 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-11-13 07:16:04 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-11-13 07:16:01 10799104 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
==================== Find3M  ====================
2013-11-18 22:08:50 177752 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-01 08:22:28 27032 ----a-w- C:\windows\System32\drivers\tosrfec.sys
2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll
2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-13 22:36:37 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-09-09 07:57:00 829264 ----a-w- C:\windows\System32\msvcr100.dll
2013-09-09 07:57:00 608080 ----a-w- C:\windows\System32\msvcp100.dll
============= FINISH: 13:21:33.68 ===============



# AdwCleaner v3.014 - Report created 04/12/2013 at 13:09:49
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Tanja - BABY
# Running from : C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\095DROBY\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Tanja\AppData\Local\Conduit
Folder Deleted : C:\Users\Tanja\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tanja\AppData\Roaming\pccustubinstaller
File Deleted : C:\END
File Deleted : C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

-\\ Google Chrome v

[ File : C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup


AdwCleaner[R0].txt - [3830 octets] - [04/12/2013 13:06:08]
AdwCleaner[s0].txt - [3354 octets] - [04/12/2013 13:09:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3414 octets] ##########



Any help would be greatly appreciated.


Thank you,




Link to post
Share on other sites

Hello and post-32477-1261866970.gif


P2P/Piracy Warning:



If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.




Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan

Make sure that everything is checked, and click Remove Selected on any found items.


Post the produced log




Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.


http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….


http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit


[*]Double-click SystemLook.exe to run it.

[*]Copy the content of the following codebox into the main textfield:




[*]Click the Look button to start the scan.

[*]When finished, a notepad window will open with the results of the scan. Please post this log

Link to post
Share on other sites

Thank you very much for the fast reply.  Below is the Malwarebytes log.

Malwarebytes Anti-Malware

Database version: v2013.12.03.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Tanja :: BABY [administrator]

12/4/2013 1:37:09 PM
MBAM-log-2013-12-04 (13-40-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217346
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)



I am following the second step now and will post that log as soon as I am done.

Link to post
Share on other sites

I actually posted the report before removing, sorry.

Malwarebytes Anti-Malware

Database version: v2013.12.03.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Tanja :: BABY [administrator]

12/4/2013 1:37:09 PM
mbam-log-2013-12-04 (13-37-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217346
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)



Link to post
Share on other sites

SystemLook Report



SystemLook 30.07.11 by jpshortstuff
Log created at 13:45 on 04/12/2013 by Tanja
Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"
C:\Users\Tanja\AppData\Local\Temp\AdpeakProxyr.log --a---- 568 bytes [17:21 03/12/2013] [17:21 03/12/2013] 9B90D5DE07E4857DFC310AC922DAE500
C:\Windows\Prefetch\ADPEAKPROXY.EXE-F14FF58A.pf --a---- 42402 bytes [20:19 29/11/2013] [17:21 03/12/2013] C007D5183A3008C4BDC25A81EED22A27
C:\Windows\Prefetch\ADPEAKWFPINSTALLER.EXE-E5ED1597.pf --a---- 20604 bytes [20:19 29/11/2013] [17:21 03/12/2013] 8AC39B0D266F552FB25C512D0BF255DC
C:\Windows\Temp\AdpeakProxyr.log --a---- 613 bytes [17:20 03/12/2013] [17:21 03/12/2013] 419695BC4ACE91D6208A095D491339A3

Searching for "Adpeak.*"
No files found.

Searching for "*Scorpion*"
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\Skarner_Scorpion_TX_CM.DDS --a---- 91432 bytes [15:20 31/08/2013] [15:20 31/08/2013] 5E9676AD1DA681E0DA49B7AB503B4B1D
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\SkarnerScorpion.manifest --a---- 214 bytes [15:20 31/08/2013] [15:20 31/08/2013] A9469EC644FE6C02C5735F575C28E1F7
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\SkarnerScorpion.blnd --a---- 1057 bytes [15:20 31/08/2013] [21:04 04/09/2013] 0E5DE47E6799CDB0864663BC1D828F96
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\Skarner_scorpion.skl --a---- 3843 bytes [15:20 31/08/2013] [15:20 31/08/2013] AE7A4D975396A5C7F31A29EB7840CB1E
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\Skarner_scorpion.skn --a---- 144170 bytes [15:20 31/08/2013] [15:20 31/08/2013] 12FBF1AC5E4E5E3A4F206927A47F8A5D
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\Animations\Skarner_scorpion_laugh.anm --a---- 81271 bytes [15:20 31/08/2013] [15:20 31/08/2013] 32C2B7A1264BBF92B878A2DF1D473677
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Characters\Skarner\Animations\Skarner_scorpion_taunt.anm --a---- 95743 bytes [15:20 31/08/2013] [15:20 31/08/2013] 9C2D468F56DB7F096C5B1BE434E5438D
C:\Riot Games\League of Legends\EU League\RADS\projects\lol_game_client\filearchives\\DATA\Particles\skarner_scorpion_TX_CM_crystalized_v01.dds --a---- 173934 bytes [15:35 31/08/2013] [15:35 31/08/2013] 1D8873DD6EA58362E5A8651A34BC4762
C:\temp\scorpionsaver.exe --a---- 549520 bytes [20:51 26/11/2013] [02:04 04/12/2013] 210184CBA5317C1EEEDCE09649E221AF
C:\temp\ScorpionSaver.msi --a---- 3182592 bytes [18:30 03/12/2013] [18:43 04/12/2013] C0D3EACC48A41057DE0838C09B97A3A7
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19313ZRB\remove-scorpion-saver[1].htm --a---- 53805 bytes [18:07 04/12/2013] [18:07 04/12/2013] 66562471F6943F05DCEE845C08B08B8B
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1XRYSEB\remove-scorpion-saver[1].htm --a---- 53805 bytes [18:44 04/12/2013] [18:44 04/12/2013] 66562471F6943F05DCEE845C08B08B8B
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YHYGG42X\remove-scorpion-saver[1].htm --a---- 53805 bytes [19:03 04/12/2013] [19:03 04/12/2013] 66562471F6943F05DCEE845C08B08B8B
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver[1].png --a---- 1342 bytes [17:55 04/12/2013] [17:55 04/12/2013] C51DCB4776983987646A297AF0F32917
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver_1[1].png --a---- 206434 bytes [17:55 04/12/2013] [17:55 04/12/2013] E4B3DED31FE89CF8A7DE68C0D6B9BF03
C:\Windows\Prefetch\SCORPIONSAVER.EXE-74A64951.pf --a---- 29774 bytes [15:47 03/12/2013] [02:04 04/12/2013] A34933EB14508DDE9E19D1AC84ECDA74

Searching for "Scopion.*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
No folders found.

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\Microsoft\Internet Explorer\TypedURLs]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

Searching for "*adpeak*"
No data found.

Searching for "adpeak"
"Publisher"="Adpeak, Inc."
"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

-= EOF =-

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)


Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]"url4"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\D5C83A78-4BE2-44AC-A71B-8A4EDE7DE931][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"=-[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\AppDataLow\Software\Scorpion Saver][HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\Microsoft\Internet Explorer\TypedURLs]"url4"=-[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakProxy][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"=-[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"=-:FilesC:\Program Files\ScorpionSaver ServicesC:\Windows\Prefetch\SCORPIONSAVER.EXE-74A64951.pfC:\Users\Tanja\AppData\Local\Temp\AdpeakProxyr.logC:\Windows\Prefetch\ADPEAKPROXY.EXE-F14FF58A.pfC:\Windows\Prefetch\ADPEAKWFPINSTALLER.EXE-E5ED1597.pfC:\Windows\Temp\AdpeakProxyr.logC:\temp\scorpionsaver.exeC:\temp\ScorpionSaver.msiC:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19313ZRB\remove-scorpion-saver[1].htmC:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1XRYSEB\remove-scorpion-saver[1].htmC:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YHYGG42X\remove-scorpion-saver[1].htmC:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver[1].pngC:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver_1[1].png:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:


Where mmddyyyy_hhmmss is the date of the tool run.

Link to post
Share on other sites

Thank you again. Below are the results.


All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\\url4 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\D5C83A78-4BE2-44AC-A71B-8A4EDE7DE931\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0\\AppFullPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0\\AppFullPath not found.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\AppDataLow\Software\Scorpion Saver\ not found.
Registry value HKEY_USERS\S-1-5-21-1572516609-3383144146-929336190-1001\Software\Microsoft\Internet Explorer\TypedURLs\\url4 not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakProxy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0\\AppFullPath not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0\\AppFullPath not found.
========== FILES ==========
File/Folder C:\Program Files\ScorpionSaver Services not found.
C:\Windows\Prefetch\SCORPIONSAVER.EXE-74A64951.pf moved successfully.
C:\Users\Tanja\AppData\Local\Temp\AdpeakProxyr.log moved successfully.
C:\Windows\Prefetch\ADPEAKPROXY.EXE-F14FF58A.pf moved successfully.
C:\Windows\Prefetch\ADPEAKWFPINSTALLER.EXE-E5ED1597.pf moved successfully.
C:\Windows\Temp\AdpeakProxyr.log moved successfully.
C:\temp\scorpionsaver.exe moved successfully.
C:\temp\ScorpionSaver.msi moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19313ZRB\remove-scorpion-saver[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1XRYSEB\remove-scorpion-saver[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YHYGG42X\remove-scorpion-saver[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver[1].png moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQ5GRF2Q\scorpion-saver_1[1].png moved successfully.
========== COMMANDS ==========
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hedev
->Temp folder emptied: 43164427 bytes
User: Public
User: Tanja
->Temp folder emptied: 4850466 bytes
->Temporary Internet Files folder emptied: 270031730 bytes
->Google Chrome cache emptied: 433682723 bytes
->Flash cache emptied: 48874 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 354154 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10005934 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 10403066797 bytes
Total Files Cleaned = 10,648.00 mb
OTM by OldTimer - Version log created on 12042013_162419

Files moved on Reboot...
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UA527J9U\fastbutton[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UA527J9U\like[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A1XRYSEB\index[3].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19313ZRB\postmessageRelay[2].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19313ZRB\xd_arbiter[1].htm moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...


Link to post
Share on other sites

Hey you`re very welcome, scorpion seems to have been well and truly put to the sword, ok one last scan to make sure we are on top....


We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:


Run Eset Online Scanner


**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin


Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish


When the scan is complete


  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found


  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish


close program


copy and paste the report in next reply


and a final diagnostic to look at security, status of Java, adobe etc etc.....


Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Its nearly 1 am local time for me, need sleep. Will catch up later...



Link to post
Share on other sites

I had not. I may or may not have skipped over the last step. :unsure: I am going to blame it on lack of sleep...



Results of screen317's Security Check version 0.99.77 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
Norton 360        
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 
 Adobe Flash Player  11.9.900.117 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Internet Explorer needs to be updated to version 11, that is really up to you. Next,


Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader


Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.


Untick the option for any security scanner or toolbar if offered.


Download and install.


Having the latest updates ensures there are no security vulnerabilities in your system.


Let me know when that completes, also tell me if there are any remaining issues or concerns....

Link to post
Share on other sites

Thanks for response, not much to do to clean up...


Use OTM to uninstall tools used and itself....


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.




You can delete Security Checks and any produced logs, same with DDS.


Other than that you should be good to go. Read the following link to fully understand PC security and best practices, you may find it useful....




Take care,



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.