unable to remove scorpion saver

[DarkTempest]

Been trying to remove scorpion saver this pass week but had no success so far.

 

[TwinHeadedEagle]

Hi,


<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[DarkTempest]

Dunno why it says my OS is window 7 when its windows 8


# AdwCleaner v3.014 - Report created 04/12/2013 at 11:57:01
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : nguye_000 - HOME
# Running from : C:\Users\nguye_000\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MixiDJ_V30
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\nguye_000\AppData\Local\Conduit
Folder Deleted : C:\Users\nguye_000\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\nguye_000\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\nguye_000\AppData\LocalLow\MixiDJ_V30
Folder Deleted : C:\Users\nguye_000\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\CT3298566
Folder Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\CT3287811
Folder Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\Extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
File Deleted : C:\END
File Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\searchplugins\Conduit.xml
File Deleted : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\user.js
File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D7EFFD6-4720-4EC6-84CE-E360A985EA76}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1FE5724-9385-4B29-AC3D-F54AC77C99CC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V30
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\MixiDJ_V30
Key Deleted : [x64] HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\nguye_000\AppData\Roaming\Mozilla\Firefox\Profiles\ivlunut2.default\prefs.js ]

Line Deleted : user_pref("CT3287811.FF19Solved", "true");
Line Deleted : user_pref("CT3287811.UserID", "UN30340850852978179");
Line Deleted : user_pref("CT3287811.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287811.fullUserID", "UN30340850852978179.IN.20131114183859");
Line Deleted : user_pref("CT3287811.installDate", "14/11/2013 18:39:00");
Line Deleted : user_pref("CT3287811.installSessionId", "{D0271A7F-6EE7-4014-93A2-38C62137958B}");
Line Deleted : user_pref("CT3287811.installSp", "TRUE");
Line Deleted : user_pref("CT3287811.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3287811.keyword", "true");
Line Deleted : user_pref("CT3287811.originalHomepage", "about:home");
Line Deleted : user_pref("CT3287811.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3287811.originalSearchEngine", "");
Line Deleted : user_pref("CT3287811.originalSearchEngineName", "");
Line Deleted : user_pref("CT3287811.searchRevert", "false");
Line Deleted : user_pref("CT3287811.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3287811.searchUserMode", "2");
Line Deleted : user_pref("CT3287811.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287811.toolbarInstallDate", "14-11-2013 18:38:59");
Line Deleted : user_pref("CT3287811.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3287811.xpeMode", "0");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.UserID", "UN28668947961250770");
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.fullUserID", "UN28668947961250770.IN.20131114184131");
Line Deleted : user_pref("CT3298566.installDate", "14/11/2013 18:41:32");
Line Deleted : user_pref("CT3298566.installSessionId", "{4FB26C1F-FF2F-4307-8DF5-9B2DD4841589}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN30340850852978179&UM=2&SearchSource=13");
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN30340850852978179&UM=2&q=");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "VisualBee V.12 Customized Web Search");
Line Deleted : user_pref("CT3298566.originalSearchEngineName", "VisualBee V.12 Customized Web Search");
Line Deleted : user_pref("CT3298566.searchRevert", "false");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3298566.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN28668947961250770&UM=2&UP=SP8D835A86-40EB-4E28-B7F0-69523DE4C32C");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN30340850852978179&UM=2&q=");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN28668947961250770&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN30340850852978179&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN28668947961250770&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN30340850852978179&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.machineId", "6MHFSJHLG4ED7WIYMCOEVA4BYQXLQTIEENM1PROV/JARDDGL4OBHEGHVCFYC432H+K+DT6NUC8BF4XUHTTZCGG");

*************************

AdwCleaner[R0].txt - [11679 octets] - [04/12/2013 11:03:29]
AdwCleaner[R1].txt - [11740 octets] - [04/12/2013 11:05:00]
AdwCleaner[R2].txt - [11804 octets] - [04/12/2013 11:06:03]
AdwCleaner[S0].txt - [10984 octets] - [04/12/2013 11:57:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11045 octets] ##########

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.


How are the things now?

 

[DarkTempest]

Still unable to remove scorpion

 

[TwinHeadedEagle]

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  emptyclsid;
  shortcutfix;
  emptyalltemp; 
  autoclean;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[DarkTempest]

zoek result attached

 

[TwinHeadedEagle]

Any progress? In which browsers is it present?

 

[DarkTempest]

its stopped but I cant remove scorpion when I go to my add/remove program

 

[TwinHeadedEagle]

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[DarkTempest]

result attached

 

[TwinHeadedEagle]

Re-run Zoek, copy following into the white space, and click Run Script

[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}];r

How are the things now?

 

[DarkTempest]

Sorry bout not replying was out of town

Zoek.exe v5.0.0.0 Updated 18-December-2013
Tool run by nguye_000 on Thu 12/19/2013 at 13:28:27.51.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\nguye_000\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-04-212939.log 13564 bytes
C:\zoek-results2013-12-05-180717.log 7165 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

==== EOF on Thu 12/19/2013 at 13:29:04.65 ======================

 

[TwinHeadedEagle]

How are the things now? Scorpion still present? Any other issues?

 

[DarkTempest]

still unable to remove scorpion

 

[TwinHeadedEagle]

From Control Panel or in browsers?

 

[DarkTempest]

control panel

 

[TwinHeadedEagle]

Re-run Zoek with this script

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

 

[DarkTempest]

log attached

 

[TwinHeadedEagle]

> Re-run zoek with this script and attach here fresh zoek log results.

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495];r
c:\WINDOWS\Installer\46f3c50.msi;f
autoclean;
emptyalltemp;