Re: remove "giant savings"dll
1,215 views
Skip to first unread message
Roger Karlsson
Aug 14, 2012, 2:36:21 AM8/14/12
to freefix...@googlegroups.com
On 2012-08-10 23:21, STROLLINDUDE wrote:
> Great product!!...exterminate it!!.....says i have the"giant
> savings"dll.....but was not found by freefixer....could this be a
> false positive??....need to get rid of this soon!!..lol.....thank you
> for any and all help!! --
> You received this message because you are subscribed to the Google
> Groups "FreeFixer User Forum" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/freefixer-forum/-/WW0BFSG-uEwJ.
> To post to this group, send email to freefix...@googlegroups.com.
> To unsubscribe from this group, send email to
> freefixer-for...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/freefixer-forum?hl=en.
Hello,
Please copy/paste the FreeFixer log and I'll have a look at it.
/Roger
> Great product!!...exterminate it!!.....says i have the"giant
> savings"dll.....but was not found by freefixer....could this be a
> false positive??....need to get rid of this soon!!..lol.....thank you
> for any and all help!! --
> You received this message because you are subscribed to the Google
> Groups "FreeFixer User Forum" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/freefixer-forum/-/WW0BFSG-uEwJ.
> To post to this group, send email to freefix...@googlegroups.com.
> To unsubscribe from this group, send email to
> freefixer-for...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/freefixer-forum?hl=en.
Hello,
Please copy/paste the FreeFixer log and I'll have a look at it.
/Roger
Roger Karlsson
Aug 19, 2012, 5:12:19 PM8/19/12
to freefix...@googlegroups.com
Hello Strollindude,
When FreeFixer has finished the scan, there's a "Save log" link which allows you to save your log to disk. Once you have saved it to disk, you can open the log and copy/paste the log file contents into the email. Hope that helped.
/Roger
On 2012-08-17 20:36, STROLLINDUDE wrote:
When FreeFixer has finished the scan, there's a "Save log" link which allows you to save your log to disk. Once you have saved it to disk, you can open the log and copy/paste the log file contents into the email. Hope that helped.
/Roger
On 2012-08-17 20:36, STROLLINDUDE wrote:
HI ROGER KARLSSON...MY NAME IS LANCE...THANKS FOR YOUR REPLY...WILL YOU TELL ME HOW TO GET THE LOG TO YOU?.LOL..I AM KIND OF A NEWBIE...THE ANTIVIRUS.."EXTERMINATE"..FOUND."GIANT SAVINGS"..ON MY LAPTOP...I SCANNED WITH "FREE FIXER"...BUT I DONT SEE THE RESULT ON ITS LOG......"EXTERMINATE IT"...IS POWERFUL...AND USUALLY TELLS THE TRUTH..LOL....THANK YOU FOR YOUR TIME AND ANY REPLY ROGER....HONESTLY I DONT EVEN KNOW IF I AM USING THE RIGHT METHOD OF REPLYING TO YOU..LOL..THANKS AGAIN ROGER....HAVE A GREAT WEEKEND.
On Friday, August 10, 2012 5:21:43 PM UTC-4, STROLLINDUDE wrote:Great product!!...exterminate it!!.....says i have the"giant savings"dll.....but was not found by freefixer....could this be a false positive??....need to get rid of this soon!!..lol.....thank you for any and all help!!--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To view this discussion on the web visit https://groups.google.com/d/msg/freefixer-forum/-/lTmxrijJiP4J.
Royce Savory
Aug 15, 2012, 10:12:45 PM8/15/12
to freefix...@googlegroups.com
On Tue, Aug 14, 2012 at 1:36 AM, Roger Karlsson <ma...@rogerkarlsson.com> wrote:
On 2012-08-10 23:21, STROLLINDUDE wrote:
Great product!!...exterminate it!!.....says i have the"giant savings"dll.....but was not found by freefixer....could this be a false positive??....need to get rid of this soon!!..lol.....thank you for any and all help!! --
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To view this discussion on the web visit https://groups.google.com/d/msg/freefixer-forum/-/WW0BFSG-uEwJ.
To post to this group, send email to freefixer-forum@googlegroups.com.
To unsubscribe from this group, send email to freefixer-forum+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/freefixer-forum?hl=en.
Hello,
Please copy/paste the FreeFixer log and I'll have a look at it.
/Roger
--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To post to this group, send email to freefixer-forum@googlegroups.com.
To unsubscribe from this group, send email to freefixer-forum+unsubscribe@googlegroups.com.
FreeFixer v0.63 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2012-08-14 15:39
Transport service providers (3 whitelisted)
{D2526071-5B0C-4983-955A-E6F266B31E5C} - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
{D2526071-5B0C-4983-955A-E6F266B31E5D} - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
{14072000-1136-5503-4156-504F504C5350} - C:\Program Files\Avira\AntiVir Desktop\avsda.dllBrowser Helper Objects (3 whitelisted)
{02478D38-C3F9-4efb-9B51-7695ECA05670}, &Yahoo! Toolbar Helper, C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{6E13D095-45C3-4271-9475-F3B48227DD9F}, StartNow Toolbar Helper, C:\Program Files\StartNow Toolbar\Toolbar32.dll
{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, AppGraffiti, C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
{D4027C7F-154A-4066-A1AD-4243D8127440}, Avira SearchFree Toolbar plus Web Protection, C:\Program Files\Ask.com\GenericAskToolbar.dll
{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}, NetAssistant, C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}, SingleInstance Class, C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllInternet Explorer toolbars (1 whitelisted)
HKLM\..\Toolbar\{5911488E-9D1E-40ec-8CBB-06B231CC153F} - StartNow Toolbar - C:\Program Files\StartNow Toolbar\Toolbar32.dll
HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
HKLM\..\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll
HKCU\..\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} -Â - (no file specified)
HKCU\..\Toolbar\WebBrowser\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} -Â - (no file specified)Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.yahoo.com/?ilc=1
HKCU\..\Desktop\General, Wallpaper = C:\WINDOWS\web\wallpaper\Bliss.bmpRegistry Startups (6 whitelisted)
HKLM\..\Run, ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM\..\Run, NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
HKLM\..\Run, 24x7HELP = "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP
HKLM\..\Run, ApnUpdater = "C:\Program Files\Ask.com\Updater\Updater.exe"
HKLM\..\Run, avgnt = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKCU\..\Run, MyCleanPC Registry Cleaner = "C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe"
HKCU\..\Run, DW7 = "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKCU\..\Run, MusicManager = "C:\Documents and Settings\Royce Savory\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe"Processes (32 whitelisted)
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\24x7Help\App24x7Help.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Documents and Settings\Royce Savory\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\24x7Help\App24x7Hook.exe
C:\Program Files\24x7Help\App24x7Svc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CyberDefender\SchedulerService\SchedulerService.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\FreeFixer\freefixer.exeApplication modules (75 whitelisted)
C:\Program Files\24x7Help\App24x7Hook.dll
C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
C:\Program Files\Avira\AntiVir Desktop\avsda.dllServices (41 whitelisted)
24x7HelpSvc, 24x7HelpService, c:\program files\24x7help\app24x7svc.exe
AntiVirSchedulerService, Avira Scheduler, c:\program files\avira\antivir desktop\sched.exe
AntiVirService, Avira Realtime Protection, c:\program files\avira\antivir desktop\avguard.exe
AntiVirWebService, Avira Web Protection, c:\program files\avira\antivir desktop\avwebgrd.exe
CDScheduler, CyberDefender Scheduling Service, c:\program files\cyberdefender\schedulerservice\schedulerservice.exe
hpqwmiex, hpqwmiex, c:\program files\hewlett-packard\shared\hpqwmiex.exe
Updater Service for StartNow Toolbar, Updater Service for StartNow Toolbar, c:\program files\startnow toolbar\toolbarupdaterservice.exe
YahooAUService, Yahoo! Updater, c:\program files\yahoo!\softwareupdate\yahooauservice.exeSvchost.exe Modules (189 whitelisted)
C:\Program Files\Avira\AntiVir Desktop\avsda.dllExplorer.exe Modules (93 whitelisted)
C:\Program Files\24x7Help\App24x7Hook.dllDrivers (33 whitelisted)
avipbb, avipbb, C:\WINDOWS\system32\drivers\avipbb.sys
avkmgr, avkmgr, C:\WINDOWS\system32\drivers\avkmgr.sysCsrss.exe virtual memory files (32 whitelisted)
c:\program files\avira\antivir desktop\cfglib.dll
c:\program files\avira\antivir desktop\gpipc.dll
C:\Program Files\24x7Help\App24x7Hook.dll
C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
C:\Documents and Settings\Royce Savory\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
C:\Documents and Settings\Royce Savory\Local Settings\Application Data\Programs\Google\MusicManager\log4cxx.dll
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\program files\avira\antivir desktop\avwinll.dllThe following errors occurred during the scan:
Problems opening folder 'c:\Qoobox\BackEnv' to enumerate files. FindFirstFile failed. System error message: Access is denied. Error code: 5.End of FreeFixer log
Roger Karlsson
Aug 20, 2012, 2:41:02 AM8/20/12
to freefix...@googlegroups.com
Hello Strollindude,
I've looked through your FreeFixer log and I could not find any malware running on your system. I could not see any reference to the "giantsavings" dll that you mentioned either.
/Roger
I've looked through your FreeFixer log and I could not find any malware running on your system. I could not see any reference to the "giantsavings" dll that you mentioned either.
/Roger
On 2012-08-16 04:12, Royce Savory wrote:
On Tue, Aug 14, 2012 at 1:36 AM, Roger Karlsson <ma...@rogerkarlsson.com> wrote:
On 2012-08-10 23:21, STROLLINDUDE wrote:
Great product!!...exterminate it!!.....says i have the"giant savings"dll.....but was not found by freefixer....could this be a false positive??....need to get rid of this soon!!..lol.....thank you for any and all help!! --
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To view this discussion on the web visit https://groups.google.com/d/msg/freefixer-forum/-/WW0BFSG-uEwJ.
To post to this group, send email to freefix...@googlegroups.com.
To unsubscribe from this group, send email to freefixer-for...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/freefixer-forum?hl=en.
Hello,
Please copy/paste the FreeFixer log and I'll have a look at it.
/Roger
--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To post to this group, send email to freefix...@googlegroups.com.
To unsubscribe from this group, send email to freefixer-for...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "FreeFixer User Forum" group.
To post to this group, send email to freefix...@googlegroups.com.
To unsubscribe from this group, send email to freefixer-for...@googlegroups.com.
Lance McCabe
Aug 20, 2012, 12:34:09 PM8/20/12
to freefix...@googlegroups.com
FreeFixer v0.63 log
Operating system: Windows Vista Service Pack 2
Log dated 2012-08-16 10:52
AppInit_DLLs (1 whitelisted)
C:\Windows\system32\guard32.dll
Browser Helper Objects (1 whitelisted)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, Java(tm) Plug-In SSV Helper, C:\Program Files\Java\jre7\bin\ssv.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper, C:\Program
Files\Java\jre7\bin\jp2ssv.dll
Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.google.com/
HKLM\..\Main, Default_Page_URL = http://pc.toshiba.com.cn/
HKCU\..\Desktop\General, Wallpaper = C:\Users\Lance\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
Registry Startups (6 whitelisted)
HKLM\..\Run, TRCMan = C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
HKLM\..\Run, cfFncEnabler.exe = cfFncEnabler.exe (file is missing)
HKLM\..\Run, SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKCU\..\Run, TOSCDSPD = C:\Program
Files\TOSHIBA\TOSCDSPD\toscdspd.exe
Processes (67 whitelisted)
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\System32\PuranDefragS.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\FreeFixer\freefixer.exe
Services (64 whitelisted)
pinger, pinger, c:\toshiba\ivp\ism\pinger.exe
PuranDefrag, PuranDefrag,
c:\windows\system32\purandefrags.exe
Swupdtmr, Swupdtmr, c:\toshiba\ivp\swupdate\swupdtmr.exe
Drivers (50 whitelisted)
SBRE, , c:\windows\system32\drivers\sbredrv.sys (file is missing)
speedfan, speedfan, C:\Windows\system32\speedfan.sys
Csrss.exe virtual memory files (171 whitelisted)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
C:\Windows\system32\PuranDefragS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
C:\Users\Lance\Downloads\freefixersetup.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll
C:\Program Files\FreeFixer\freefixer.exe
C:\Users\Lance\AppData\Local\Temp\sfareca00001.dll
C:\Users\Lance\AppData\Local\Temp\sfamcc00001.dll
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\TRCMan\HardIO.dll
C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe
C:\Program Files\TOSHIBA\TOSCDSPD\cmdpst.dll
C:\Program
Files\TOSHIBA\ConfigFree\cfmain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
The following errors occurred during the scan:
An unexpected exception occurred in the Recently Modified Files Plugin:
Failed to duplicate handle using 'DuplicateHandle' while unlocking file. Unlocking file: 'c:\hiberfil.sys'. Handle: 0000054C. Process id: 3780. Process full path: C:\Program Files\Comodo\COMODO Internet Security\cfp.exe. System error message: Access is denied. Error code: 5.
End of FreeFixer log
From: Roger Karlsson <ma...@rogerkarlsson.com>
To: freefix...@googlegroups.com
Sent: Monday, August 20, 2012 2:41 AM
Subject: Re: remove "giant savings"dll
Roger Karlsson
Aug 21, 2012, 2:43:57 AM8/21/12
to freefix...@googlegroups.com
Hello Lance,
I've examined the FreeFixer log from your Toshiba machine and it looks clean. Does your computer show any signs of a malware infection?
/Roger
I've examined the FreeFixer log from your Toshiba machine and it looks clean. Does your computer show any signs of a malware infection?
/Roger
Lance McCabe
Aug 21, 2012, 1:18:12 PM8/21/12
to freefix...@googlegroups.com
ROGER,THANK YOU SOOO MUCH!!!.....I HAVE A TOSHIBA SATELLITE....4GB....320 HARD DRIVE.......ONE OF THE REASONS,I THINK IT MIGHT STILL HAVE MALWARE...IS CAUSE "EXTERMINATE IT"....HAS DETECTED MALWARE IN THE PAST...WHEN MOST OTHER AV,,,I HAVE USED DID NOT....ALSO,RECENTLY THE DUO CORES ON THIS LAPTOP...SEEM TO BE RUNNIN HOT....I USE "SPEEDFAN"...TO MONITOR THE TEMPS...ALSO..JUST BY USING YOUTUBE WITH NO OTHER PROGRAMS RUNNIN...THE CORE TEMPS SHOOT TO AROUND 80 CELCIUS...THIS PROCESSOR IS MAXED AT 85 CELCIUS...SO I TRY NOT TO GET TO CLOSE TO THAT..LOL...HERES THE EXTERMINATE IT!!!..LOG. Â ROGER...I SOOO APPRECIATE ANY AND ALL HELP!!!...HAVE A GREAT DAY BUDDY!!!
Exterminate It! Antimalware 2.12 Â Â Â Â
                                                   Â
Database: 8/21/2012 (7930167 signatures)
System Information:
Windows: 6.0.6002 (32-bit)
Internet Explorer: 9.0.8112.16448
Chrome: 21.0.1180.79
Scan Type: Smart Scan
Scan
Log:
12:52:59.100 Start Scan
12:59:48.040 Found 2o7.net Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: 2o7.net
12:59:48.084 Found ClassMates.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: classmates.com
12:59:48.089 Found Com.com Tracking
Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: com.com
12:59:48.111 Found eloqua.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: eloqua.com
12:59:48.118 Found estara.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: estara.com
12:59:48.154 Found 2o7.net Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: leeenterprises.112.2o7.net
12:59:48.210 Found quantserve.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: quantserve.com
12:59:48.222 Found revsci.net Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: revsci.net
12:59:48.249
Found Statcounter Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: statcounter.com
12:59:48.270 Found superpages.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: superpages.com
12:59:48.305 Found Top20.TravelZoo.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User
Data\Default\Cookies: travelzoo.com
12:59:48.318 Found trb.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: trb.com
12:59:48.333 Found turn.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: turn.com
12:59:48.351 Found untd.com Tracking Cookie
C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: untd.com
12:59:48.373 Found 2o7.net Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: usatoday1.112.2o7.net
12:59:48.391 Found washingtonpost.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: washingtonpost.com
12:59:48.412 Found whitepages.com
Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: whitepages.com
12:59:48.491 Found webtrends.com Tracking Cookie C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Cookies: m.webtrends.com
13:06:07.436 Found Giant Savings Adware C:\Program Files\Giant Savings
13:06:07.465 Found Giant Savings Adware C:\Program Files\Giant Savings\Giant SavingsInstaller.log
13:13:02.775 End Scan
Summary:
Scan Duration: 0:20:03.769
Threats Detected: 20
Sent: Tuesday, August 21, 2012 2:43 AM
Subject: Re: remove "giant savings"dll LOG STROLLINDUDE
Subject: Re: remove "giant savings"dll LOG STROLLINDUDE
Roger Karlsson
Aug 21, 2012, 4:23:33 PM8/21/12
to freefix...@googlegroups.com
Hello,
It seems like Exterminate it detects a folder called "C:\Program Files\Giant Savings" and an installer log called "Giant SavingsInstaller.log" located in the same folder. I think it should be enough to manually delete the "C:\Program Files\Giant Savings" folder to get rid of GiantSavings.
Did that solve the problem?
/Roger
It seems like Exterminate it detects a folder called "C:\Program Files\Giant Savings" and an installer log called "Giant SavingsInstaller.log" located in the same folder. I think it should be enough to manually delete the "C:\Program Files\Giant Savings" folder to get rid of GiantSavings.
Did that solve the problem?
/Roger
Lance McCabe
Aug 22, 2012, 1:47:25 PM8/22/12
to freefix...@googlegroups.com
HI ROGER!!...THIS IS THE LOG FROM...HIJACK THIS!!...CAN U PLEASE LOOK AT IT...AND SEE IF SOMETHIN DOESNT BELONG THERE?..LOL..THANK YOU SOOO MUCH ROGER!!!
To: freefix...@googlegroups.com Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:37:13 PM, on 8/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe
C:\Program
Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lance\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 -
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eu.computers.toshiba-europe.com/cgi-bin/ToshibaCSG/jsp/home.do?service=EU&from=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =Â
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows
Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe /hide
O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run:
[cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Secunia PSI Tray.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) Rapid Storage Technology
(IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: PuranDefrag - Puran Software - C:\Windows\system32\PuranDefragS.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc
Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
--
End of file - 5991 bytes
Subject: Re: remove "giant savings"dll LOG STROLLINDUDE
Lance McCabe
Aug 21, 2012, 5:05:22 PM8/21/12
to freefix...@googlegroups.com
ROGER..THANK YOU FOR THE REPLY.....I HAVE BEEN TRYIN TO DELETE THIS FOR 2 WEEKS....BUT I CANT FIND THE FOLDER..OR FILES....I HAVE TRIED ADVANCE SEARCH TOO......DO YOU HAVE ANY IDEAS..OR SUGGESTIONS ON KEY WORDS I CAN TRY TO USE?....THANK YOU AGAIN ROGER....I REALLY APPRECIATE...YOU TAKIN TIME TO HELP ME..
Sent: Tuesday, August 21, 2012 4:23 PM
Subject: Re: remove "giant savings"dll LOG STROLLINDUDE
Lance McCabe
Aug 21, 2012, 6:51:20 PM8/21/12
to freefix...@googlegroups.com
HI ROGER..I AM SCANNIN THE NET...SEARCHIN FOR WAYS TO REMOVE "GIANT SAVINGS".....I LEARNED THIS IS A VIRUS WITH THE "SEVERE" RATIN....THE MORE I LEARN THE SYMPTOMS IT INDUCES...I AM ALMOST POSITIVE "EXTERMINATE IT"...IS RIGHT AGAIN..LOL.....JUST WANT TO GET THIS OFF MY LAPTOP...AND GET ON WITH MY LIFE!!..LOL...AS YOU ALREADY KNOW...I APPRECIATE ALL HELP YOU CAN PROVIDE!!!..THANK YOU ROGER...HAVE A GREAT NIGHT!!!
Sent: Tuesday, August 21, 2012 4:23 PM
Subject: Re: remove "giant savings"dll LOG STROLLINDUDE
Roger Karlsson
Aug 26, 2012, 1:31:54 PM8/26/12
to freefix...@googlegroups.com
Hello,
Please configure your computer to show hidden files according to this guide:
http://windows.microsoft.com/en-US/windows-vista/Show-hidden-files
Here are instructions to delete the Giant Savings folder:
1. Press the Windows button + E. This will start Explorer where you can view files and folders.
2. In Explorer's left pane, expand: My Computer -> C: -> Program Files. Now you should see the "Giant Savings" folder in left pane.
3. Right-click on the "Giant Savings" folder and choose Delete in the context menu.
Please configure your computer to show hidden files according to this guide:
http://windows.microsoft.com/en-US/windows-vista/Show-hidden-files
Here are instructions to delete the Giant Savings folder:
1. Press the Windows button + E. This will start Explorer where you can view files and folders.
2. In Explorer's left pane, expand: My Computer -> C: -> Program Files. Now you should see the "Giant Savings" folder in left pane.
3. Right-click on the "Giant Savings" folder and choose Delete in the context menu.
Did that solve the problem?
/Roger
Lance McCabe
Aug 26, 2012, 5:55:18 PM8/26/12
to freefix...@googlegroups.com
ROGER...THANK YOU SOOOOO MUCH FOR ALL YOUR HELP!!!....THE LATEST DIRECTIONS WORKED LIKE A CHARM!!!....YOU HAVE NO IDEA...HOW MUCH I APPRECIATE IT!!!.....FUNNY HOW I USED MANY REPUTABLE AV PROGRAMS...AND "EXTERMINATE IT!!!...IS THE ONLY ONE THAT FOUND IT!!!.....THANKS AGAIN ROGER!!!....BE GOOD TO YOURSELF BUDDY!!!!
Sent: Sunday, August 26, 2012
1:31 PM
Roger Karlsson
Aug 29, 2012, 4:14:36 AM8/29/12
to freefix...@googlegroups.com
Hello Lance,
Happy to hear the problem was solved. Have a nice day!
/Roger
Happy to hear the problem was solved. Have a nice day!
/Roger
Lance McCabe
Aug 29, 2012, 2:58:07 PM8/29/12
to freefix...@googlegroups.com
YES IT IS!!!!.....AND THANK YOU AGAIN ROGER!!!!
Sent: Wednesday, August 29, 2012 4:14 AM
Reply all
Reply to author
Forward
Message has been deleted
0 new messages