Please Help!

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Monday 10.3.2025 / 16:31

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help!

Browse by topic

Forums

Start a new thread

Please Help!

Jump to:

Posted

Message

chichay

Suspended due to non-functional email address

27. September 2007 @ 05:00

Link to this message

Please Help! The gzmrotate.dll is still in my computer.....I cannot delete it.

[Y] Logfile of Trend Micro HijackThis v2.0.2 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should be the newest version.
[Y] Boot mode: Normal - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\Ati2evxx.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\Ati2evxx.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - Symantec Update related
[Y] C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - Symantec AppCore Service
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our visitors as good.
[Y] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - This entry was classified from our visitors as good.
[X] C:\WINDOWS\ALCXMNTR.EXE - This is a nasty process! You should fix it and try to delete it manually! Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers.
[Y] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - Cyber Link PowerDVD
[Y] C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE - ATI Control Center
[Y] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE - Fuzzy Algorithmcheck (4.33 / 5.00), Safe
[Y] C:\WINDOWS\CameraFixer.exe - Camera Driver related
[Y] C:\WINDOWS\tsnpstd3.exe - Webcam related
[Y] C:\WINDOWS\vsnpstd3.exe - This is a unknown process. This entry was classified from our visitors as good.
[AVSCAN] C:\Program Files\Common Files\Symantec Shared\ccApp.exe - This entry was classified from our visitors as good.
[?] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe - This is a unknown process.
[Y] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - Java Runtime
[Y] C:\WINDOWS\system32\rundll32.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\QuickTime\qttask.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe - Bluetooth Dongle Driver
[Y] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - Symantec Update related
[Y] C:\Program Files\CyberLink\Shared Files\RichVideo.exe - Cyberlink
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - Ulead VideoStudio 8
[Y] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - Nero Burning Monitor
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from our visitors as good.
[Y] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE - Fuzzy Algorithmcheck (4.19 / 5.00), Safe
[Y] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from our visitors as good.
[Y] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - ATI Control Center
[Y] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe - ATI Control Center
[Y] C:\Program Files\Mozilla Firefox\firefox.exe - This entry was classified from our visitors as good.
[Y] C:\WINDOWS\system32\wuauclt.exe - Windows Update AutoUpdate Client
[Y] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe - Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
[Y] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html - This page has been identified as safe.
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com - This page has been identified as safe.
[Y] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com - This page has been identified as safe.
[Y] R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll - This entry has been identified as safe.
[Y] O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll - Ycomp*_*_*_*.dll - Yahoo Companion!, Yahoo Companion!
[Y] O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll - SBC Yahoo! Browser related
[Y] O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - SUN Java
[Y] O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - EPSON Web-To-Page.dll EPSON Web-To-Page software
[Y] O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - Epson Web-To-Page Toolbar
[Y] O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll - Ycomp*_*_*_*.dll - Yahoo Companion!, http://companion.yahoo.com/
[X] O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE - Must be fixed! Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
[Y] O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" - Remote Control background application for CyberLink\'s PowerDVD version 5 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don\'t have a remote control, or don\'t wish to use one
[Y] O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
[Y] O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" - Unknown application.
[Y] O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe - Fuzzy Algorithmcheck (3.83 / 5.00), Safe
[Y] O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe - Webcam Driver
[Y] O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" - Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this
[Y] O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" - Related to Norton Antivirus from Symantec Corp
[Y] O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" - Fuzzy Algorithmcheck (4.22 / 5.00), Safe
[?] O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" - Unknown application.
[Y] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" - Java von Sun
[X] O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify - Fuzzy Algorithmcheck (2.68 / 5.00), Nasty
[Y] O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime - Not dangerous, but unnecessary. QuickTime
[Y] O4 - HKLM\..\Run: [UVS10 Preload] I:\PROGRAMS\uvPL.exe - Ulead VideoStudio 10
[Y] O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" - This entry was classified from our visitors as good.
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from our visitors as good.
[Y] O4 - HKCU\..\Run: [E07AXLRD_100171] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m - Fuzzy Algorithmcheck (4.02 / 5.00), Safe
[Y] O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet - Part of Yahoo Instant Messenger
[?] O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe - Unknown application.
[Y] O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S - Registry Booster
[Y] O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - This entry was classified from our visitors as good.
[Y] O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - Adjusts monitor colours across all programs
[Y] O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe - LimeWire Startup
[Y] O4 - Global Startup: BlueSoleil.lnk = ? - The entry is unnecessary and can be fixed. Programm for a BlueTooth stick
[Y] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 - The entry E&xport to Microsoft Excel has been identified as safe.
[Y] O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll - The entry Yahoo! Services has been identified as safe.
[Y] O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL - The entry Research has been identified as safe.
[Y] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry Messenger has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry Windows Messenger has been identified as safe.
[Y] O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll - This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
[Y] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll - Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
[Y] O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - This entry was classified from our visitors as good.
[Y] O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe - This service (Adobelmsvc.exe) was identified as a good one.
[Y] O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe - This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
[Y] O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe - This service (ati2sgag.exe) was identified as a good one. This entry was classified from our visitors as good.
[Y] O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - This service (ALUSchedulerSvc.exe) was identified as a good one. This entry was classified from our visitors as good.
[Y] O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -
[Y] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - This service (ccSvcHst.exe) was identified as a good one.
[Y] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - This service (ccSvcHst.exe) was identified as a good one.
[Y] O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - This service (ccSvcHst.exe) was identified as a good one.
[Y] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - This service (IDriverT.exe) was identified as a good one. This entry was classified from our visitors as good.
[Y] O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe - This service (isPwdSvc.exe) was identified as a good one.
[Y] O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE - This service (LUCOMS~1.EXE) was identified as a good one.
[Y] O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - This service (ccSvcHst.exe) was identified as a good one.
[Y] O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe - Fuzzy Algorithmcheck (4.23 / 5.00), Safe
[Y] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe - This service (RichVideo.exe) was identified as a good one.
[Y] O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe - This service (symlcsvc.exe) was identified as a good one.
[Y] O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - This service (AppSvc32.exe) was identified as a good one.
[Y] O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - This service (ULCDRSvr.exe) was identified as a good one.

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help!


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.