Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

gzegzefezfddqsf.exe problem


  • Please log in to reply

#1
hanen87

hanen87

    New Member

  • Member
  • Pip
  • 3 posts
Hi,

I'm having the above said problem for quite a while. I googled the filename and found this thread --> http://www.geekstogo...xe-t238656.html

But then ComboFix doesn't fix it either. I hope someone can help me out, it's really annoying when the CPU usage burst up to ~50%

Here's my ComboFix log...

ComboFix 09-05-31.06 - 090308 06/01/2009 23:57.1 - NTFSx86
Running from: c:\documents and settings\090308\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\desktop.ini
F:\copy.exe
F:\host.exe
H:\copy.exe
H:\host.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 11:54 . 2009-06-01 11:54 -------- d-----w- C:\feqszfzegze
2009-05-31 14:22 . 2009-05-31 14:22 390664 ----a-w- c:\documents and settings\090308\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-16 14:33 . 2009-05-16 14:33 95744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-05-13 02:12 . 2007-12-26 09:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-05-13 02:12 . 2007-12-26 09:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 15:36 . 2008-03-09 11:21 -------- d-----w- c:\documents and settings\090308\Application Data\uTorrent
2009-06-01 14:21 . 2009-02-16 10:21 -------- d-----w- c:\program files\GetValid
2009-06-01 10:20 . 2008-03-08 18:00 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-05-18 03:04 . 2008-03-08 17:42 52080 ----a-w- c:\documents and settings\090308\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 14:33 . 2008-12-13 16:46 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-05-02 00:51 . 2009-02-08 09:53 -------- d-----w- c:\program files\SpeedFan
2009-04-06 23:45 . 2008-12-14 00:18 83456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\SDCondition.dll
2009-03-12 13:18 . 2009-03-12 13:18 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2008-03-26 15:29 . 2008-03-26 15:25 24 -csh--w- c:\windows\S1222DD61.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-11 2489280]
"fgzegzergrehcwxcwxc"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-06-01 462848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-09-20 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="d:\program files\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 185896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"feqszfzerghrezherthgfsdfsdcf"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-06-01 462848]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
OpenVPN GUI.lnk - c:\program files\OpenVPN\bin\openvpn-gui-1.0.3.exe [2008-10-8 104696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\bitcomet\\BitComet.exe"=
"e:\\emule stullemule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1721:TCP"= 1721:TCP:BitComet 1721 TCP
"1721:UDP"= 1721:UDP:BitComet 1721 UDP
"51562:TCP"= 51562:TCP:BitComet 51562 TCP
"51562:UDP"= 51562:UDP:BitComet 51562 UDP
"56327:UDP"= 56327:UDP:eMule

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/24/2008 8:53 PM 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/24/2008 8:51 PM 468224]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [3/9/2008 2:00 AM 24944]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5Pro\MARKFUN.W32 [3/9/2008 1:58 AM 17912]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [1/30/2008 8:41 AM 25216]
R4 atidgllk;atidgllk;c:\program files\Gigabyte\ET5Pro\atidgllk.sys [3/9/2008 1:58 AM 12048]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 8:00 PM 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MARKFUN_NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05470JDW-08D3-P07W-R6FR-D3JX24Q27U83}]
c:\feqszfzegze\gzegzefezfddqsf.exe Restart
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &U使用纳米机器人下载并收藏 - c:\program files\NamiRobot\Data\du.html
IE: &U???????????? - c:\program files\NamiRobot\Data\du.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\090308\Application Data\Mozilla\Firefox\Profiles\e26pwuqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: d:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 23:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-01 0:00
ComboFix-quarantined-files.txt 2009-06-01 16:00

Pre-Run: 433,393,664 bytes free
Post-Run: 510,754,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

140

Edited by hanen87, 01 June 2009 - 10:26 AM.

  • 0

Advertisements


#2
hanen87

hanen87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Bump! Anyone?
  • 0

#3
hanen87

hanen87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Bump again...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP