sqzsrzt.exe virus

[devildoc5]

I have rerun otl after force closing it, an msdos box popped up briefly and then disappeared. System is rebooting now...

Will post log file in a few.

[devildoc5]

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-3730667805-292392079-3916173666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0217ADBC-8706-4463-ADB9-4A762375B2C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0217ADBC-8706-4463-ADB9-4A762375B2C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
An error occurred while releasing interface Local Area Connection : An address has not yet been associated with the network endpoint.
C:\Users\BattleFieldWarrior\Downloads\cmd.bat deleted successfully.
C:\Users\BattleFieldWarrior\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::559e:c0e5:229c:3a50%10
IPv4 Address. . . . . . . . . . . : 192.168.1.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter isatap.{812A4034-F2EA-4E7B-9E00-717818E25474}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:860:2a2c:bbf7:5903
Link-local IPv6 Address . . . . . : fe80::860:2a2c:bbf7:5903%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{0449AF3D-82A9-474A-BD65-4264B85CA012}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\BattleFieldWarrior\Downloads\cmd.bat deleted successfully.
C:\Users\BattleFieldWarrior\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\BattleFieldWarrior\Downloads\cmd.bat deleted successfully.
C:\Users\BattleFieldWarrior\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: BattleFieldWarrior
->Temp folder emptied: 155814 bytes
->Temporary Internet Files folder emptied: 6148441 bytes
->Java cache emptied: 51073666 bytes
->FireFox cache emptied: 46817233 bytes
->Google Chrome cache emptied: 15056097 bytes
->Flash cache emptied: 206766 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ubuntu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 376754191 bytes
->Flash cache emptied: 67465 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09052011_175758

Files\Folders moved on Reboot...
C:\Users\BattleFieldWarrior\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[ken545]

Great, how is your system behaving now ?

[devildoc5]

system appears to be doing ok.

I have noticed that program launch times as well as boot times are still rather lengthy.

Also GPU is running pretty hot, not sure if this is related or just ancillary to the other problems....

[ken545]

Lets run another scan and make sure nothing is still lurking

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[devildoc5]

When I click the link you provided for ESET a yellow bar appears at the VERY top of the webpage stating "there are 0 coupons available for eset"...

Running scan right now.

[devildoc5]

Results of ESET:

C:\Qoobox\Quarantine\C\Users\BattleFieldWarrior\AppData\Roaming\service1006.exe.vir a variant of Win32/Injector.HXK trojan
C:\Qoobox\Quarantine\C\Users\BattleFieldWarrior\AppData\Roaming\service669.exe.vir a variant of Win32/Injector.HXK trojan
C:\Qoobox\Quarantine\C\Users\BattleFieldWarrior\AppData\Roaming\service779.exe.vir a variant of Win32/Injector.HXK trojan
C:\Qoobox\Quarantine\C\Users\BattleFieldWarrior\AppData\Roaming\Mozilla\Firefox\Profiles\5imii3zh.default\extensions\{f497ee71-678f-487e-b0e8-688e9cee398f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\BattleFieldWarrior\AppData\Roaming\Mozilla\Firefox\Profiles\5imii3zh.default\extensions\{f497ee71-678f-487e-b0e8-688e9cee398f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Users\ubuntu\AppData\Roaming\Mozilla\Firefox\Profiles\bmo7bkyi.default\extensions\{f497ee71-678f-487e-b0e8-688e9cee398f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\ubuntu\AppData\Roaming\Mozilla\Firefox\Profiles\bmo7bkyi.default\extensions\{f497ee71-678f-487e-b0e8-688e9cee398f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan

[ken545]

Your good, all ESET found where entries in Qoobox which are backups or what Combofix removed. When we run Cleanup and remove Combofix, Qoobox will be removed as well

http://forums.whatthetech.com/index.php?showforum=119
Why dont you post here for help with slow startups, link them to this thread so they can see what we have done and lets see if they can offer any suggestions

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

• How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• WhattheTech
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

[devildoc5]

Awesome Ken, Thanks for all the help.

[ken545]

Your very welcome,

Take Care