Hundreds of Infected trz*.tmp files come up in system scan

I recently got avast because I have been having some issues with my computer, so I did a full system scan and hundreds of trz*.tmp (insert random numbers and letters at the star) came up as infected. I didn’t send them to the chest or do anything about them because they were located in a system files folder that seemed important and I wanted to make sure it wasnt just a false alarm and do something that would cause more problems. So I googled the issue to see if anyone else was having it and I saw a similar thread on this forum with the same issue with the trz*.tmp files. In the thread the guy who seemed to solved the problem told the guy with the problem to download a program, do a scan with it and post his results. He said that solutions were specific to the situation so I thought I’d better not do what he said in that thread as my issue may not be the exact same. But I did do the scan and I have the results. I was just wondering if anyone could direct me through this issue based on my personal results.
I wont post my results until I get a reply.

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

Okay, here is the log.

And the other one if its required

Hi Altaire12

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Thanks. Here is the log

Step1

Open notepad and copy/paste the text present inside the code box below:



DirLook::
c:\programdata\Windows0

FileLook::
c:\windows\SysWow64\FlashPlayerInstaller.exe

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

RegNull::
[HKEY_USERS\S-1-5-21-99025561-3686630580-3834059694-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BE4664E-BD90-5E5C-3562-FA893F5396AE}*]
"haalhmgkeomhmndo"=hex:6b,61,68,67,6b,67,62,65,63,62,6c,65,6a,67,67,63,6e,67,
65,6d,6f,62,00,00
"iakmnajpeeejlbacjg"=hex:6b,61,68,67,6b,67,62,65,63,62,6c,65,6a,67,67,63,6e,67,
65,6d,6f,62,00,00

RegLockDell::
[HKEY_USERS\S-1-5-21-99025561-3686630580-3834059694-1000_Classes\CLSID\{DA96FDE6-2CED-B445-96A2-47D08FB5E217}]
@Denied: (A 4) (Everyone) 


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

.

Step2

Download TDSSKiller and save it to your desktop

Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.

[*] Press Start Scan

[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]

Please post the contents of that log in your next reply.

Here is the combo fix log, about to do step 2

The TDSSKiller log

Open notepad and copy/paste the text present inside the code box below:



Folder::
c:\programdata\Windows0

File::
c:\windows\SysWow64\phatk121016Turksv2w128l4.bin
c:\windows\SysWow64\phatk121016BeaverCreekv2w128l4.bin

ClearJavaCache:: 


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )


What is the situation, you have a problem now?

Okay, thanks. Here is the log.

I’ve restarted and my system seems to be running as it was before. Thanks ^~^

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.


Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Regards.