Need Help to Remove TRZ TMP

[emannpmmc]

Hello guys..
As i read here: http://forum.avast.com/index.php?topic=127169.0
the solution is only for spesific user and not a general solution,
so, i attached the files as required.

please help..

thanks

[Pondus]

attach Malwarebytes / OTL / aswMBR logs.    http://forum.avast.com/index.php?topic=53253.0

[magna86]

I'm on it ...
Reporting as soon as examine the logs

[magna86]

@ emannpmmc
Follow this instructions ...




Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

AutoClean;

• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

===== Next =====


Re-run DDS tool and post me fresh DDS.txt and Attach.txt logreprot created by DDS.

[emannpmmc]

wow..
i was thinking which one to follow..
i choose one only..

will proceed..

[Pondus]

follow magna ... if he need the logs in my post he will tell you.   

[magna86]

The difference between DDS and OTL is a big and yet again so similar ... 


For instance, DDS and OTL are generic tools and bouth shows the same loading point but both of them does with a difference.

While in case of some hardcore malware, DDS shall in most cases just show some information (known to helper) that will tell us that something (and what) big & maliciously is running on masine. OTL unlike DDS has a fix possibility and as such needs to display more detailed information. OTL shall show more malware details than DDS, and if it has enough power OTL can kill malware.

Briefly, DDS is initial tool that can tell us in short lines what is running on mashine and helps us to decide witch next tools to use for malware removal.
OTL is tool that doesn not need additional tool for fix and therefore it shall try to show all what DDS usual sees but in details.


 

[emannpmmc]

attached

[magna86]

Re-run zoek as you did before but this time use this script:

Code: [Select]

emptyclsid;
emptyfolderscheck;delete
{02478D38-C3F9-4efb-9B51-7695ECA05670};c
{483830EE-A4CD-4b71-B0A3-3D82E62A6909};c
ffdefaults;
addon@defaulttab.com.xpi;ff
c:\users\admin\appdata\roaming\mozilla\firefox\profiles\ul2fz042.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1};f
c:\users\admin\appdata\roaming\idm\idmmzcc5;f
c:\windows\system32\apl003.sys;f
c:\windows\system32\apf003.sys;f
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions];r
"mozilla_cc@internetdownloadmanager.com"=-;r
chrdefaults;
kiplfnciaokpcennlkldkdaeaaomamof;chr
C:\Users\Admin\AppData\Local\Torch;fs
emptyalltemp;
Whait while zoek finish his work (it shall ask you to reboot computer, allow that) and post me fresh zoek logs.


===== Next =====







Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
  
• Click [ Scan ] button and wait until the full scan is complete;
  
• Click [ Save ... ]- save the report to the Desktop (named ARK );
  
  
• Then click the >>> button and select Autostart card;
  
• Click [ Scan ] button;
  
• After quick scan, click Copy button;
  
• Open notepad and Paste text. Save report to the Desktop (named autostart )

> Attach here both Gmer logreports. (ARK.txt and autostart.txt)

[emannpmmc]

sorry guys,
my power blackout, took me a while to get to electrician.
i just finish zoek, while waiting for gmer scaning.

[emannpmmc]

here is ARK.txt and autostart.txt
my pc getting worse with these uninvited files..

[magna86]

my pc getting worse with these uninvited files..

It does? It should be running much better after the latest zoek script.



Re-run zoek as you did before but use this script:

Code: [Select]

firefox@mega.co.nz.xpi;ff
autoclean;
Post me fresh created zoek log.





Now we shall use the big hammer as additional checks:
1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

• Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

[emannpmmc]

i dont know but hdd warning about data almost full always popup..
i'll do the next step...

[magna86]

i dont know but hdd warning about data almost full always popup..

The message/pupup itself tells you what the problem is ...




==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 498 GiB total, 306.975 GiB free.
D: is FIXED (NTFS) - 508 GiB total, 202.502 GiB free.
E: is FIXED (NTFS) - 1008 GiB total, 0.902 GiB free.
F: is FIXED (NTFS) - 1365 GiB total, 1002.927 GiB free.
H: is FIXED (NTFS) - 347 GiB total, 0.019 GiB free.
J: is CDROM ()

[emannpmmc]

there  is it.
actually, my hdd partition are free space about half of the entire space each.
but now it decrease time to time..
thats why i need help..