ANYONE Plz help me PDFUPD.EXE & siszyd32.exe

I was looking for help and searching thru Google to find out what this problem with my computer was.
Same as a few others on here siszyd32.exe and PDFUPD.EXE (in quarantine folder)
I have tried numerous things to fix this, seems I get a fix and it comes back. I have seen how you have helped others on here and I am hoping you will be able to help me as well.
My monitor has been killed, it claims my CD system is a virus lol I’m losing everything and its telling me to well um basically delete my whole system lol
I’m dying here and I dunno what to do.
Ive downloaded that OTS you posted for someone to run and stuff. I am running it now and I will post the results as soon as it is finished.
I hope you can help me.
Thank you for your time and patience ANYONE who can help with this.

Sincerely,
Jodi

This is the hijackthis.log file

It will not let me upload the OTS.txt file, says that the file is too large to attach :frowning:
Its 1.98 MB

here is the freefixer log report as well

OK I split the OTS into 2 files in the hopes that I can post it for u

Looks like you are using AVG:
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

This is the avast! forum so you should ask in the AVG forum.

You are running a down level version of Adobe Acrobat 7.0 that has several security exposures and Adobe Acrobat 9.1 is available.

O4 - HKUS\S-1-5-18..\Run: [Monopod] C:\WINDOWS\TEMP\a.exe (User ‘SYSTEM’) <== is malware

I dont know what I have on here lol
I do know avg is one I have. I have been trying everything for while now. I searched the siszyd32.exe on Google and this site came up.
I seen others were getting help and I was hoping to receive help myself.
If I can not be helped on this forum because avast is not on my pc at the moment… I don’t know what else to do…

Here is the otl txt and i will post the extras txt

this is the Extras.txt

http://www.prevx.com/filenames/1104395637561829493-X1/PDFUPD.EXE.html info on this backdoor, and here is possible help for removal of Siszyd32.exe http://www.virusremovalguru.com/?p=4914 Please read the manual instructions there the link for removal tool is an advertisement.

Thank you for your help, The one downloaded but will not open
the other downloaded, installed and scanned my pc, to tell me, HEY you suck buddy, pay for me and I will fix u…lol ( in not so many words)
Plz can anyone just help me clean this?
I didn’t know asking for help required me to have avast
My cd drive is messed, my monitor killed. I don’t know what else to do

sorry i did tell you the manual instructions only

Again, Ty for your help.
Since I have read many threads asking for help on this same problem from many of your forum users, I thought that I would receive the same kind of help.
But I am assuming because I am not using Avast at this present moment, I will not receive the same help from all of you.
I asked because you all replied very courteously and helped thoroughly to forum members, So I joined as well hoping for this same kind of help. I wasn’t expecting to get turned away or given some half help links to use. I posted all Txt - log files the same as others did.
Thank you for at least letting me know, I wouldn’t be getting the same help. Feel free to remove my account from this forum, since giving me a little bit of the same help other members received is not going to happen.

Take care
and Merry christmas

If you download cracks you will experience these types of problems :wink:

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Processes - Safe List]
YY -> av_md.exe -> C:\WINDOWS\system32\av_md.exe
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jodi\Application Data\Mozilla\FireFox\Profiles\k7303z96.default\prefs.js
YN -> browser.startup.homepage -> "http://www.the-crack-online.com/on-line/index.php?act=idx"
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "av_md" -> C:\WINDOWS\system32\av_md.exe [C:\WINDOWS\system32\av_md.exe]
YN -> "Regedit32" -> C:\WINDOWS\System32\regedit.exe [C:\WINDOWS\system32\regedit.exe]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "iLike" -> C:\Program Files\iLike\1.2.14\ilikesidebar.exe [C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate]
YN -> "Monopod" -> C:\WINDOWS\TEMP\a.exe [C:\WINDOWS\TEMP\a.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "iLike" -> C:\Program Files\iLike\1.2.14\ilikesidebar.exe [C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate]
YN -> "Monopod" -> C:\WINDOWS\TEMP\a.exe [C:\WINDOWS\TEMP\a.exe]
< Run [HKEY_USERS\S-1-5-21-1844237615-2049760794-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "av_md" -> C:\Documents and Settings\Jodi\av_md.exe [C:\Documents and Settings\Jodi\av_md.exe]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "{784d8aba-a06b-46ad-b66c-4dfab15328f4}" [HKLM] -> Reg Error: Key error. [tokatiluy]
[Files/Folders - Created Within 30 Days]
NY ->  7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  av_md.exe -> C:\WINDOWS\System32\av_md.exe
NY ->  fvgqad.dat -> C:\Documents and Settings\Jodi\Application Data\fvgqad.dat
NY ->  avdrn.dat -> C:\Documents and Settings\Jodi\Application Data\avdrn.dat
NY ->  9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
[Files - No Company Name]
NY ->  oashdihasidhasuidhiasdhiashdiuasdhasd -> C:\Documents and Settings\Jodi\oashdihasidhasuidhiasdhiashdiuasdhasd
NY ->  av_md.exe -> C:\WINDOWS\System32\av_md.exe
NY ->  fvgqad.dat -> C:\Documents and Settings\Jodi\Application Data\fvgqad.dat
NY ->  avdrn.dat -> C:\Documents and Settings\Jodi\Application Data\avdrn.dat
NY ->  ljghfeecyv.dll -> C:\WINDOWS\System32\ljghfeecyv.dll
NY ->  vttqrommjh.dll -> C:\WINDOWS\System32\vttqrommjh.dll
NY ->  xxxyaabxyw.dll -> C:\WINDOWS\System32\xxxyaabxyw.dll
NY ->  rqppmmnklj.dll -> C:\WINDOWS\System32\rqppmmnklj.dll
NY ->  vtutstrrro.dll -> C:\WINDOWS\System32\vtutstrrro.dll
NY ->  vttqnonomk.dll -> C:\WINDOWS\System32\vttqnonomk.dll
NY ->  gebbyvwwus.dll -> C:\WINDOWS\System32\gebbyvwwus.dll
NY ->  dddaxxuuro.dll -> C:\WINDOWS\System32\dddaxxuuro.dll
NY ->  xxywussqqo.dll -> C:\WINDOWS\System32\xxywussqqo.dll
NY ->  gedccywxyw.dll -> C:\WINDOWS\System32\gedccywxyw.dll
NY ->  nnonolihig.dll -> C:\WINDOWS\System32\nnonolihig.dll
NY ->  qopmlklijh.dll -> C:\WINDOWS\System32\qopmlklijh.dll
NY ->  rqoommkheb.dll -> C:\WINDOWS\System32\rqoommkheb.dll
NY ->  hjgruiiivjibbx.dll -> C:\WINDOWS\System32\hjgruiiivjibbx.dll
NY ->  fgexec.dll -> C:\WINDOWS\fgexec.dll
[File - Lop Check]
NY ->  19975934 -> C:\Documents and Settings\All Users\Application Data\19975934
NY ->  {55A29068-F2CE-456C-9148-C869879E2357} -> C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

ON COMPLETION

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[
]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I ran the fix that you posted for me to put into the fix and I rebooted after. I still was unable to fully boot up with out going into safemode with networking. I do not have another pc to work off from. The log is attached here for u to see
I have maleware thing you posted on here on my pc already and ran it first off, soon as I seen it had been said to be ran. It came back clean… I had ran a indepth scan on it, took over 4 hours.
I don’t know what else to do…
Thank you for your help. I sincerely appreciate it.

Jodi

Here is the mbam-log-2009
As requested, copied and pasted into this post:

Malwarebytes’ Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/21/2009 5:17:08 PM
mbam-log-2009-12-21 (17-17-08).txt

Scan type: Quick Scan
Objects scanned: 134875
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Chas\Start Menu\Programs\Total Security (Rogue.TotalSecurity) → Quarantined and deleted successfully.
C:\WINDOWS\system32\156829 (Trojan.BHO) → Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) → Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Chas\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) → Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) → Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) → Quarantined and deleted successfully.
C:\Documents and Settings\Chad\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) → Quarantined and deleted successfully.
C:\Documents and Settings\Chas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) → Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) → Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) → Quarantined and deleted successfully.

OK time for the big nasty then

  1. Please download The Avenger2 by Swandog46 to your Desktop.
    [*]Right click on the Avenger.zip folder and select “Extract All…”
    [*] Follow the prompts and extract the avenger folder to your desktop
  2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:

Files to delete:
c:\windows\system32\av_md.exe
C:\WINDOWS\TEMP\a.exe
C:\Documents and Settings\Jodi\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Documents and Settings\Jodi\Application Data\fvgqad.dat
C:\Documents and Settings\Jodi\Application Data\avdrn.dat
C:\WINDOWS\System32\ljghfeecyv.dll
C:\WINDOWS\System32\vttqrommjh.dll
C:\WINDOWS\System32\xxxyaabxyw.dll
C:\WINDOWS\System32\rqppmmnklj.dll
C:\WINDOWS\System32\vtutstrrro.dll
C:\WINDOWS\System32\vttqnonomk.dll
C:\WINDOWS\System32\gebbyvwwus.dll
C:\WINDOWS\System32\dddaxxuuro.dll
C:\WINDOWS\System32\xxywussqqo.dll
C:\WINDOWS\System32\gedccywxyw.dll
C:\WINDOWS\System32\nnonolihig.dll
C:\WINDOWS\System32\qopmlklijh.dll
C:\WINDOWS\System32\rqoommkheb.dll
C:\WINDOWS\System32\hjgruiiivjibbx.dll

Folders to delete:
C:\Documents and Settings\All Users\Application Data\19975934
C:\Documents and Settings\Jodi\oashdihasidhasuidhiasdhiashdiuasdhasd


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  1. Now, open the avenger folder and start The Avenger program by clicking on its icon.

[*] Right click on the window under Input script here:, and select Paste.
[*] You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
[*] Click on Execute
[*] Answer “Yes” twice when prompted.

  1. The Avenger will automatically do the following:
    [*]It will Restart your computer. ( In cases where the code to execute contains “Drivers to Delete” or “Drivers to Disable”, The Avenger will actually restart your system twice.)
    [*]After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    [*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  2. Please copy/paste the content of c:\avenger.txt into your reply [b].

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Ok well somewhere in the mess of all that… I lost some of the logs to post to you here.
Most the time I couldn’t restart my PC right away, it took me about 7 tries before it would finally load once again in safe mode. which it wouldn’t originally do for the avenger thing or maybe it was the combo… I’m not sure anymore.
All I do know is I can reboot my PC now lol normally, although it asks me which operating system I want to use and I know one is Xp pro home, but i can’t read the other one fast enough.
I have a couple of logs to upload here for u to view…
sry hun I don’t know which is which anymore, I have been at this since 10 am this morning an its now 11:26pm here
I can not find the avenger log anywhere nor could I find the combo one, where it said it should be lol
I know… trust me you don’t have to tell me… I wish I knew what I was doing, but the last time after the reboot, it wouldn’t let me even open up a page. So this is the best I got, I don’t know what else you need me to post, but so far, you have helped me amazingly. Thank you so much

Hi essexboy

Is there a document or write up on what commands can be given to OTS? I am curious as to what the commands YY, YN, NY does.

Basically I am trying to understand the tool and how to use it.

Thanks

Reference the operating system question - that was added when the recovery console was installed

To stop the display
Right click My Computer
select Properties
select the Advanced tab
Under Startup and Recovery
select Settings
Set the time to display Operating systems to Zero
Reboot and it will be no more

Could you post the combofix log - it should be at C:\combofix

@ mrrtm to read all the data in OTS you will need a parsing tool

This is the only thing I could find under the combofix.
Thank you so much for your help. You have no idea how much I appreciate your help.

I hope you have a great christmas and holidays.
Thank you again for all the help you have giving me with this problem.

Jodi