Siszyd32.exe help

system · January 16, 2010, 11:16am

Here is the same log I posted on “main” topic and I hope I will get some help. Thanks

Original post:

Re: siszyd32.exe
« Reply #59 on: Today at 10:18:27 AM »
Reply with quoteQuote Modify messageModify
Hi essexboy.

Just like many others I have this annoying siszyd32 problem. I did the Malwarebytes’ Anti-Malware scan since I heard it now is able to fix this proble. But since I’m not sure it actually is able to help me deal with this issue I also did OTS scan and I’m posting the scan log here as well as on the separate thread and I beg for your help.

Separate thread is here:
http://forum.avast.com/index.php?topic=53483.0

Thanks!

Pondus · January 16, 2010, 2:54pm

can you post the Malwarebytes scan log?

system · January 16, 2010, 3:00pm

Sure! Here’s the one after the scan.

Thanks

system · January 16, 2010, 3:03pm

And another one after I did what was recomended action - deletion

system · January 16, 2010, 3:03pm

Oops! Log too

Pondus · January 16, 2010, 3:08pm

can you do a quick scan now to see if it is clean, and post the log? i will send a PM to Essexboy and he will look at your OTS log

system · January 16, 2010, 3:13pm

Sure! Just a minute. Scanning it now

system · January 16, 2010, 3:17pm

And here’s the quick scan log.

Thanks so much in advance

system · January 16, 2010, 3:43pm

Hi there, just been looking at your OTS log, this tool is new to me. Can you see any of these *.tmp files

C:\WINDOWS\System32*.tmp

C:\WINDOWS\Temp*.tmp

C:\Documents and Settings\xp pro\Local Settings\Temp*.tmp files

C:\WINDOWS*.tmp

system · January 16, 2010, 4:01pm

I have these:

in WINDOWS\ I have:
set3.tmp
set4.tmp
set8.tmp

in WINDOWS\temp\ I have:
~TM3A.tmp
~TMD.tmp
~TME.tmp
~TMF.tmp
37cc7d894ad7ab763b46897e.tmp

in WINDOWS\System32\ there are these:
tmp81.tmp
tmp82.tmp
CONFIG.TMP

and in C:\Documents and Settings\xp pro\Local Settings\Temp\ there are 291 with *.tmp extension

system · January 16, 2010, 4:19pm

Its just the ones with *.tmp extension. They look like malware. Anyway,if Pondus has PM’d Essexboy, he will get to you.Please be patient, he is in high demand

system · January 16, 2010, 4:26pm

Sure! Thanks for all your help guys. You are great!

Thanks a lot really

essexboy · January 16, 2010, 6:50pm

Not to bad by the looks of it, again MBAM killed the majority

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2052111302-220523388-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-220523388-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\WINDOWS\Temp\~TM3A.tmp" -> C:\WINDOWS\Temp\~TM3A.tmp [C:\WINDOWS\Temp\~TM3A.tmp:*:Enabled:services]
YY -> "C:\WINDOWS\Temp\~TMD.tmp" -> C:\WINDOWS\Temp\~TMD.tmp [C:\WINDOWS\Temp\~TMD.tmp:*:Disabled:~TMD]
YY -> "C:\WINDOWS\Temp\~TME.tmp" -> C:\WINDOWS\Temp\~TME.tmp [C:\WINDOWS\Temp\~TME.tmp:*:Enabled:services]
YY -> "C:\WINDOWS\Temp\~TMF.tmp" -> C:\WINDOWS\Temp\~TMF.tmp [C:\WINDOWS\Temp\~TMF.tmp:*:Disabled:~TMF]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{268e8196-337a-11de-bb9d-001fd0574ed6}\Shell\AutoRun\command -> 
YN -> \{268e8196-337a-11de-bb9d-001fd0574ed6}\Shell\AutoRun\command\\"" -> [RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\plzrunmezz.exe]
YN -> \{268e8196-337a-11de-bb9d-001fd0574ed6} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{268e8196-337a-11de-bb9d-001fd0574ed6}\Shell\open\command -> 
YN -> \{268e8196-337a-11de-bb9d-001fd0574ed6}\Shell\open\command\\"" -> [RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\plzrunmezz.exe]
YN -> \{2faed740-8c76-11dd-ba79-001fd0574ed6} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faed740-8c76-11dd-ba79-001fd0574ed6}\Shell\AutoRun\command -> 
YN -> \{2faed740-8c76-11dd-ba79-001fd0574ed6}\Shell\AutoRun\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe]
YN -> \{2faed740-8c76-11dd-ba79-001fd0574ed6} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2faed740-8c76-11dd-ba79-001fd0574ed6}\Shell\open\command -> 
YN -> \{2faed740-8c76-11dd-ba79-001fd0574ed6}\Shell\open\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe]
[Files/Folders - Created Within 30 Days]
NY ->  7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  prvlcl.dat -> C:\Documents and Settings\xp pro\Local Settings\Application Data\prvlcl.dat
NY ->  wincmd.ini -> C:\WINDOWS\wincmd.ini
NY ->  97 C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp
NY ->  97 C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp
NY ->  97 C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\xp pro\Local Settings\Temp\*.tmp
NY ->  7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  17 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Files - No Company Name]
NY ->  wincmd.ini -> C:\WINDOWS\wincmd.ini
[Custom Scans]
NY ->  3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

system · January 16, 2010, 7:04pm

OK,

I just ran the OTS and pasted the code you gave me. After it finished fixing, it asked me to reboot to complete cleaning. After that was done I got the notepad log which I’m posting now.

Please after you review it let me know if everything went the way it should.

One more time, thanks a lot. You good people probably saved me a lot of trouble.

That will not be forgotten

essexboy · January 16, 2010, 7:36pm

Looks good and cleared a bit of rubbish from your system

Total Files Cleaned = 4,422.00 mb

Run OTS and hit the cleanup button and it will disappear - enjoy

Siszyd32.exe help

Announcements