ANYONE Plz help me PDFUPD.EXE & siszyd32.exe

[icyblufire]

I was looking for help and searching thru Google to find out what this problem with my computer was.
Same as a few others on here siszyd32.exe and PDFUPD.EXE (in quarantine folder)
I have tried numerous things to fix this, seems I get a fix and it comes back. I have seen how you have helped others on here and I am hoping you will be able to help me as well.
My monitor has been killed, it claims my CD system is a virus lol I'm losing everything and its telling me to well um basically delete my whole system lol
I'm dying here and I dunno what to do.
Ive downloaded that OTS you posted for someone to run and stuff. I am running it now and I will post the results as soon as it is finished.
I hope you can help me.
Thank you for your time and patience ANYONE who can help with this.

Sincerely,
Jodi

[icyblufire]

This is the hijackthis.log file

[icyblufire]

It will not let me upload the OTS.txt file, says that the file is too large to attach
Its 1.98 MB

[icyblufire]

here is the freefixer log report as well

[icyblufire]

OK I split the OTS into 2 files in the hopes that I can post it for u

[YoKenny]

Looks like you are using AVG:
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

This is the avast! forum so you should ask in the AVG forum.

You are running a down level version of Adobe Acrobat 7.0 that has several security exposures and Adobe Acrobat 9.1 is available.

O4 - HKUS\S-1-5-18\..\Run: [Monopod] C:\WINDOWS\TEMP\a.exe (User 'SYSTEM') <== is malware

[icyblufire]

I dont know what I have on here lol
I do know avg is one I have. I have been trying everything for while now. I searched the siszyd32.exe on Google and this site came up.
I seen others were getting help and I was hoping to receive help myself.
If I can not be helped on this forum because avast is not on my pc at the moment... I don't know what else to do....

Here is the otl txt and i will post the extras txt

[icyblufire]

this is the Extras.txt

[pinnacle]

http://www.prevx.com/filenames/1104395637561829493-X1/PDFUPD.EXE.html info on this backdoor, and here is possible help for removal of Siszyd32.exe http://www.virusremovalguru.com/?p=4914 Please read the manual instructions there  the link for removal tool is an advertisement.

[icyblufire]

Thank you for your help, The one downloaded but will not open
the other downloaded, installed and scanned my pc, to tell me, HEY you suck buddy, pay for me and I will fix u...lol ( in not so many words)
Plz can anyone just help me clean this?
I didn't know asking for help required me to have avast
My cd drive is messed, my monitor killed. I don't know what else to do

[pinnacle]

sorry i did tell you the manual instructions only

[icyblufire]

Again, Ty for your help.
Since I have read many threads asking for help on this same problem from many of your forum users, I thought that I would receive the same kind of help.
But I am assuming because I am not using Avast at this present moment, I will not receive the same help from all of you.
I asked because you all replied very courteously and helped thoroughly to forum members, So I joined as well hoping for this same kind of help. I wasn't expecting to get turned away or given some half help links to use. I posted all Txt - log files the same as others did.
Thank you for at least letting me know, I wouldn't be getting the same help. Feel free to remove my account from this forum, since giving me a little bit of the same help other members received is not going to happen.

Take care
and Merry christmas

[essexboy]

If you download cracks you will experience these types of problems 

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Processes - Safe List]
YY -> av_md.exe -> C:\WINDOWS\system32\av_md.exe
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jodi\Application Data\Mozilla\FireFox\Profiles\k7303z96.default\prefs.js
YN -> browser.startup.homepage -> "http://www.the-crack-online.com/on-line/index.php?act=idx"
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "av_md" -> C:\WINDOWS\system32\av_md.exe [C:\WINDOWS\system32\av_md.exe]
YN -> "Regedit32" -> C:\WINDOWS\System32\regedit.exe [C:\WINDOWS\system32\regedit.exe]
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "iLike" -> C:\Program Files\iLike\1.2.14\ilikesidebar.exe [C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate]
YN -> "Monopod" -> C:\WINDOWS\TEMP\a.exe [C:\WINDOWS\TEMP\a.exe]
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "iLike" -> C:\Program Files\iLike\1.2.14\ilikesidebar.exe [C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate]
YN -> "Monopod" -> C:\WINDOWS\TEMP\a.exe [C:\WINDOWS\TEMP\a.exe]
< Run [HKEY_USERS\S-1-5-21-1844237615-2049760794-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "av_md" -> C:\Documents and Settings\Jodi\av_md.exe [C:\Documents and Settings\Jodi\av_md.exe]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YN -> "{784d8aba-a06b-46ad-b66c-4dfab15328f4}" [HKLM] -> Reg Error: Key error. [tokatiluy]
[Files/Folders - Created Within 30 Days]
NY ->  7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  av_md.exe -> C:\WINDOWS\System32\av_md.exe
NY ->  fvgqad.dat -> C:\Documents and Settings\Jodi\Application Data\fvgqad.dat
NY ->  avdrn.dat -> C:\Documents and Settings\Jodi\Application Data\avdrn.dat
NY ->  9 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
NY ->  13 C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jodi\Local Settings\Temp\*.tmp
[Files - No Company Name]
NY ->  oashdihasidhasuidhiasdhiashdiuasdhasd -> C:\Documents and Settings\Jodi\oashdihasidhasuidhiasdhiashdiuasdhasd
NY ->  av_md.exe -> C:\WINDOWS\System32\av_md.exe
NY ->  fvgqad.dat -> C:\Documents and Settings\Jodi\Application Data\fvgqad.dat
NY ->  avdrn.dat -> C:\Documents and Settings\Jodi\Application Data\avdrn.dat
NY ->  ljghfeecyv.dll -> C:\WINDOWS\System32\ljghfeecyv.dll
NY ->  vttqrommjh.dll -> C:\WINDOWS\System32\vttqrommjh.dll
NY ->  xxxyaabxyw.dll -> C:\WINDOWS\System32\xxxyaabxyw.dll
NY ->  rqppmmnklj.dll -> C:\WINDOWS\System32\rqppmmnklj.dll
NY ->  vtutstrrro.dll -> C:\WINDOWS\System32\vtutstrrro.dll
NY ->  vttqnonomk.dll -> C:\WINDOWS\System32\vttqnonomk.dll
NY ->  gebbyvwwus.dll -> C:\WINDOWS\System32\gebbyvwwus.dll
NY ->  dddaxxuuro.dll -> C:\WINDOWS\System32\dddaxxuuro.dll
NY ->  xxywussqqo.dll -> C:\WINDOWS\System32\xxywussqqo.dll
NY ->  gedccywxyw.dll -> C:\WINDOWS\System32\gedccywxyw.dll
NY ->  nnonolihig.dll -> C:\WINDOWS\System32\nnonolihig.dll
NY ->  qopmlklijh.dll -> C:\WINDOWS\System32\qopmlklijh.dll
NY ->  rqoommkheb.dll -> C:\WINDOWS\System32\rqoommkheb.dll
NY ->  hjgruiiivjibbx.dll -> C:\WINDOWS\System32\hjgruiiivjibbx.dll
NY ->  fgexec.dll -> C:\WINDOWS\fgexec.dll
[File - Lop Check]
NY ->  19975934 -> C:\Documents and Settings\All Users\Application Data\19975934
NY ->  {55A29068-F2CE-456C-9148-C869879E2357} -> C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

ON COMPLETION

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[icyblufire]

I ran the fix that you posted for me to put into the fix and I rebooted after. I still was unable to fully boot up with out going into safemode with networking. I do not have another pc to work off from. The log is attached here for u to see
I have maleware thing you posted on here on my pc already and ran it first off, soon as I seen it had been said to be ran. It came back clean... I had ran a indepth scan on it, took over 4 hours.
I don't know what else to do...
Thank you for your help. I sincerely appreciate it.

Jodi

[icyblufire]

Here is the mbam-log-2009
As requested, copied and pasted into this post:

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/21/2009 5:17:08 PM
mbam-log-2009-12-21 (17-17-08).txt

Scan type: Quick Scan
Objects scanned: 134875
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Chas\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\156829 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Chas\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chad\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.