stdrt.exe, wierd radio noise, cant delete HELP

[Roftek]

Hi im new to the forums (as you can see this is my first post).

I'm getting a similar problem like this one

http://www.techist.com/forums/f9/st...adio-station-playing-when-i-turned-pc-246305/

I did all the steps in the asylum page.

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:49:50 PM, on 8/28/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Davis\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Adobe Licensing Console -                                                                                                      - C:\Windows\system32\mrvcl32.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 3101 bytes

MalawareBytes log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7600

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/28/2011 6:48:35 PM
mbam-log-2011-08-28 (18-48-31).txt

Scan type: Quick scan
Objects scanned: 174136
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ive tried to go into safe mode and delete all the temp files and files related to srdrt, but they just come right back. I think I got this when I tried to update my VIA audio drivers.

If someone could please help me get rid of this it would be awesome. The stdrt.exe takes 100mb of ram at start up. It seems as if its download random videos/music/radio or something (once i hear a kid instructing a YouTube tutorial).

When ever you turn the volume on the windows media center diagnostic it mute itself and you have to continuously change the volume to hear something.

So basically when I start up there is an application in the mixer called windows media center diagnostic and its buggy,taking up ram, probably downloading, and its a virus. I have to end the process every time.

 

[KSoD]

Restart into Safe Mode and run Combofix and post its log.

 

[Roftek]

ComboFix 11-08-28.01 - Davis 08/28/2011  21:55:20.3.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2046.1170 [GMT -5:00]
Running from: c:\users\Davis\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-28 to 2011-08-29  )))))))))))))))))))))))))))))))
.
.
2011-08-29 02:59 . 2011-08-29 02:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-08-29 02:59 . 2011-08-29 02:59    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2011-08-28 23:43 . 2011-08-28 23:43    --------    d-----w-    c:\users\Davis\AppData\Roaming\Malwarebytes
2011-08-28 23:43 . 2011-08-28 23:43    --------    d-----w-    c:\programdata\Malwarebytes
2011-08-28 23:43 . 2011-07-07 00:52    41272    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-28 23:43 . 2011-08-28 23:43    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-08-28 23:43 . 2011-07-07 00:52    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-08-28 22:50 . 2009-12-08 03:15    868352    ----a-w-    c:\windows\system32\VIAPropPageExt.dll
2011-08-28 22:50 . 2009-11-11 03:31    502784    ----a-w-    c:\windows\system32\VIASysFx.dll
2011-08-28 22:50 . 2009-06-01 02:10    211456    ----a-w-    c:\windows\system32\Dts2APO.dll
2011-08-28 22:50 . 2009-03-04 08:42    75776    ----a-w-    c:\windows\system32\Dts2PropPageExt.dll
2011-08-28 22:50 . 2009-01-19 13:30    68608    ----a-w-    c:\windows\system32\ViaMicArrayPropPageExt.dll
2011-08-28 22:50 . 2009-01-19 13:29    181248    ----a-w-    c:\windows\system32\ViaMicArrayAPO.dll
2011-08-28 10:54 . 2011-08-28 10:54    4283672    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-28 10:35 . 2011-08-29 02:59    --------    d-----w-    c:\users\Davis\AppData\Local\temp
2011-08-26 22:21 . 2011-08-26 22:21    42392    ----a-w-    c:\windows\system32\xfcodec.dll
2011-08-26 05:02 . 2011-08-26 05:03    --------    d-----w-    c:\program files\Ventrilo
2011-08-26 00:57 . 2011-08-26 00:57    --------    d-----w-    c:\users\Davis\AppData\Roaming\MP3SkypeRecorder
2011-08-26 00:57 . 2011-08-26 00:57    --------    d-----w-    c:\users\Davis\AppData\Local\Alexander_Nikiforov
2011-08-26 00:57 . 2011-08-26 01:03    --------    d-----w-    c:\program files\MP3 Skype Recorder
2011-08-25 01:32 . 2011-08-25 01:32    --------    d-----w-    c:\program files\VirtualDubMOD
2011-08-21 00:27 . 2011-08-21 00:27    --------    d-----w-    c:\programdata\Ableton
2011-08-21 00:27 . 2011-08-21 00:27    --------    d-----w-    c:\users\Davis\AppData\Roaming\Ableton
2011-08-19 22:51 . 2011-08-19 22:51    --------    d-----w-    c:\users\Davis\AppData\Roaming\FabFilter
2011-08-19 22:45 . 2011-08-19 22:45    --------    d-----w-    c:\program files\FabFilter
2011-08-19 22:45 . 2011-08-19 22:45    --------    d-----w-    c:\program files\Common Files\VST3
2011-08-19 03:42 . 2011-08-19 03:42    --------    d-----w-    c:\program files\Trend Micro
2011-08-19 00:03 . 2011-08-19 00:03    --------    d-----w-    c:\users\Davis\AppData\Roaming\SynthMaker
2011-08-18 23:45 . 2011-08-18 23:45    --------    d-----w-    c:\users\Davis\AppData\Roaming\Image-Line
2011-08-18 01:50 . 2009-09-15 09:14    1554944    ----a-w-    c:\windows\system32\vorbis.acm
2011-08-18 01:47 . 2011-08-18 01:47    819729    ----a-w-    c:\windows\system32\mrvcl32.exe
2011-08-16 00:47 . 2011-08-16 00:47    --------    d-----w-    C:\Restoration
2011-08-15 23:29 . 2011-08-15 23:29    --------    d-----w-    c:\users\Davis\AppData\Roaming\Stardock
2011-08-15 23:29 . 2011-08-15 23:29    --------    d-----w-    c:\users\Davis\AppData\Local\PackageAware
2011-08-15 07:41 . 2011-08-18 00:19    --------    d-----w-    c:\users\Davis\AppData\Roaming\iZotope
2011-08-15 07:38 . 2011-08-15 07:38    --------    d-----w-    c:\program files\iZotope
2011-08-14 00:22 . 2011-08-14 01:28    --------    d-----w-    c:\users\Davis\AppData\Local\ESL Wire Game Client
2011-08-14 00:22 . 2011-08-14 00:22    --------    d-----w-    c:\programdata\ESL Wire
2011-08-04 21:46 . 2011-08-28 09:23    --------    d-----w-    c:\users\Davis\AppData\Roaming\.minecraft
2011-08-03 11:02 . 2011-08-03 11:06    --------    d-----w-    c:\users\Davis\AppData\Roaming\Audacity
2011-08-01 02:28 . 2011-08-01 02:31    --------    d-----w-    c:\programdata\Yahoo!
2011-08-01 02:26 . 2011-08-01 21:40    --------    d-----w-    c:\program files\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 23:02 . 2011-01-18 02:19    103736    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-08-28 23:02 . 2011-01-18 02:19    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2011-08-28 10:53 . 2010-12-27 21:28    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-28 07:36 . 2011-01-18 02:19    138160    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2011-08-28 07:35 . 2011-01-18 02:19    271200    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2011-08-28 07:35 . 2011-01-18 02:19    271200    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-08-03 19:12 . 2011-06-19 00:30    862496    ----a-w-    c:\windows\system32\drivers\ESLWireACD.sys
2011-08-01 02:28 . 2011-06-13 00:57    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 06:28 . 2011-04-12 21:11    138056    ----a-w-    c:\users\Davis\AppData\Roaming\PnkBstrK.sys
2011-08-17 22:20 . 2011-05-09 02:18    134104    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-12-05 . 6DBEA870D9CBFF554309B6F53A13EC34 . 2613248 . . [6.1.7600.16404] . . c:\windows\Resources\Themes\Luna_port_to_Windows_7__Aero__by_Satukoro\Resources\x86\explorer.exe
[-] 2009-12-03 . 015BCE0862E2A1BC83B6CF5FB94CE7FA . 2868224 . . [6.1.7600.16404] . . c:\windows\Resources\Themes\Luna_port_to_Windows_7__Aero__by_Satukoro\Resources\x64\Explorer.exe
[-] 2009-07-14 . D4FF0210BA7DCDBBFF7764A3FD7836A8 . 2130432 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-28_10.36.57   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-27 18:22 . 2011-08-28 23:19    31338              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-08-28 23:22    42152              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 20:05 . 2011-08-28 23:22    14614              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-690641762-639104168-772722019-1000_UserData.bin
- 2009-07-14 04:50 . 2011-08-26 08:54    86016              c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2011-08-28 22:50    86016              c:\windows\System32\DriverStore\infpub.dat
+ 2011-08-28 22:50 . 2009-01-19 13:30    68608              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\ViaMicArrayPropPageExt.dll
+ 2011-08-28 22:50 . 2007-12-04 03:28    76288              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\nQPropPageExt.dll
+ 2011-08-28 22:50 . 2007-12-04 03:28    71680              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\nQAPO.dll
+ 2011-08-28 22:50 . 2009-03-04 08:42    75776              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\Dts2PropPageExt.dll
- 2010-12-27 21:59 . 2011-08-28 10:36    49152              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 21:59 . 2011-08-28 23:20    49152              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-28 07:04 . 2011-08-28 23:21    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-28 07:04 . 2011-08-28 10:07    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-08-28 10:42    71944              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-12-28 07:04 . 2011-08-28 23:21    32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-28 07:04 . 2011-08-28 10:07    32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-28 07:04 . 2011-08-28 10:07    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-28 07:04 . 2011-08-28 23:21    16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-28 05:35 . 2011-08-28 10:07    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-28 05:35 . 2011-08-28 23:21    16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-28 05:35 . 2011-08-28 10:07    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-28 05:35 . 2011-08-28 23:21    16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-28 10:06 . 2011-08-28 10:36    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 02:54 . 2011-08-29 02:54    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 02:54 . 2011-08-29 02:54    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-28 10:06 . 2011-08-28 10:36    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-05 04:32 . 2011-08-29 02:51    226494              c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:50 . 2011-08-26 08:54    143360              c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-08-28 22:50    143360              c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2011-08-26 08:54    143360              c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2011-08-28 22:50    143360              c:\windows\System32\DriverStore\infstor.dat
+ 2011-08-28 22:50 . 2009-11-11 03:31    502784              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\VIASysFx.dll
+ 2011-08-28 22:50 . 2009-12-08 03:15    868352              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\VIAPropPageExt.dll
+ 2011-08-28 22:50 . 2009-01-19 13:29    181248              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\ViaMicArrayAPO.dll
+ 2011-08-28 22:50 . 2009-06-01 02:10    211456              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\Dts2APO.dll
+ 2010-12-27 20:07 . 2011-08-28 23:20    245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-12-27 20:07 . 2011-08-28 10:07    245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-08-28 05:38 . 2011-08-28 23:20    114688              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011082820110829\index.dat
+ 2009-07-14 04:41 . 2011-08-28 23:20    311296              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:47 . 2011-08-29 02:53    428376              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-08-28 10:04    428376              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-08-29 02:03    6553600              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2011-08-28 10:17    6553600              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2011-08-28 22:50 . 2010-01-11 10:02    1119232              c:\windows\System32\DriverStore\FileRepository\viahdb1.inf_x86_neutral_61e8384f281042fe\viahduaa.sys
+ 2010-12-28 07:00 . 2010-01-11 10:02    1119232              c:\windows\System32\drivers\viahduaa.sys
+ 2010-12-27 21:59 . 2011-08-28 23:20    1441792              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-27 21:59 . 2011-08-28 10:36    1441792              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-02 05:18 . 2011-08-29 02:53    11263147              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-690641762-639104168-772722019-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 1713152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2011-02-17 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-08-18 819729]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2011-02-17 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-02-17 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-08-03 862496]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2011-04-18 24504]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Davis\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2011-02-17 52872]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\iqplw4p3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,fc,bd,88,5e,1b,bb,44,a2,0a,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,fc,bd,88,5e,1b,bb,44,a2,0a,0e,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-28  22:00:53
ComboFix-quarantined-files.txt  2011-08-29 03:00
ComboFix2.txt  2011-08-28 23:41
ComboFix3.txt  2011-08-28 10:39
.
Pre-Run: 54,523,015,168 bytes free
Post-Run: 54,143,741,952 bytes free
.
- - End Of File - - 976892A215D42A84C4190AD89165B22E

 

[KSoD]

In Safe Mode remove these 2 folder/files

C:\WINDOWS\SYSTEM\REGSRV.EXE
C:\WINDOWS\TEMP\MRT2.TMP\STDRT.EXE

Also make sure to clean out your Internet Browser history with CCleaner or Clean Manager.

You will also want to find and remove this file:

REGSRV.EXE

 

[Roftek]

There is no regsrv.exe in system and the temp files keep coming. The stdrt.exe folder is always something different (mtr2,mtr3,mtr4) and after that there is 3 more digits either being a number of letter.

Heres one mrt400B

could it maybe be a startup service?

 

[KSoD]

Yes. Start>Run>msconfig

Make sure that you know all the pieces of software listed. Uncheck any that you dont know. If you have any question post and ask about them. But that is why it keeps coming back. You have to stop it from starting up with the startup services and you should be able to delete it.

 

[Roftek]

Theirs only 3 avg internet security, malaware bytes and HDAudioCPL. I think it might be the VIA HDAduioCPL because that's when it started. It is just a more complex audio GUI.

There is no way it could be avg (Ive had it too long) and it couldn't of been malaware because I downloaded that after this mess.

Do you think it would be a good idea to just delete my audio driver and use the one on my chip-set disc.

So I kind of confused to what to do right now. I disabled the start-up service now what, should I go into safe mode and delete stuff again?

 

[KSoD]

Yes. You need to go back into Safe Mode and run all the scans again. You need to make sure you clean temp files and remove any folders/files that pertain to this infection. The only other solution is to purchase UnHack Me for $25 if you want a simple 1 click solution. You can try their Demo, but it may not do the trick.

 

[Roftek]

OMG Thanks a million. It didn't start with stdrt.exe but there is still the files in the temp and registry values related to stdrt.exe.

So now its not in the startup what should I do?

 

[KSoD]

Go back to step 1. Start running scans with Combofix, MBAM and the demo of UnHack Me. See if that helps remove the infection from Safe Mode. From there scour the system looking for the entries I posted about above in post #4. If you dont find them, restart your PC again to normal mode and see how things are.