Stdrt.exe

Hi ive just joint this forum looking for help to get rid of Stdrt.exe from my pc. I have Mcafee Antivirus And have tried Malwarebytes, Superantispyware and Spybot as well as several trojan cleaners. They all report it as a fake ms file and quarentine it but on reboot its back again. I find it in my Temp folders and delete it after closing it in the processes. I have started in safemode and scanned, and again it finds it but it returns. When i start up as normal i get Mcafee telling me Media center wants to start and it contains Stdrt so i state no to starting but its allready running in processes. I did a regedit and typed Stdrt and only one file was found of it within Media Center that i have not got on my pc. Google gives many ways to unload it and ive tried them all. I think if i knew what it was running as in the registry i could delete it other than doing a reinstall of Vista. Can any one give me any idea as to registry keys etc that i may be looking for. I tried Combofix and it mucked all my settings up so i did a system restore.

Hi,
Welcome to the forum.
Have you tried this?
http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html
sfc check, if faults run 3 tmes, please let us know te results

I will refer this to our experts in this area, she will be here ASAP.
I suggest that you discontinue trying to fix it. No matter what, the worst case scenario is a reinstall, but most likely without additional complications that can be avoided.

I thank you both for the replys. Ill wait for the experts before i try anything else

With time zones and all, could be any time; but dont worry, I think that yours is an easy fix.
Members of the fourm pride themselves on giving the best possible help, so we will get you the best in the field.

This is the infection that has infiltrated your computer Encyclopedia entry: Win32/Parite - Learn more about malware - Microsoft Malware Protection Center

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

Your in the hands of one of the best now. Just follow what she says and you will be up and running again, soon.

Agree 100% with you Richard.
And I know Jacee is amazing at her job first hand helping me rid 'nasties; from my computer.

Thanks to you all for your quick responses. Ill have a go at this in the morning and let you know how i got on

Take your time. The entire staff is here to help.

It's good at least now you know your problem, thanks to the combined members of the forum, particularly Richc & Jacee
I hope everything goes ok tomorrow, any doubts, or queries do not hesitate to return to the forum.
There is always someone here that can assist you.
Good Luck.

I have sent an attachment containing the Combofix scan. I thank you for your help so far, and await any further assistance you can give me.

P2P Warning ....
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like Limewire, Shareaza, and FrostWire.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs.
Besides being illegal, these files also are loaded with "planted" malware

Totally uninstall AVG9
AVG Remover Tool (avgremover.exe; avgremoverx64.exe) http://www.avg.com/us-en/download-tools

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

Question Jacee
Turn the computer into a door stop; we are still talking about software?

I have finnished the scan with online Eset and have attached the results. The last time i used Combofix quite a few of my programs stopped working as well as my printer i had to do a system restore. Well the same has happened. If i do another system restore then the trojans that have been deleted will return, and Stdrt is still running in the processes so i think the best thing for me to do is a complete reset to factory settings. Ill wait for a while in case there are other answers. Thanks so far

Eset took out a couple

Download JavaRa |MG| JavaRA 1.16 Beta Download to remove all old Java. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

I am not familiar with "Best Spyware Scanner" ... is that a part of ParetoLogic?

Unplug your printer. Re-install your Cannon software. Now, with the computer turned on, plug in the computer, then the USB cord. Turn on the printer.

Please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A window will open on your desktop
• if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file.

Next:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scan box paste this in
  
  
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

richc46 said:

Question Jacee
Turn the computer into a door stop; we are still talking about software?

Click to expand...

Rich, I believe this infection is a variation of the "whistler bootkit", after doing more investigation.

Now this infection affects MBR and I didn't create it! The last thing I wanted to do was turn the computer into an expensive "doorstop" as you say. My motto is "do no harm" .... I had no idea that terryco had run Combofix before. Looks like this has been on the computer for sometime!

@ terryco The best advice I can give you is to wipe and do a 'clean install'.
If you have not made any recovery disks then download xPUD.... an alternative system rescue.
It is a relatively small linux distro (64mb) that has a Windows-user friendly interface. It can be run from a CD or USB device, be it flash drive, usb hard drive, etc.

I think that you misunderstood, at no time did I think you were responsabile.
My concern was that a virus can actually hurt hardware. Never heard of that. Apology for any misunderstanding.

My apology back to you for not getting the facts and not understanding your post clearly