srptm has stopped working

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything. Note if you cannot save things in C:\ then just save them to your Desktop. Make sure that you have disable UAC and rebooted first if you are running Windows Vista or Windows 7.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • 
     [*]Starting your computer in Safe mode
   
   
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   
   • Don't Bump! It Only Hurts You!!!
   
   

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

MBAM found and removed it. So let's just do a little clean up.

Rerun RogueKiller and fix these items;

Code:

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LPTSystemUpdater ("C:\Program Files (x86)\LPT\srpts.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LPTSystemUpdater ("C:\Program Files (x86)\LPT\srpts.exe") -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyEtD0D0DtDyCzzzytByE0BtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyD0F0CzytDtC0AtCtGyEtC0AzztGtByB0AtCtGtDyEtBtBtGtB0A0AtD0Czz0C0FtDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyBtBzzyD0EyDtBtGyB0EtDzztGyBtD0EtBtGtCtC0E0DtGyDyEyBtB0EyE0FtDtByB0AyD2Q&cr=2011424926&ir=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyEtD0D0DtDyCzzzytByE0BtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyD0F0CzytDtC0AtCtGyEtC0AzztGtByB0AtCtGtDyEtBtBtGtB0A0AtD0Czz0C0FtDyCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyBtBzzyD0EyDtBtGyB0EtDzztGyBtD0EtBtGtCtC0E0DtGyDyEyBtB0EyE0FtDtByB0AyD2Q&cr=2011424926&ir=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Ja6UFyqTwMoCwMLz9H2Lxl1QH6o1HPn_7m3raT-oblJTo7vJeOgNA7EN_flOcpuEVuUU3VLwjFwY4PG4xHdvnbFFz8DM0ceHPuDzRMxLUae0SrxEUGgGKgS11nOsRMDDDGCclrDyUdEmzJ7DLlLFVQ,,  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Ja6UFyqTwMoCwMLz9H2Lxl1QH6o1HPn_7m3raT-oblJTo7vJeOgNA7EN_flOcpuEVuUU3VLwjFwY4PG4xHdvnbFFz8DM0ceHPuDzRMxLUae0SrxEUGgGKgS11nOsRMDDDGCclrDyUdEmzJ7DLlLFVQ,,  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Ja6UFyqTwMoCwMLz9H2Lxl1QH6o1HPn_7m3raT-oblJTo7vJeOgNA7EN_flOcpuEVumL5mWpVtQARJPc486tKJ5tJKI5QH6U7b3dLD2WNcgw7Si3_c-84L2Z65H6bcsDiOw1BxTsB5-SlZMMDWTVRQ,,&q={searchTerms}  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Ja6UFyqTwMoCwMLz9H2Lxl1QH6o1HPn_7m3raT-oblJTo7vJeOgNA7EN_flOcpuEVumL5mWpVtQARJPc486tKJ5tJKI5QH6U7b3dLD2WNcgw7Si3_c-84L2Z65H6bcsDiOw1BxTsB5-SlZMMDWTVRQ,,&q={searchTerms}  -> Found

Then rerun Hitman and have it fix all it finds.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Reboot and rescan with both RogueKiller and Hitman and attach those new logs as well.

Be sure to tell me how things are running.

 

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now use windows explorer to find and delete:
C:\Users\Main\Documents\APNSetup.exe

Tell me how you get along with this.

 

You need to do my fix in post #6 and then rerun Hitman after a reboot.

 

Download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe

:reg
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
[-HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A48B62C-DF62-4E3F-8563-F89CDB9956F1}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKU\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKU\S-1-5-21-1070870028-3523365556-3890122372-1000_Classes\Wow6432Node\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Reboot ane rescan with Hitman and attach the new log.

 

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe

:Reg
[-HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A48B62C-DF62-4E3F-8563-F89CDB9956F1}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKU\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}] 
:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

 

Copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Reboot and rescan with Hitman.

 

Forgot to ask you to rerun Hitman and attach a new log.

 

How confident are you to edit your registry?

 

We have not been having success in removing the reg keys for a couple of Potentially Unwanted Program according to Hitman. Perhaps you should first run CCleaner and have it clean the registry ( make the backup first ).

 

Go to start / run and type in regedit.

When the registry opens scroll to these keys and delete them:

HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A48B62C-DF62-4E3F-8563-F89CDB9956F1}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\

HKU\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}

 

If you have found the full key, then you can delete them. Regedit gives you the option to make a backup (File/ export ) before you delete the keys.

 

Good job.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
   
   
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!