I tried booting in both normal mode and safe mode. Still gets black screen.
I plan on buying a new computer…just need to save from recent files on this one. I keep most if my data on an external hard drive…but i have not backed up data in a few weeks.
Any other thoughts. Do not want to throw in towel just yet.
Update to the above post.
I did some research and tried to do a system restore.
pushed F8 to get to repait menu. Ran system restore usinga few datez until it finakly worked for a 16 august restore point. Did not llose much, other then all the diagnotic tools I had sownloaded as oart of this process.
I was able to start the computer I normal mode and get to my desktop. I am transferring files to an external hard drive for my next computer.
funny thing…still getting the “threat detected messages” from avast. At this point, not sure I can do much about that.
any last thoughts to save this computer. It is 5 years old.
thanks for working with me on this issue.
Larry
The system restore was my second attempt. 
Still, I would use the restore point from 18.
Restore point made on: 2014-08-18 17:02:56
still getting the "threat detected messages" from avast.Shure you do. All registry point has been restored back on 16 aug where you still have the problem.
Download FRST tool again, run the tool and post here the both logs. Do not worry, we shall save this computer. 
here you go.
Larry
Ok, here we go again …
From Control Panel > Programs and Features try to uninstall the following:
BrowseMark
CouponXplorer Toolbar
Then …
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start Hosts: HKLM\...\Run: [] => [X] AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=313&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S05386^us&si=101497&ptb=6FF8DAA5-2393-4DB9-8CFA-1609B3609DC9&ind=2013042008&n=77fc9558&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=313&src=ds&p={searchTerms} SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm069^S05386^us&si=101497&ptb=6FF8DAA5-2393-4DB9-8CFA-1609B3609DC9&ind=2013042008&n=77fc9558&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {5FA756CA-A401-42EA-8730-B3ADDDD4087C} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_15_ie&cd=2XzuyEtN2Y1L1QzutDtDtByCzy0EtB0BtD0FyEtDtDyEtByEtN0D0Tzu0SzztAtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtD0B0CyDtA0ByEtG0Azz0F0DtGtA0B0C0BtGyB0AyD0EtGtByByC0EzyzytAtByD0ByB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtB0EtDtB0F0F0DtGyE0EtC0FtG0DyDtA0CtG0E0EtBtDtGtBtBtA0F0ByByC0ByEtByCyE2Q&cr=684452925&ir= SearchScopes: HKCU - {69B38643-8C04-4B58-A328-1E9A27FDA35E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {7AC0F117-4769-4CE3-9B40-26089FD00F4A} URL = http://websearch.shopathome.com?user_id={309EBF13-0F1B-4412-A4DD-A0208BC59914}&q={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={1F398BBA-56A4-469E-8DB7-7DF7C8E76B7A}&mid=6691207b6e0347d195d9d16fd8cfe6b3-8459a2957ccb36721f2376145fee102d5f572792&lang=en&ds=AVG&pr=fr&d=2012-07-01 09:15:15&v=11.1.0.12&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=n&ver=12283&tm=313&src=ds&p={searchTerms} SearchScopes: HKCU - {B0960388-C8FF-45BF-AB34-AD90F44D84BE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=71B3B555-23A7-4091-9237-4AFE5213D6D0&apn_sauid=35726E10-41D1-41E8-8A95-398B946EDC25& SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80269&lng=en BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No File FF HKCU\...\Firefox\Extensions: [{C84E2F89-F883-97B9-5382-1226EEEAD045}] - C:\Program Files (x86)\BlockAndSurfS\173.xpi CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2014-07-06] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {78A833A3-D886-4193-B17F-90D01500653F} - System32\Tasks\FF Watcher {98D39D0F-2F47-407A-9164-063935A95961} => C:\Program Files\V-bates\PrefHelper.exe Task: C:\Windows\Tasks\FF Watcher {98D39D0F-2F47-407A-9164-063935A95961}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION AlternateDataStreams: C:\Users\croucher\Documents\High Council Update, Assignments & Schedule.eml:OECustomProperty C:\Program Files\V-bates C:\Program Files (x86)\Mobogenie C:\Program Files (x86)\BlockAndSurfS C:\Program Files (x86)\AVG EmptyTemp: End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
Here you go. hope it worked. When I run FRST, it creates a fixlist.txt file, but the program ends with an error and has to close.
I ran a search for rpcss.dll and that is attached as well.
Larry
@MustangLarry
Could you please download fresh FRST tool from official link, delete the current copy of the tool, re-create the fixlist.txt with above provided code and re-run it. fixlog.txt shall be created, please post it here.
Same issue with new download of FRST. Get a message “FRST has stopped working. A problem caused the program to stop working correctly”
The attached file was saved.
Larry
Hi,
I see what couse the error. That’s Ok, you can ignore that …
I would like to re-check all that with anather tool. Then, tell me is the computer behavior a lot better?
Please download Zoek tool by Smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool. Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Uninstall-List;
StandardSearch;
ipconfig /flushdns >> %temp%\log.txt;b
bitsadmin /reset /allusers >> %temp%\log.txt;b
AutoClean;
Reboot;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Here you go.
On another note, I only get 1 x "threat detected " message every 5 minutes now, instead of the 4 I was getting. It is for http://crevedos78.org/online/531, Infection URl/mal
Larry
…now run this zoek script:
EmptyFoldersCheck;Delete
C:\Users\croucher\AppData\Roaming\Microsoft\Installer\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}\SystemFoldermsiexec.exe;i
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\lsfzz.xcl;f
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon];r
C:\Program Files (x86)\Mobogenie;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RebateInformer];r
C:\PROGRA~2\REBATE~1;f
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
"{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}"=-;r
C:\Program Files (x86)\Coupons.com CouponBar;fs
bopakagnckmlgajfccecajhnimjiiedh;chr
cnpkmcjgpcihgfnkcjapiaabbbplkcmf;chr
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponXplorer_5zbar Uninstall];r
autoclen;
Post me the fresh created zoek report after the reboot:
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
.
Then post me the fresh FRST.txt report (run the tool and press the Scan button) and tell me how is the computer running now?
Here you go.
Larry
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
here you go
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
How is the computer running now?
Here you go.
Computer seems to be running fine. I waited for a few minutes to see if i got any Avast alert messages. Usually it pops up every 4-5 minutes, but nothing yet. Maybe we solved the problem.
appreciate all the support.
I would like to know how I can maintain my system better in the future. We ran alot of different programs during this process. any advice on good programs to routinely run would be helpful.
I truly appreciate all the support.
Larry
You are malware free. Posted logs are now appear cleans and show no signs of active infection.
Good workman always cleans up after himself.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
• To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:
Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
Malwarebytes will detect and remove all traces of known malware. MBAM isn’t AntiVirus and it can NOT replace it.
Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
MCShield, has been designed as a lightweight scanner that’s smart enough to catch even new worms and work in fully automatic removal mode.
It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
Temp File Cleaner aka TFC by OldTimer
TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.
• How to protect yourself?
Adjust avast! to target PUP software using settings.
avast! Software Updater. Run avast!, click on Tools > Software Updater.
For security reasons, make sure you do update your browser(s), Java, Flash Player, and basically every software you use often.
avast! Browser Cleanup. Run avast!, click on Tools > BrowserCleanup.
Browser Cleanup tool is an integrated tool in avast! AV that allows you the control on browsers unwanted addons.
avast! Malware Scan. Run avast!, click on Scan and preform QuickScan by clicking on Start button.
Every once in a whilere, it’s recommended to preform virus scan with avast! 2014.
