go.wyvdeo - infection - Need Help

Viruses and worms
1

Ran MAM - no threats found. Attached log.
Ran scan with FRST - logs attached.
Ran aswMBR - received error - attached screen print.

2

First time user for the forum, 1 question…

I understand the holidays and such will delay answers this week - but how will I know if someone has been able to start looking at my issue?

I included all of the logs, following the sticky…

thnx for all of your help,

tom

3

Still waiting - if I don’t hear back from anyone by today, I will move forward trying to get rid of it by other means.

Sorry, can’t wait any longer…

4

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1723420545-2717299453-1083528964-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50673;https=127.0.0.1:50673 CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutCyE0D0A0EzytAzytDzzyB0FtA0FyByEtN0D0Tzu0StCtDtAtBtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyByC0C0EtBtBtBtBtGzytCyBzytGyCtB0FzztGyDyBtC0CtGyEyEtD0F0D0C0Fzz0EyEyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyCtAyDyE0CtB0CtG0D0E0DyEtGyEyBtD0AtG0A0BtCzztGzy0DyD0FzztCtDtC0EyEyEyE2Q&cr=706906331&ir= CHR HKU\S-1-5-21-1723420545-2717299453-1083528964-1000\...\Chrome\Extension: [ahgdclgdhfeingghldkedleghekbfhef] - No Path U3 Shdrvrqbs; No ImagePath CustomCLSID: HKU\S-1-5-21-1723420545-2717299453-1083528964-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-1723420545-2717299453-1083528964-1000_Classes\CLSID\{CE38C5EA-EA8D-11DE-82CF-001731059680}\InprocServer32 -> C:\Users\PaskoTo\AppData\Local\PKI Client\4\64\nptblive-4-x86_64.dll No File EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that