EPICTORY, other malicious dll

Viruses and worms
1

Avast keeps blocking (successfully it says) Epictory and other dll’s. I am not familiar with this and wondering if I am infected or is AVAST simply doing its’ job? I’m not getting blasted with ads on web pages, which I understand is a symptom of Epictory infection.

2

First I need to look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

3

Files attached.

4

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0Azzzzzz0DtDyEtAyDtBtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDtDyE0C0CtA0A0BtGtByBzzzztGyDzy0EyEtGyD0EtBtAtGtD0F0F0F0AtAtAzyyE0C0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtBzy0CtCtBtGtCzyyDyCtGyEtB0CtCtG0B0AyEtAtGyC0E0E0A0E0F0AtCyE0C0CtC2Q&cr=399011724&ir= SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ie&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0Azzzzzz0DtDyEtAyDtBtN0D0Tzu0StCtDtBtCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyByByE0B0B0DyBtG0Ezy0CyDtG0E0F0FyBtGtA0EyByBtGtCtByCyEyEyC0AyD0E0BtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtBzy0CtCtBtGtCzyyDyCtGyEtB0CtCtG0B0AyEtAtGyC0E0E0A0E0F0AtCyE0C0CtC2Q&cr=1686305595&ir= SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_44_ff&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0Azzzzzz0DtDyEtAyDtBtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDtDyE0C0CtA0A0BtGtByBzzzztGyDzy0EyEtGyD0EtBtAtGtD0F0F0F0AtAtAzyyE0C0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyDtBzy0CtCtBtGtCzyyDyCtGyEtB0CtCtG0B0AyEtAtGyC0E0E0A0E0F0AtCyE0C0CtC2Q&cr=399011724&ir= Toolbar: HKU\S-1-5-21-2484192308-3937484404-749653409-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2484192308-3937484404-749653409-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File 2015-01-13 19:32 - 2015-02-05 17:05 - 00000000 ____D () C:\ProgramData\de9f95e70000392c 2015-01-13 19:30 - 2015-01-13 19:32 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.29 2015-01-13 19:30 - 2015-01-13 19:30 - 00000000 ____D () C:\Users\Terry\Documents\Optimizer Pro 2015-02-07 14:04 - 2014-11-04 19:42 - 00000000 ____D () C:\Users\Terry\AppData\Local\D65FE293-26EF-44FC-9367-EBC02BB98F29.aplzod 2015-02-06 14:38 - 2014-10-17 21:12 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\UpdaterEX Task: {783F2304-0F9A-4B78-9D41-620FF4BEEE67} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Terry\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

5

Thanks! Yes, it worked. I really appreciate your help.

6

The alerts you were receiving were because Avast did not like windows updates for some reason, were you updating at the time