Non stopping alerte on Avast and Malwarbytes

Hello, thanks in advance for your attention.

It seems that my rundll32.exe file has been infected. I recently receive a lot of messages from malware Bytes and Avast.

Following you will find the files from farbar recovery, malware bytes and aswMBR.

Here are the type of message that bring my attention to the problem, I just have a message saying that this ip as been blocked every 10minutes since yesterday:

Malwarebytes

-Log Details-
Protection Event Date: 12/8/16
Protection Event Time: 11:45 PM
Logfile:
Administrator: Yes

-Software Information-
Version:
Components Version:
Update Package Version:
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: aresoslave.xyz
IP Address: 217.23.6.100
Port: [40977]
Type: Outbound
File: C:\Windows\System32\rundll32.exe

(end)
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/8/16
Protection Event Time: 11:45 PM
Logfile:
Administrator: Yes

-Software Information-
Version:
Components Version:
Update Package Version:
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: aresoslave.xyz
IP Address: 217.23.6.100
Port: [40977]
Type: Outbound
File: C:\Windows\System32\rundll32.exe

(end)

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Hola™ 1.21.641 - Better Internet

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

Also, please tell me how the system is running now. Thank you.

Hi, thanks a lot for your reply. Malwarbytes had put in quarantaine a file from hola.exe after that the messages were stopping to pop. I now did uninstall hola.exe and closed malwarbytes and everything seems fine still.

Here is the logfile.

Thanks again

That is good to know.

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[
]Activate UAC
[]Create registry backup
[
]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

Hi, I have the same problem, the rundll32 try to access to the aresoslave.xyz site.
Can anyone help me on this issue? Thank you!

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/19/16
Protection Event Time: 12:11 AM
Logfile:
Administrator: Yes

-Software Information-
Version:
Components Version:
Update Package Version:
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: aresoslave.xyz
IP Address: 217.23.6.100
Port: [57373]
Type: Outbound
File: C:\Windows\System32\rundll32.exe

(end)

Hi, I have the same problem, the rundll32 try to access to the aresoslave.xyz site. Can anyone help me on this issue? Thank you!
Yes we can ... start your own topic and follow instructions here > https://forum.avast.com/index.php?topic=53253.0