CreateRestorePoint: HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\snPFEDNNTEgsMAB').CuXaTa))); HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\CurrentVersion\Windows: [Load] C:\ProgramData\msoeius.exe <===== ATTENTION Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk [2015-06-09] ShortcutTarget: x.lnk -> C:\Users\Hira\AppData\Roaming\obhqajsqay.exe (Kareo) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaio-online.sony.com/ HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms} HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fistart.webssearches.com%2F%3Ftype%3Dhp%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX&OSP=http%3A%2F%2Fistart.webssearches.com%2Fweb%2F%3Ftype%3Dds%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX%26q%3D%7BsearchTerms%7D SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {14CFBBBB-B7F9-4772-914A-7E01770EBB15} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {F9CA08BA-76E6-413E-BB00-3BE479931E6A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959 CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX","hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX" CHR Extension: (Cyx) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2015-06-25] S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X] 2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\KOX64DMK.exe 2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe 2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\V42B9756.exe 2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe 2015-11-14 19:47 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\GPY75ENR.exe 2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe 2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\09IRPY7M.exe 2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe 2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe 2015-11-14 19:45 - 2015-11-14 19:45 - 01415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe 2015-11-14 19:42 - 2015-11-14 19:42 - 01415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe 2015-11-14 19:40 - 2015-11-14 19:40 - 01415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe 2015-11-14 19:39 - 2015-11-14 19:39 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe 2015-11-14 19:38 - 2015-11-14 19:38 - 01415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe 2015-11-14 19:35 - 2015-11-14 19:35 - 01415680 _____ (wj32) C:\Program Files\US1A8648.exe 2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\US1A8HKU.exe 2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\789LMNO9.exe 2015-11-14 19:32 - 2015-11-14 19:32 - 01415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe 2015-11-14 19:22 - 2015-11-14 19:22 - 01415680 _____ (wj32) C:\Program Files\MF81UNGT.exe 2015-11-09 23:08 - 2015-11-09 23:08 - 01415680 _____ (wj32) C:\Program Files\NLU31AJN.exe 2015-11-08 23:33 - 2015-11-08 23:33 - 01415680 _____ (wj32) C:\Program Files\1UNG92V8.exe 2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\PY7GENWB.exe 2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe 2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe 2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe 2015-11-08 23:30 - 2015-11-08 23:30 - 01415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe 2015-11-08 23:29 - 2015-11-08 23:29 - 01415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe 2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\NW53CLUY.exe 2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe 2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\81UNG927.exe 2015-11-08 23:27 - 2015-11-08 23:27 - 01415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe 2015-11-08 23:24 - 2015-11-08 23:24 - 01415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe 2015-11-08 23:20 - 2015-11-08 23:20 - 01415680 _____ (wj32) C:\Program Files\DBKTR09D.exe 2015-11-08 23:09 - 2015-11-08 23:09 - 01415680 _____ (wj32) C:\Program Files\53CLJS15.exe 2015-06-09 21:00 - 2015-06-09 21:01 - 88502272 __RSH (Kareo) C:\Users\Hira\AppData\Roaming\obhqajsqay.exe 2011-03-07 17:01 - 2010-11-20 17:17 - 91063680 ___SH () C:\ProgramData\msoeius.exe R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] () Task: {249CAB1C-13D1-46C3-85B7-315466EBDB60} - System32\Tasks\{D56EC534-2865-4AA1-AFB1-DA90584DA4F4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe" Task: {4A266FD7-38F5-4E2C-8215-F54CC7824E36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-29] (Avast Software s.r.o.) Task: {7781FDAA-6E38-4394-B7F3-81FC43625AFD} - System32\Tasks\{343E75AD-D7F0-40D9-9028-C92B7BF89CF9} => pcalua.exe -a C:\Users\adnan-shaheen\Documents\Downloads\winsdk_web.exe -d C:\Users\adnan-shaheen\Documents\Downloads C:\Program Files (x86)\MiuiTab DeleteKey: HKCU\Software\Classes\snPFEDNNTEgsMAB Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers