start
HKU\S-1-5-21-2015482040-3499117087-3282767573-1000\...\RunOnce: [Adobe Speed Launcher] => 1418739537
SearchScopes: HKLM -> DefaultScope {2F7DC12F-CD1C-402D-BA19-B947D2109107} URL = http://Vosteran.com/...=1540966638&ir=
SearchScopes: HKLM -> {2F7DC12F-CD1C-402D-BA19-B947D2109107} URL = http://Vosteran.com/...=1540966638&ir=
SearchScopes: HKU\S-1-5-21-2015482040-3499117087-3282767573-1000 -> {2F7DC12F-CD1C-402D-BA19-B947D2109107} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2015482040-3499117087-3282767573-1000 -> {2F7DC12F-CD1C-402D-BA19-B947D2109107} URL =
SearchScopes: HKU\S-1-5-21-2015482040-3499117087-3282767573-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
FF SelectedSearchEngine: Vosteran
FF user.js: detected! => C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\le6tssro.default\user.js
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_coinis_14_50_ie&cd=2XzuyEtN2Y1L1QzutAyEtCyB0E0B0CtAtDyEyB0Dzz0CtD0CtN0D0Tzu0StCtDyByCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0ByDzyzyyB0DtG0B0FyEtCtGzy0A0EtAtGzz0AyE0EtGyCtDyB0EyEzz0E0ByE0E0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByB0DyByEtByD0DtGyEzzyCyCtGyEyDyB0AtG0B0FzztCtG0DyEzy0FtAzytD0E0EyEtD0B2Q&cr=1540966638&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_50_ie&cd=2XzuyEtN2Y1L1QzutAyEtCyB0E0B0CtAtDyEyB0Dzz0CtD0CtN0D0Tzu0StCtDyByCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCzy0ByDzyzyyB0DtG0B0FyEtCtGzy0A0EtAtGzz0AyE0EtGyCtDyB0EyEzz0E0ByE0E0EtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByB0DyByEtByD0DtGyEzzyCyCtGyEyDyB0AtG0B0FzztCtG0DyEzy0FtAzytD0E0EyEtD0B2Q&cr=1540966638&ir=", "hxxp://www.google.com/"
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-2015482040-3499117087-3282767573-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:262
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3246
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3347
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:98
closeprocesses:
emptytemp:
end