start
createrestorepoint:
HKU\S-1-5-21-230776666-1096569767-3842688382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...J58TXX63LUCJ58T
SearchScopes: HKU\S-1-5-21-230776666-1096569767-3842688382-1001 -> DefaultScope {89F171F2-F12B-487E-96A1-D75987DAB2F1} URL =
SearchScopes: HKU\S-1-5-21-230776666-1096569767-3842688382-1001 -> {89F171F2-F12B-487E-96A1-D75987DAB2F1} URL =
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IntelHaxm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpioclx.sys:$CmdTcID
AlternateDataStreams: C:\Users\Andrea\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Andrea\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Andrea\Desktop\FRST.exe:$CmdZnID
emptytemp:
end