:OTL
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2018-12-08 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\AIMP
[2016-05-17 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\AIMP3
[2014-01-12 15:28:32 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\AMPSoft
[2016-07-03 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Atlantis
[2018-12-26 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Audacity
[2018-12-04 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\BatteryCare
[2015-07-10 18:21:02 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Canon
[2017-09-15 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Daum
[2014-11-14 19:17:23 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\DiskDefrag
[2015-07-18 18:00:29 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Downloaded Installations
[2018-11-19 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Easeware
[2015-07-18 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\FileOpen
[2015-02-13 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\GHISLER
[2018-12-08 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\GlarySoft
[2015-09-04 18:46:37 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\GoldWave
[2015-03-20 11:39:45 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Hard Disk Sentinel
[2017-08-27 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\HD Tune Pro
[2018-11-14 19:03:06 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\IObit
[2017-04-06 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\JGsoft
[2014-09-02 17:32:54 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\LOVE
[2014-05-03 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\MPC-HC
[2017-04-05 17:12:01 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\mpv
[2014-01-12 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Netscape
[2015-07-18 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Nitro
[2015-07-18 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Nitro PDF
[2014-01-12 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\PearlMountain
[2014-01-12 15:06:38 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Photodex
[2015-09-27 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\PhotoFiltre 7
[2015-11-10 17:34:25 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\PhotoFiltre Studio X
[2017-04-06 16:44:33 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Q-Dir
[2014-01-12 14:54:13 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Serif
[2019-04-10 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\SoftGrid Client
[2015-06-30 17:31:43 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Softland
[2014-04-21 11:02:24 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\SumatraPDF
[2015-10-09 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\ThePluginSite
[2016-08-29 16:38:02 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\Thinstall
[2014-01-03 15:45:35 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\TP
[2016-09-13 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\WiseUpdate
[2019-05-17 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\XnConvert
[2019-05-16 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\XnViewMP
[2019-05-23 14:34:34 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\XYplorer
[2016-06-18 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\Arie Spaan\AppData\Roaming\{90140011-0066-0413-0000-0000000FF1CE}
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B755D674
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\ProgramData\TEMP:1AAB2E68
C:\ProgramData\TEMP:B755D674
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[createrestorepoint]
[reboot]