Code:
:Services
:OTL
MOD - [2014/04/05 21:27:50 | 001,157,120 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ssl.pyd
MOD - [2014/04/05 21:27:50 | 000,811,008 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._windows_.pyd
MOD - [2014/04/05 21:27:50 | 000,805,888 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._gdi_.pyd
MOD - [2014/04/05 21:27:50 | 000,712,192 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_hashlib.pyd
MOD - [2014/04/05 21:27:50 | 000,110,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pywintypes27.dll
MOD - [2014/04/05 21:27:50 | 000,070,656 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._html2.pyd
MOD - [2014/04/05 21:27:50 | 000,026,624 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_multiprocessing.pyd
MOD - [2014/04/05 21:27:50 | 000,024,064 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pipe.pyd
MOD - [2014/04/05 21:27:49 | 001,062,400 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._controls_.pyd
MOD - [2014/04/05 21:27:49 | 000,686,080 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\unicodedata.pyd
MOD - [2014/04/05 21:27:49 | 000,127,488 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pyexpat.pyd
MOD - [2014/04/05 21:27:49 | 000,087,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_ctypes.pyd
MOD - [2014/04/05 21:27:49 | 000,038,912 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32inet.pyd
MOD - [2014/04/05 21:27:49 | 000,035,840 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32process.pyd
MOD - [2014/04/05 21:27:49 | 000,025,600 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32pdh.pyd
MOD - [2014/04/05 21:27:49 | 000,018,432 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32event.pyd
MOD - [2014/04/05 21:27:49 | 000,017,408 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32profile.pyd
MOD - [2014/04/05 21:27:49 | 000,010,240 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\select.pyd
MOD - [2014/04/05 21:27:48 | 001,175,040 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._core_.pyd
MOD - [2014/04/05 21:27:48 | 000,735,232 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._misc_.pyd
MOD - [2014/04/05 21:27:48 | 000,557,056 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pysqlite2._sqlite.pyd
MOD - [2014/04/05 21:27:48 | 000,525,640 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/05 21:27:48 | 000,364,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\pythoncom27.dll
MOD - [2014/04/05 21:27:48 | 000,320,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32com.shell.shell.pyd
MOD - [2014/04/05 21:27:48 | 000,128,512 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_elementtree.pyd
MOD - [2014/04/05 21:27:48 | 000,122,368 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\wx._wizard.pyd
MOD - [2014/04/05 21:27:48 | 000,119,808 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32file.pyd
MOD - [2014/04/05 21:27:48 | 000,108,544 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32security.pyd
MOD - [2014/04/05 21:27:48 | 000,098,816 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32api.pyd
MOD - [2014/04/05 21:27:48 | 000,044,032 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\_socket.pyd
MOD - [2014/04/05 21:27:48 | 000,022,528 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32ts.pyd
MOD - [2014/04/05 21:27:48 | 000,011,264 | ---- | M] () -- C:\Users\Nadia\AppData\Local\Temp\_MEI3002\win32crypt.pyd
IE:64bit: - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKU\S-1-5-21-2536830986-821511902-3680961864-1001..\Run: [AD2A7E21FB3C3DB169EC5EE6823D4B475C9622BD._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[2013/03/16 20:36:13 | 000,003,584 | ---- | C] () -- C:\Users\Nadia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Stay With You.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\PG[18NOV2009-103700]_converted.mpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\paypal.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Insurance Schedule Insured.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\grattan.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\decree absolute.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Council Tax - Worrell.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\birth cert.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Documents\Barclaycard Statement.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\Letter head DP.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Nadia\Desktop\businesscard-001.jpg:Roxio EMC Stream
@Alternate Data Stream - 195 bytes -> C:\Users\Nadia\SkyDrive.old:ms-properties
@Alternate Data Stream - 179 bytes -> C:\Users\Nadia\SkyDrive:ms-properties
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]