I ran the 4 anti-spyware/malware programs and cleaned up what they found. However looking at the registry in the ProfileList I see 6 entries in the profileimagepath. I took a look at my other computer to see compare the differences (Both windows 7, first with prob is a 32bit Professional, second is a 64bit Home Premium) and they are as follows:
Win7 Professional 32bit;
%systemroot%\system32\config\systemprofile , C:\Windows\ServiceProfiles\LocalService , C:\Windows\ServiceProfiles\NetworkService , C:\Users\*my account* , C:\Users\*mothers account* , and C:\Users\Administrator .
Win7 Home Premium 64bit;
%systemroot%\system32\config\systemprofile , C:\Windows\ServiceProfiles\LocalService , C:\Windows\ServiceProfiles\NetworkService , C:\Users\*my account* , C:\Users\*account the store put on as it was a floor model when purchase* , and C:\Users\DefaultAppPool .
I exported the ProfileList to a text file because I'm not sure if the other data is relivent or not, however if needed i can dropbox/link the text file here for viewing. I'd also like to completely remove the account the store put on but thats another problem and not critical at the moment.
Also worth noting is when I went to view the registry on the win7 32bit machine the explorer.exe crashed, which isn't normal, and I'm thinking/wondering if its related. I looked at my event logs and saw their was a few special logins today after I had ran the 4 malware removal software.
I took the liberty of saving the most recent event logs from Applications, Security, and Audit beginning from the last startup (both table data and detail data) but the text is quite long and I'm not sure if they would be of use. Should I dropbox the event log text files and link them here for viewing?
