Here's the logs

[BloodyMercy]

To start I believe ComboFix did the trick performance is barely subpar now...

ComboFix 11-05-06.03 - Matt 05/07/2011 10:33:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1409 [GMT -6:00]
Running from: c:\av stuff\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 16:49 . 2011-05-07 16:54 -------- d-----w- c:\users\Matt\AppData\Local\temp
2011-05-07 16:49 . 2011-05-07 16:49 -------- d-----w- c:\users\Mcx1-MILLERFAMILYPC\AppData\Local\temp
2011-05-07 16:49 . 2011-05-07 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 16:49 . 2011-05-07 16:49 -------- d-----w- c:\users\Rachelle\AppData\Local\temp
2011-05-07 16:11 . 2011-05-07 16:16 -------- d-----w- C:\32788R22FWJFW
2011-05-07 15:39 . 2011-05-07 15:50 -------- d-----w- C:\AV Stuff
2011-05-07 03:15 . 2011-05-07 03:15 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-07 03:15 . 2011-05-07 03:15 -------- d-----w- c:\windows\system32\log
2011-05-04 20:03 . 2011-05-07 16:31 -------- d-----w- c:\users\Raya
2011-04-30 17:49 . 2011-04-30 17:49 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-27 20:26 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 20:25 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-04-27 20:25 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 20:25 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 20:25 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 20:25 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 20:25 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 20:25 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 20:25 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 20:25 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 20:25 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 20:24 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2011-04-14 09:07 . 2011-04-14 09:10 -------- d-----w- C:\5fd82fde9e25584e468d260c0386ea7f
2011-04-14 04:58 . 2011-04-14 04:58 -------- d-----w- c:\program files\iPod
2011-04-13 15:40 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 15:40 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 15:40 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 15:40 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 15:40 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 15:40 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 15:40 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 15:40 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 04:34 . 2011-04-13 04:34 3707144 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.0.614.0oemBingBarSetup-Partner.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 00:54 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-09 22:43 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 14:27 . 2011-02-23 14:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 14:27 . 2011-02-23 14:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 14:27 . 2011-02-23 14:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 14:27 . 2011-02-23 14:27 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 14:27 . 2011-02-23 14:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 14:27 . 2011-02-23 14:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 14:27 . 2011-02-23 14:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 14:27 . 2011-02-23 14:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 14:27 . 2011-02-23 14:27 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-02-23 14:27 . 2011-02-23 14:27 10468360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 14:27 . 2011-02-23 14:27 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-23 14:27 . 2010-04-04 04:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 14:27 . 2009-07-13 22:09 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-19 06:30 . 2011-03-08 18:40 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-08 18:40 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-08 18:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 23:36 . 2011-02-18 23:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-05 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3488713131-3594135876-2419172442-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3488713131-3594135876-2419172442-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-07 11:12:49
ComboFix-quarantined-files.txt 2011-05-07 17:12
.
Pre-Run: 167,502,532,608 bytes free
Post-Run: 167,986,425,856 bytes free
.
- - End Of File - - 33CAE9025076D3A59BD8604D5F4BB0C6


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6528

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

5/7/2011 3:00:36 PM
mbam-log-2011-05-07 (15-00-36).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 429874
Time elapsed: 1 hour(s), 42 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:34:02 PM, on 5/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBVAFMAUgAtAE4AMABUADAASgAtAEoARQAzAEIAUwAtADgAWgBOAEEAUgAtAFkAMwA0ADQATQAtADgANwAyADQAWQA"&"inst=NwA2AC0ANQAxADAANwA3ADcANwA3ADYALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA"&"prod=92"&"ver=9.0.894
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{85d0c14c-5ed8-4df7-b68f-0d4214b3cc69}
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6387 bytes

So let's see what yall think

 

[KSoD]

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start AVG - Uninstallation survey BUADAASgAtAEoARQAzAEIAUw AtADgAWgBOAEEAUgAtAFkAMwA0ADQATQAtADgANwAyADQAWQA" &"inst=NwA2AC0ANQAxADAANwA3ADcANwA3ADYALQBYAE8AMwA 2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArA DkA"&"prod=92"&"ver=9.0.894

AVG Special Feedback. Yeah that doesnt sound right.

O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{85d0c14c-5ed8-4df7-b68f-0d4214b3cc69}

Do you know of this BrandClearStubs?

O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

I am worried that you have something set to delete a Registry Entry. That is never good.

Other than these 3 items, the logs look good. ComboFix did find and delete a few things.

 

[BloodyMercy]

I have no idea what BrandClearStubs is and could the AVG deal be because I had to uninstall to run ComboFix? As far as a registry set to delete.. How could this happen is this a program or a setting? Or is it just that vague that it could be anything?

Update: A brief google on the BrandClearStubs comes back as a legit "Microsoft module provided as part of the Windows host process (rundll32)"

 

[KSoD]

I dont buy it. I know all about Microsoft Modules and I have never heard of BrandClearStubs in my 16+ years of using Windows or its hook to rundll32. That makes no sense cause that is only used when you have to re-register a dll that has misfunctioned. So I dont buy the google results that it is legit. I call BS and say that is an infection itself.

The AVG thing could be from the removal. I have never used AVG so I never seen anything like that before.

As for the removal, that isnt normal behavior. It had to of been done by a program or something.

 

[BloodyMercy]

Sound good to me, that's why I come here.. You definitely can't elieve everything on the internet, I would have to say your 16 years trumps google anyday...lol. So I will remove that and I don't imagine removing the AVG thing will affect anything important so will do that as well. As far as the registry removal issue, is that something that I need to look for as far as continuing to occur? Or just something you think happened once?
Thanks for al your help KSoD you've been awesome.. Judging by your position you probably already knew that though!

Update: So I ran a new scan and the brandstubs and the "autodelete" commands arent there anymore, AVG won't go away. Should any of that be a concern? I'm going to take it back online and see if maybe the AVG wont go away because it didn't properly execute?

 

[KSoD]

Well I would remove that and see if it comes back. If it does then it is something that will have to be investigated a bit more. But if not then I would chalk it up to a 1 time infection.

The AVG thing, that one you might have to manually take out. If your not 100% sure of doing this yourself, leave it. It isnt going to harm your system.

 

[BloodyMercy]

So AVG removed just fine manually, but those other infections aren't there anymore. System is slightly more stable but not 100%. Any suggestions?

 

[KSoD]

Well what is going on that the machine is not 100%? Have you run scans again?

 

[BloodyMercy]

Same old stuff just quicker, MSIE9 now and all other programs were running slow to the point of a few (Not Responding) before info would actually show. I've ran HiJackThis Several times now cmparing logs against the one I posted, all original anomalies are no longer present and there aren't any new entries either. I hadn't used combofix again, but I just ran that and performance is now back to where it should be. I think it may have found it all this time. After ComboFix ran I ran MBAM and it found nothing and HiJackThis still looks the same. Maye the second swipe from ComboFix got it... There is a quarantine file in the log; I can't find the actual .txt on my HDD though. So at this point I think I may be good, after the last combofix I hooked up to my LAN and that is where issues began, so I'll go online again and see what she does. Only things on the LAN are the problem child (pc) and my Xbox, PS3, Wii , and TV so I doubt any of those contain an infection.

 

[BloodyMercy]

So taking it online slows it way down HiJack this isn't showing anything that wasn't already there though, any ideas?