Steven your one shows one run key and the bad folder. Randomly named but very easy to detect. It doesn't come with ZA or any other nasty stuff
O4 - HKU\S-1-5-21-790779079-295387617-2750372325-1000..\Run: [Hazyw] C:\Users\Steven Winderlich\AppData\Roaming\Onneco\hazyw.exe (Alamanez)
[2013.10.21 21:19:49 | 000,000,000 | ---D | C] -- C:\Users\Steven Winderlich\AppData\Roaming\Onneco
Alan you have that plus some adware rubbish as well
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O4 - HKU\S-1-5-21-65408486-2122880362-1486629332-1001..\Run: [Hawa] C:\Users\Infected\AppData\Roaming\Varo\hawa.exe (Alamanez)
[2013/10/14 18:38:12 | 000,001,166 | ---- | M] () -- C:\END
C:\Users\Infected\AppData\Roaming\Varo