HKLM\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
HKLM-x32\...\Runonce: [] - [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\user\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-11] (Smartbar)
HKCU\...\Run: [MICROS~1] - C:\Users\user\AppData\Local\Temp\MICROS~1.VBS [152739 2013-09-25] () <===== ATTENTION
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS ()
URLSearchHook: HKLM-x32 - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
URLSearchHook: HKCU - (No Name) - {88ac3cb6-596b-4217-964c-b6757ef9602d} - No File
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
SearchScopes: HKCU - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.ividi....&affilt=3&r=632
SearchScopes: HKCU - {C8D40D51-543F-4D33-9583-9229A879D2FA} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweeti...5-78E3B5573047}
BHO-x32: Setup1 - {11111111-1111-1111-1111-110111091189} - C:\Program Files (x86)\Setup1\Setup1.dll (Fatmir Miftari)
BHO-x32: hosts - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll (Irismedia)
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
FF DefaultSearchEngine: Search 
FF SelectedSearchEngine: Search 
FF Homepage: hxxp://search.ividi.org/?src=tbhp&id=a247b50d00000000000078e3b5573047&affilt=3
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\express-files-customized-web-search.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\searchplugins\ividi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: hosts - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
FF Extension: Setup1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\crossriderapp10989@crossrider.com
FF Extension: gophoto - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\gophoto@gophoto.it.xpi
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k8gw6gx0.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [808728 2013-11-29] ()
2013-12-03 10:18 - 2013-12-03 10:18 - 00000000 ____D C:\Program Files\KMSpico
2013-11-28 21:33 - 2013-12-03 13:22 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_user.job
2013-11-28 21:33 - 2013-12-02 21:37 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_user.job
2013-11-28 21:33 - 2013-12-02 19:35 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_user.job
2013-12-03 15:30 - 2013-06-15 09:01 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3639331311-3520423502-2070970505-1001UA.job
2013-12-03 10:18 - 2013-12-03 10:18 - 00003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Users\user\AppData\Local\Temp\BI_RunOnce (1).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce (2).exe
C:\Users\user\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\user\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\user\AppData\Local\Temp\PidGenX.dll
C:\Users\user\AppData\Local\Temp\MICROS~1.VBS
C:\Users\user\AppData\Local\Smartbar
C:\Program Files (x86)\FilesFrog Update Checker
C:\Program Files (x86)\Setup1
C:\Users\user\AppData\Roaming\BabMaint.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MICROS~1.VBS
G:\MICROS~1.VBS
C:\Program Files (x86)\hosts
C:\Program Files (x86)\Surf Canyon
C:\Program Files (x86)\SweetIM
Task: {76E083D8-0334-4BEB-A6D5-CD965A6232E4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-29] ()
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\Users\user\Desktop\CleanTemp.bat:AFP_Resource