CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [1853556740] => C:\ProgramData\msbogj.exe [76288 2015-06-16] ()
C:\ProgramData\msbogj.exe
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [YbPack] => regsvr32.exe C:\Users\user\AppData\Local\YbPack\comNetengine.dll <===== ATTENTION
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [xzhw] => rundll32 "C:\Users\user\AppData\Roaming\scrrunp.dll",obtmokiq
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [FireFoxUpdServeisSystem] => C:\Users\user\AppData\Roaming\FireFoxUpdServeis\Microsoft_raletarune@.exe [66560 2015-09-02] ()
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [GoogleUpdate] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] ()
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Update] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] ()
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-09-03 01:07 - 2015-09-03 01:07 - 00453120 __RSH C:\Users\user\AppData\Roaming\scrrunp.dll
2015-09-02 05:22 - 2015-09-02 05:22 - 00000000 ____D C:\Users\user\AppData\Roaming\FireFoxUpdServeis
2015-08-30 10:39 - 2015-09-03 01:20 - 00000712 ____H C:\ProgramData\@system.temp
2015-08-30 10:38 - 2015-09-04 06:31 - 00000000 ____D C:\Users\user\AppData\Roaming\GoogleUpdate
2015-08-30 10:38 - 2015-09-03 01:20 - 00000448 ____H C:\ProgramData\@system3.att
2015-08-18 23:51 - 2015-08-18 23:56 - 00000000 ____D C:\ProgramData\pauhu
2015-08-14 18:15 - 2015-09-02 05:12 - 00000000 ____D C:\Users\user\AppData\Local\YbPack
2015-08-14 17:25 - 2015-09-03 15:49 - 00000000 ____D C:\Users\user\AppData\Local\Ufrmedia
2015-08-30 10:38 - 2015-08-30 10:38 - 00000464 ____H C:\Users\user\AppData\Roaming\½Ó
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
Folder: C:\Windows\wb
Folder: C:\AdwCleaner 
EmptyTemp:
CMD: bitsadmin /reset /allusers
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F