CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1725683666-3364603386-3965068972-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1725683666-3364603386-3965068972-1001\...\MountPoints2: E - "E:\setup.exe" 
SearchScopes: HKU\S-1-5-21-1725683666-3364603386-3965068972-1001 -> DefaultScope {4AB29D14-53EF-4AE3-9D9F-FB3B9EEBEAF5} URL = 
2017-04-25 15:44 - 2014-11-26 22:48 - 1055936 _____ (Adobe) C:\Users\Ninko Davson\AppData\Local\Temp\228488-676829-adobe-flash-player.exe
2017-04-25 07:27 - 2016-02-22 22:10 - 0066496 _____ (Autodesk, Inc.) C:\Users\Ninko Davson\AppData\Local\Temp\AcDeltree.exe
2013-04-15 10:50 - 2013-04-15 10:50 - 2754072 _____ (Power Software Ltd) C:\Users\Ninko Davson\AppData\Local\Temp\nsf8F23.tmp.exe
2017-04-14 22:14 - 2017-04-14 22:16 - 58523032 _____ (SweetLabs,Inc.) C:\Users\Ninko Davson\AppData\Local\Temp\oct39C.tmp.exe
2013-01-25 15:09 - 2013-01-25 15:09 - 2940496 _____ () C:\Users\Ninko Davson\AppData\Local\Temp\safeguard.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: