Unfortunately Avast is getting a bit paranoid there, as they are files that have the characteristics of rootkits but are not as such. They are part of the Lenovo restore system.. Set Avast to ignore them
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer Open
notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-602162358-1757981266-1417001333-1003\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
URLSearchHook: [S-1-5-21-602162358-1757981266-1417001333-1003] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
Toolbar: HKU\S-1-5-21-602162358-1757981266-1417001333-1003 -> No Name - {72702944-7C43-428D-96FA-BC4D8F5AE290} - No File
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [647856 2015-08-13] (Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
S2 iSafeService; no ImagePath
S1 iSafeKrnl; no ImagePath
S1 iSafeKrnlKit; no ImagePath
S1 iSafeKrnlMon; no ImagePath
S1 iSafeKrnlR3; no ImagePath
S1 sbaphd; system32\drivers\sbaphd.sys [X]
S2 sbapifs; system32\drivers\sbapifs.sys [X]
2015-11-07 01:48 - 2015-02-20 19:48 - 00000410 _____ C:\WINDOWS\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\T60\APPLIC~1\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files\WinZipper
C:\Program Files\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as
fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THENPlease download
AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.