(LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {096eaa51-0d84-11e9-8286-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71144e2f-6179-11e9-829c-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71145190-6179-11e9-829c-5c93a27a9186} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71145b2f-6179-11e9-829c-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe"
Task: {E7872C45-D201-4AF3-9705-3115CB2C7B24} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
C:\Program Files (x86)\MagicPlus
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: