text C:\Windows\System32\svchost.exe kernel32.dll!LoadLibraryExA 764A94B4 5 Bytes JMP 00050FC0 text C:\Windows\System32\svchost.exe kernel32.dll!LoadLibraryW 764A9362 5 Bytes JMP 0005006C text C:\Windows\System32\svchost.exe kernel32.dll!LoadLibraryExW 764A9109 5 Bytes JMP 00050FA3 text C:\Windows\System32\svchost.exe kernel32.dll!CreatePipe 764A8E6E 5 Bytes JMP 0005008E text C:\Windows\System32\svchost.exe kernel32.dll!CreateNamedPipeW 76485C0C 5 Bytes JMP 0005004A text C:\Windows\System32\svchost.exe kernel32.dll!CreateNamedPipeA 76482EF5 5 Bytes JMP 0005002F text C:\Windows\System32\svchost.exe kernel32.dll!VirtualProtect 76481DC3 5 Bytes JMP 00050F92 text C:\Windows\System32\svchost.exe kernel32.dll!CreateProcessA 76481C28 5 Bytes JMP 000500CB text C:\Windows\System32\svchost.exe kernel32.dll!CreateProcessW 76481BF3 5 Bytes JMP 00050F2A text C:\Windows\System32\svchost.exe kernel32.dll!GetStartupInfoA 764819C9 5 Bytes JMP 0005009F text C:\Windows\System32\svchost.exe kernel32.dll!GetStartupInfoW 76481929 5 Bytes JMP 00050F59 text C:\Windows\System32\svchost.exe ntdll.dll!NtProtectVirtualMemory 77BD4D34 5 Bytes JMP 000B0FD4 text C:\Windows\System32\svchost.exe ntdll.dll!NtCreateProcess 77BD4494 5 Bytes JMP 000B0FAF text C:\Windows\System32\svchost.exe ntdll.dll!NtCreateFile 77BD43D4 5 Bytes JMP 000B0FE5 text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 826577BD 5 Bytes JMP 82A360D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 826574FA 7 Bytes JMP 82A360BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 82637DA3 5 Bytes JMP 82A360E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) text ntkrnlpa.exe!ZwYieldExecution 824729D2 5 Bytes JMP 82A360A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Running: y5f8w0qg.exe Driver: C:\Users\Trevor\AppData\Local\Temp\ufdiipob.sysĬode \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection Ĭode \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess Ĭode \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection Ĭode \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution Ĭode \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Windows Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500620AS rev.DE13 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c54d9f8-09c1-4c04-aa57-1c76128b1bf0 (Trojan.FakeAlert) -> Value: 5c54d9f8-09c1-4c04-aa57-1c76128b1bf0 -> Quarantined and deleted successfully.Ĭ:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.Ĭ:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.Ĭ:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.Ĭ:\program files\clickpotatolite\bin\10.0.536.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.Ĭ:\program files\mozilla firefox\extensions\\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Value: Cognac -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. If I closed your topic and you need it to be reopened, simply PM me. If you need more time, simply let me know. I close my topics if you have not replied in 5 days.If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.Once the computer is totally clean, I'll certainly let you know. Even if your computer appears to act better, it may still be infected. The cleaning process, once started, has to be completed.Keep updating me regarding your computer behavior, good, or bad.Never run more than one scan at a time.Please refrain from running tools or applying updates other than those I suggest.If you're stuck, or you're not sure about certain step, always ask before doing anything else.Your mistakes during cleaning process may have very serious consequences, like unbootable computer. Read all of my instructions very carefully.If some log exceeds 50,000 characters post limit, split it between couple of replies.