Hi Astra3ron
The file "///?/globalroot\systemroot\system32/uacgfppedoc.dll" I would actually say belongs to the harder variant of the TDSS / seneka /UAC Rootkit. The location is ultra hidden to the Windows OS.
Ok here goes.
Download the A-Squared USB emergency stick http://www.emsisoft.com/en/software/download/ the 6th product down the list , Unzip the files to a USB Flash Drive (it may also work unzipping into a new folder on you desktop, but unsure) After Unzipping on to the Flash Drive open the Flash Drive and Click on "a2free.exe"
Update A-Squared, then select Scan. Select "Deep Scan". The Update and scanning will take longer due to the program running from Flash Drive.
Now leave selected any detections linked to "uac*.*" files (*= random, or file extentions) detected as the likes of Win32.Renos and one other I can't remember, and don't select anything not connect to this malware.
Get A-Squared to remove the Globalroot entries etc.
After Restart the PC, Download Malwarebytes http://www.malwarebytes.org/mbam.php and install. Update the definitions then restart the PC into Safe Mode. Now "Proform a Full Scan" aned remove whatever it finds. Malwarebytes creates a log, will be interesting on what it finds. You may find that that Scan is slower than it should be like it's in a boxing match.
After that scan and removal proceedure, Restart the PC back to Normal Mode and do another Full Scan, and remove anything found, another log created,
Now if Norton still notifies you of this on startup, it could be because of this:-
That as you have had other programs remove the infection(s) Norton has the threat in the "unresolved" list (security History) So when you restart the PC Norton notifes you that you have a threat, even though you have used another program to remove it. The entry has to be removed from the Unresoved list, in the Security History. Norton still can think the threat is still there as you have not had Norton remove it, (empting the the unresoved list).
I found that out buy testing with a CD/DVD that had Malware on it, Norton detected it, I asked it to do nothing, so was placed in the unresolved list. After a restart Norton notified me that I had a threat on the F:\ drive (DVD) even though the CD / DVD is no longer in the drive so nothing to detect. Empty drive, had to remove from the Norton history for it to no longer Notify me.
Workaround
THE FIX:
It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also. QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history, GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
"C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly) "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).
Hope this will help to not erase the hole (complete) "Qbackup folder".
BEST REGARDS (SALU2 PARA LA RAZA)
TUFE (aka JC.WILCOX or SABROSO)
Quads
