Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 24th, 2010, 1:11 pm

My topic was closed and I never received a solution. Why?

I posted Tuesday and received a note on: Sat 28 Feb, 2009 8:38 pm from deltalima that the problem was being worked on I looked at my thread this morning and it was closed!



Joined: Tue 18 May, 2010 7:27 pm
Posts: 1
I was receiving the message “Windows will shutdown in less than a minute” and my computer would keep on shutting down and restarting. I ran a scan with AVG , malwarebytes. After removal of the infected files, I received the following message after booting my computer:
Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat
The specified module could not be found. The log files for Hijackthis, AVG and mawarebytes follow. Thanks for your help! Doug

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:14 PM, on 5/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programs\ZoomIt\ZoomIt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programs\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\Doug\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKCU\..\Run: [Helper] C:\Users\Doug\AppData\Roaming\Helper\bin\liveu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ZoomIt.exe - Shortcut (2).lnk = C:\Programs\ZoomIt\ZoomIt.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10225 bytes
=========================================================================
can "Scan whole computer" was finished.
Infections;"49";"40";"9"
Information;"1"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Wednesday, May 12, 2010, 12:53:39 PM"
Scan finished:;"Wednesday, May 12, 2010, 1:51:59 PM (58 minute(s) 20 second(s))"
Total object scanned:;"585904"
User who launched the scan:;"Doug"

Infections
File;"Infection";"Result"
C:\Windows\system32\taskeng.exe (536):\memory_02b70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\taskeng.exe (536);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\system32\igfxsrvc.exe (1156):\memory_01bc0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\igfxsrvc.exe (1156);"Trojan horse Cryptic.NN";""
C:\Windows\System32\igfxpers.exe (3524):\memory_01af0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\System32\igfxpers.exe (3524);"Trojan horse Cryptic.NN";""
C:\Windows\System32\hkcmd.exe (3452):\memory_01e50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\System32\hkcmd.exe (3452);"Trojan horse Cryptic.NN";""
C:\Windows\system32\Dwm.exe (568):\memory_020e0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\Dwm.exe (568);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\RtHDVCpl.exe (2264):\memory_03270000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\RtHDVCpl.exe (2264);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\msacm32.drv;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Windows\Explorer.EXE (1084):\memory_03ae0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\Explorer.EXE (1084);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\ehome\ehtray.exe (3956):\memory_02b50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\ehome\ehtray.exe (3956);"Trojan horse Cryptic.NN";""
C:\Windows\ehome\ehmsas.exe (1812):\memory_01000000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\ehome\ehmsas.exe (1812);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Programs\ZoomIt\ZoomIt.exe (2456):\memory_01b70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Programs\ZoomIt\ZoomIt.exe (2456);"Trojan horse Cryptic.NN";""
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2280):\memory_02120000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2280);"Trojan horse Cryptic.NN";""
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (3240):\memory_02a20000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (3240);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\Launch Manager\LaunchAp.exe (2680):\memory_01c50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Launch Manager\LaunchAp.exe (2680);"Trojan horse Cryptic.NN";""
C:\Program Files\Internet Explorer\iexplore.exe (3996):\memory_00a20000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Internet Explorer\iexplore.exe (3996);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2156):\memory_01c30000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2156);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (6076):\memory_023e0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (6076);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (3232):\memory_01cc0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (3232);"Trojan horse Cryptic.NN";""
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (2520):\memory_01c70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (2520);"Trojan horse Cryptic.NN";""
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (3084):\memory_070d0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (3084);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"

Information
File;"Information";"Result"
C:\Acer\Empowering Technology\eRecovery\Autorun\APP\CDMaker\WMFDist.exe;"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
==========================================================
Scan started:;"Thursday, May 13, 2010, 5:36:53 PM"
Scan finished:;"Thursday, May 13, 2010, 8:32:40 PM (2 hour(s) 55 minute(s) 46 second(s))"
Total object scanned:;"767705"
User who launched the scan:;"Doug"

Infections
File;"Infection";"Result"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"

Information
File;"Information";"Result"
D:\System Volume Information\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\LogFiles\WMI\RtBackup\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\systemprofile\AppData\Local\History\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SYSTEM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SOFTWARE;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SECURITY;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SAM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\DEFAULT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\COMPONENTS;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\edb.log;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspED94.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspE7A.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspC87A.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\csp517E.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\bthservsdp.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Videos\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Pictures\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Music\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Videos\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Pictures\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Music\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\History\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\Templates\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\Recent\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\PrintHood\;"Locked file. Not tested.";"Locked file. Not tested."
===============================================================================
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4097

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/13/2010 3:40:20 PM
mbam-log-2010-05-13 (15-40-20).txt

Scan type: Quick scan
Objects scanned: 127526
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Doug\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Windows\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Doug\AppData\Roaming\Helper\bin\liveu.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Top
Profile Send private message E-mail

deltalima
Post subject: Re: Error loading flacor.dat after virus removal
New postPosted: Fri 21 May, 2010 9:20 am
Online
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Sat 28 Feb, 2009 8:38 pm
Posts: 1643
Location: UK
Hi Douglas,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:

* I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
* The fixes are specific to your problem and should only be used for this issue on this machine.
* Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
* If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
* It's often worth reading through these instructions and printing them for ease of reference.
* If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
* Please reply to this thread. Do not start a new topic.


Uninstall List

* Open HijackThis.
* Look under System tools.
* Click on the Open Uninstall Manager... button.
* Click on the Save list... button.
* It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
* Notepad will open. Please copy and paste the contents of this log in your next reply.


_________________
Honors Graduate of the Malware Removal University
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Advertisement
Register to Remove

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 24th, 2010, 1:33 pm

052410 uninstall_list

123 CopyDVD Gold 2009
32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer Assist
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Premiere Elements 8.0 Templates
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Atomic Clock Sync
AVG Free 9.0
AviSynth 2.5
Bonjour
CCleaner (remove only)
CheckIt Diagnostics
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Contenta Converter BASIC
CoreAVC Professional Edition (remove only)
Creative WebCam Live! Driver (1.02.03.0606)
Creative WebCam Live! User's Guide (English)
DivXLand Media Subtitler
DVDSmith Movie Backup 1.0.4
ExamView Assessment Suite
Express Burn
Express Rip
FileZilla Client 3.3.2.1
Flickr Uploadr 3.2.1
FlipShare
Free FLV to WMV Converter
Free RAR Extract Frog
FxFoto by Triscape
Garmin City Navigator North America NT 2008
Garmin City Navigator North America NT 2009 Update
Garmin City Navigator North America NT 2010.10
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Officejet All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HPSSupply
inSSIDer
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
IZArc 3.81
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Launch Manager V1.1.1.3
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Longman iBT
Lytec Medical 98
Malwarebytes' Anti-Malware
MapSource
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Journal Viewer
Motorola Driver Installation
Motorola Phone Tools
MozBackup 1.4
Mozilla Firefox (3.5.9)
Mp3tag v2.41
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NCH Toolbox
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org 3.1
PCsync
PDF-Viewer
PHOTOfunSTUDIO HD Edition
Picasa 3
PowerProducer
PrintMaster 12
Prism Video Converter
QuickBooks Basic 2005
QuickTime
RealPlayer
Realtek High Definition Audio Driver
ReNamer
Replay Music
Rhapsody
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Skype™ 4.1
SmartSound Quicktracks for Premiere Elements 8.0
SmartSound Quicktracks for Premiere Elements 8.0
SolveigMM AVI Trimmer
SWF & FLV Player 3.0 (build 3.0.33.5106)
Switch
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
Triscape FxFoto
TSP_CODEC
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Platform Device Manager
VideoPad Video Editor
VLC media player 1.0.3
WavePad Sound Editor
WD Diagnostics
Web Ambassador 8.1 Build 41.16
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Easy Transfer Companion (Beta)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Wipeer version 0.723
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! SiteBuilder
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby NonSuch » May 25th, 2010, 1:33 am

Please take the time to read and familiarize yourself with the rules for posting in this forum. Your first topic was closed because you failed to respond to it for three days. Now this topic will be closed because you added on a second post prior to receiving a response from a helper.

Due to adding on to your topic with your second post it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

viewtopic.php?f=11&t=47959

This topic is now closed. If you still require help, please read the forum rules before starting another topic.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware