New W.10 drivers (Intel Graphics Media Accelerator: igfxhk.exe, igxpun.exe, igfxtray.exe, igfxmem.exe) get erased by webroot during phase 2 of installation (Pua.Adware.NetFilter trojan), according to the webroot log.
Then iget an error: 0x8007002 - 0x20007 during INSTALL_DRIVERS, presumably because the installer can't find the new driver!
BTW, webroot is OK with the Win 8.1 fersion of the driver...
So I disabled Webroot and ran the whole download/install process and, well, it got through phase 2 OK, but died later (at 77%) during phase 3, MiGRATE_DATA.
Haven't solved this one yet, but I guess you guys should be aware of the ig*.exe files infections - or incorrect diagnosis!
Denis Samson
here's part of the webroot logfile during installation: (highlights mine)
2015-08-02 15:25:47.0112 <<< Service shut down successfully. Uptime: 123 minute(s)
2015-08-02 16:11:41.0648 >>> Service started [v9.0.1.35]
2015-08-02 16:11:49.0253 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 3 (6335)
2015-08-02 16:11:49.0253 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 4 (6335)
2015-08-02 16:11:49.0496 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 8 (6335)
2015-08-02 16:11:49.0496 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 6 (6335)
2015-08-02 16:11:57.0471 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 4 (5124)
2015-08-02 16:12:00.0143 User process connected successfully from PID 952, Session 1
2015-08-02 16:12:03.0627 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 8 (5124)
2015-08-02 16:12:03.0627 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 6 (5124)
2015-08-02 16:12:24.0097 Connecting to 49 - 49
2015-08-02 16:12:50.0193 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 4 (5124)
2015-08-02 16:12:50.0646 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 8 (5124)
2015-08-02 16:12:50.0646 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 6 (5124)
2015-08-02 16:12:59.0459 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:12:59.0459 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:12:59.0475 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:12:59.0709 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:12:59.0709 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:00.0825 Begin passive write scan (1 file(s))
2015-08-02 16:13:01.0866 End passive write scan (1 file(s))
2015-08-02 16:13:02.0353 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:13:02.0354 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:13:02.0366 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:13:02.0505 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:13:02.0505 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:23.0686 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:13:23.0686 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:13:23.0699 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:13:23.0839 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:13:23.0840 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:58.0426 Begin passive write scan (1 file(s))
2015-08-02 16:13:58.0850 End passive write scan (1 file(s))
2015-08-02 16:35:27.0869 Begin passive write scan (2 file(s))
2015-08-02 16:35:28.0319 End passive write scan (2 file(s))
2015-08-02 16:35:43.0138 Begin passive write scan (29 file(s))
2015-08-02 16:35:44.0324 End passive write scan (29 file(s))
2015-08-02 16:35:46.0273 Begin passive write scan (1 file(s))
2015-08-02 16:35:46.0683 End passive write scan (1 file(s))
2015-08-02 16:35:49.0470 Begin passive write scan (25 file(s))
2015-08-02 16:35:52.0351 End passive write scan (25 file(s))
2015-08-02 16:44:28.0879 Begin passive write scan (49 file(s))
2015-08-02 16:44:30.0037 End passive write scan (49 file(s))
2015-08-02 16:44:34.0952 Begin passive write scan (30 file(s))
2015-08-02 16:44:35.0797 End passive write scan (30 file(s))
2015-08-02 16:44:37.0994 Begin passive write scan (110 file(s))
2015-08-02 16:44:39.0463 End passive write scan (110 file(s))
2015-08-02 16:46:21.0474 Begin passive write scan (43 file(s))
2015-08-02 16:45:33.0793 End passive write scan (17 file(s))
2015-08-02 16:45:35.0886 Begin passive write scan (19 file(s))
2015-08-02 16:45:36.0511 End passive write scan (19 file(s))
2015-08-02 16:45:38.0946 Begin passive write scan (50 file(s))
2015-08-02 16:45:40.0566 End passive write scan (50 file(s))
2015-08-02 16:45:45.0228 Begin passive write scan (1 file(s))
2015-08-02 16:45:45.0660 End passive write scan (1 file(s))
2015-08-02 16:46:12.0391 Begin passive write scan (5 file(s))
2015-08-02 16:46:13.0224 End passive write scan (5 file(s))
2015-08-02 16:46:15.0419 Begin passive write scan (15 file(s))
2015-08-02 16:46:16.0060 End passive write scan (15 file(s))
2015-08-02 16:46:18.0434 Begin passive write scan (29 file(s))
2015-08-02 16:46:19.0592 End passive write scan (29 file(s))
2015-08-02 16:46:21.0474 Begin passive write scan (43 file(s))
2015-08-02 16:46:22.0506 End passive write scan (43 file(s))
2015-08-02 16:49:31.0723 Begin passive write scan (35 file(s))
2015-08-02 16:49:34.0076 End passive write scan (35 file(s))
2015-08-02 16:49:34.0792 Begin passive write scan (5 file(s))
2015-08-02 16:49:36.0070 End passive write scan (5 file(s))
2015-08-02 16:55:43.0204 Begin passive write scan (15 file(s))
2015-08-02 16:55:44.0043 End passive write scan (15 file(s))
2015-08-02 16:55:46.0261 Begin passive write scan (19 file(s))
2015-08-02 16:55:47.0974 End passive write scan (19 file(s))
2015-08-02 16:55:49.0282 Begin passive write scan (5 file(s))
2015-08-02 16:55:50.0167 End passive write scan (5 file(s))
2015-08-02 16:55:52.0296 Begin passive write scan (78 file(s))
2015-08-02 16:55:54.0518 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe [MD5: C41867A20F89B1CD7B435C5BB70C65F0] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0519 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe [MD5: C41867A20F89B1CD7B435C5BB70C65F0, Size: 283552 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0555 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe [MD5: 8682405BA603C7CE7953D1A8C53EE571] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0555 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe [MD5: 8682405BA603C7CE7953D1A8C53EE571, Size: 425376 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0558 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe [MD5: C47553AF292C8C4CB8DC902431F9208F] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0558 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe [MD5: C47553AF292C8C4CB8DC902431F9208F, Size: 219040 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0561 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe [MD5: B859FAC6032B71FBD6AF411A2A3A1B1F] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0561 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe [MD5: B859FAC6032B71FBD6AF411A2A3A1B1F, Size: 416160 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0563 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe [MD5: BE5842C57FEFD8615CFF34B88E35F93B] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0564 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe [MD5: BE5842C57FEFD8615CFF34B88E35F93B, Size: 1011616 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0864 End passive write scan (78 file(s))
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe - MD5: C41867A20F89B1CD7B435C5BB70C65F0, Size: 283552 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe - MD5: C47553AF292C8C4CB8DC902431F9208F, Size: 219040 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe - MD5: 8682405BA603C7CE7953D1A8C53EE571, Size: 425376 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe - MD5: B859FAC6032B71FBD6AF411A2A3A1B1F, Size: 416160 bytes, Flags: 00000020
2015-08-02 16:55:55.0034 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe - MD5: BE5842C57FEFD8615CFF34B88E35F93B, Size: 1011616 bytes, Flags: 00000020
2015-08-02 16:55:55.0057 Performing cleanup entry: 1
2015-08-02 16:55:55.0303 Begin passive write scan (10 file(s))
2015-08-02 16:55:56.0996 Performing cleanup entry: 2
2015-08-02 16:55:57.0426 Performing cleanup entry: 3
2015-08-02 16:55:57.0468 End passive write scan (10 file(s))
2015-08-02 16:55:57.0823 Performing cleanup entry: 4
2015-08-02 16:55:58.0445 Performing cleanup entry: 5
2015-08-02 16:55:58.0447 Begin passive write scan (1 file(s))
2015-08-02 16:55:58.0714 End passive write scan (1 file(s))
2015-08-02 16:55:59.0009 Scan Started: [ID: 39 - Flags: 1025/0]
2015-08-02 16:56:27.0134 Connected to A6
2015-08-02 16:56:27.0361 Scan Results: Files Scanned: 4009, Duration: 28s, Malicious Files: 0
2015-08-02 16:56:27.0387 Scan Finished: [ID: 39 - Seq: 39]
2015-08-02 16:56:37.0587 Begin passive write scan (1 file(s))
2015-08-02 16:56:37.0850 End passive write scan (1 file(s))
2015-08-02 17:02:20.0740 Scan Started: [ID: 40 - Flags: 1025/0]
2015-08-02 17:02:38.0463 Scan Results: Files Scanned: 4052, Duration: 17s, Malicious Files: 0
2015-08-02 17:02:38.0499 Scan Finished: [ID: 40 - Seq: 40]
2015-08-02 17:05:13.0938 Begin passive write scan (138 file(s))
2015-08-02 17:05:11.0542 End passive write scan (127 file(s))
2015-08-02 17:05:13.0938 Begin passive write scan (138 file(s))
2015-08-02 17:05:14.0305 End passive write scan (138 file(s))
2015-08-02 17:05:17.0001 Begin passive write scan (156 file(s))
2015-08-02 17:05:17.0355 End passive write scan (156 file(s))
2015-08-02 17:05:20.0008 Begin passive write scan (3 file(s))
2015-08-02 17:05:20.0269 End passive write scan (3 file(s))
2015-08-02 17:05:23.0021 Begin passive write scan (16 file(s))
2015-08-02 17:05:23.0279 End passive write scan (16 file(s))
2015-08-02 17:05:26.0023 Begin passive write scan (17 file(s))
2015-08-02 17:05:26.0282 End passive write scan (17 file(s))
2015-08-02 17:05:29.0031 Begin passive write scan (9 file(s))
2015-08-02 17:05:29.0390 End passive write scan (9 file(s))
2015-08-02 17:05:32.0038 Begin passive write scan (18 file(s))
2015-08-02 17:05:32.0391 End passive write scan (18 file(s))
2015-08-02 17:05:35.0048 Begin passive write scan (10 file(s))
2015-08-02 17:05:35.0352 End passive write scan (10 file(s))
2015-08-02 17:05:38.0058 Begin passive write scan (143 file(s))
2015-08-02 17:05:38.0517 End passive write scan (143 file(s))
2015-08-02 17:05:41.0065 Begin passive write scan (156 file(s))
2015-08-02 17:05:41.0525 End passive write scan (156 file(s))
2015-08-02 17:05:44.0071 Begin passive write scan (5 file(s))
2015-08-02 17:05:44.0431 End passive write scan (5 file(s))
2015-08-02 17:05:47.0079 Begin passive write scan (4 file(s))
2015-08-02 17:05:47.0441 End passive write scan (4 file(s))
2015-08-02 17:05:50.0085 Begin passive write scan (1 file(s))
2015-08-02 17:05:50.0355 End passive write scan (1 file(s))
2015-08-02 17:05:53.0095 Begin passive write scan (2 file(s))
2015-08-02 17:05:53.0357 End passive write scan (2 file(s))
2015-08-02 17:10:47.0720 Begin passive write scan (9 file(s))
2015-08-02 17:10:47.0979 End passive write scan (9 file(s))
2015-08-02 17:11:04.0809 Begin passive write scan (38 file(s))
2015-08-02 17:11:05.0719 End passive write scan (38 file(s))
2015-08-02 17:11:08.0567 Begin passive write scan (100 file(s))
2015-08-02 17:11:08.0923 End passive write scan (100 file(s))
2015-08-02 17:11:14.0580 Begin passive write scan (2 file(s))
2015-08-02 17:11:14.0841 End passive write scan (2 file(s))
2015-08-02 17:11:46.0120 System shutting down.
2015-08-02 17:11:47.0541 Configuration Saved: CSCS53B53C5408E2772A6EA9A1582CDE065C,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001027,001149,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F3,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00790,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B51,00B61,00B71,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
2015-08-02 17:11:47.0541 Keycode: SAACONLN5A2E52544F3B
2015-08-02 17:11:47.0541 <<< Service shut down successfully. Uptime: 60 minute(s)
can't upgrade to windows 10 because new driver (igfxtray.exe et al.) in W.10 gets deleted by webroot
Userlevel 7
+56
Would you mind contacting support so that they can dig into it further? That way we can make sure those files get whitelisted if they aren't already.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.