New W.10 drivers (Intel Graphics Media Accelerator: igfxhk.exe, igxpun.exe, igfxtray.exe, igfxmem.exe) get erased by webroot during phase 2 of installation (Pua.Adware.NetFilter trojan), according to the webroot log.
Then iget an error: 0x8007002 - 0x20007 during INSTALL_DRIVERS, presumably because the installer can't find the new driver!
BTW, webroot is OK with the Win 8.1 fersion of the driver...
So I disabled Webroot and ran the whole download/install process and, well, it got through phase 2 OK, but died later (at 77%) during phase 3, MiGRATE_DATA.
Haven't solved this one yet, but I guess you guys should be aware of the ig*.exe files infections - or incorrect diagnosis!
Denis Samson
here's part of the webroot logfile during installation: (highlights mine)
2015-08-02 15:25:47.0112 <<< Service shut down successfully. Uptime: 123 minute(s)
2015-08-02 16:11:41.0648 >>> Service started [v9.0.1.35]
2015-08-02 16:11:49.0253 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 3 (6335)
2015-08-02 16:11:49.0253 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 4 (6335)
2015-08-02 16:11:49.0496 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 8 (6335)
2015-08-02 16:11:49.0496 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviverService.exe [E91028B05155B784548AEE3B883EE7E0]. Type: 6 (6335)
2015-08-02 16:11:57.0471 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 4 (5124)
2015-08-02 16:12:00.0143 User process connected successfully from PID 952, Session 1
2015-08-02 16:12:03.0627 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 8 (5124)
2015-08-02 16:12:03.0627 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 6 (5124)
2015-08-02 16:12:24.0097 Connecting to 49 - 49
2015-08-02 16:12:50.0193 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 4 (5124)
2015-08-02 16:12:50.0646 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 8 (5124)
2015-08-02 16:12:50.0646 Monitoring process C:Program FilesReviverSoftStart Menu ReviverStartMenuReviver.exe [AB5E80BC8443FC37204E0109588601FC]. Type: 6 (5124)
2015-08-02 16:12:59.0459 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:12:59.0459 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:12:59.0475 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:12:59.0709 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:12:59.0709 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:00.0825 Begin passive write scan (1 file(s))
2015-08-02 16:13:01.0866 End passive write scan (1 file(s))
2015-08-02 16:13:02.0353 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:13:02.0354 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:13:02.0366 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:13:02.0505 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:13:02.0505 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:23.0686 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 4 (4280)
2015-08-02 16:13:23.0686 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 5 (4280)
2015-08-02 16:13:23.0699 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 7 (4280)
2015-08-02 16:13:23.0839 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 8 (4280)
2015-08-02 16:13:23.0840 Monitoring process C:Program FilesSmarter BatterySmarterBattery.exe [2444D83B5D8A56C273C1D3CFA482D001]. Type: 6 (4280)
2015-08-02 16:13:58.0426 Begin passive write scan (1 file(s))
2015-08-02 16:13:58.0850 End passive write scan (1 file(s))
2015-08-02 16:35:27.0869 Begin passive write scan (2 file(s))
2015-08-02 16:35:28.0319 End passive write scan (2 file(s))
2015-08-02 16:35:43.0138 Begin passive write scan (29 file(s))
2015-08-02 16:35:44.0324 End passive write scan (29 file(s))
2015-08-02 16:35:46.0273 Begin passive write scan (1 file(s))
2015-08-02 16:35:46.0683 End passive write scan (1 file(s))
2015-08-02 16:35:49.0470 Begin passive write scan (25 file(s))
2015-08-02 16:35:52.0351 End passive write scan (25 file(s))
2015-08-02 16:44:28.0879 Begin passive write scan (49 file(s))
2015-08-02 16:44:30.0037 End passive write scan (49 file(s))
2015-08-02 16:44:34.0952 Begin passive write scan (30 file(s))
2015-08-02 16:44:35.0797 End passive write scan (30 file(s))
2015-08-02 16:44:37.0994 Begin passive write scan (110 file(s))
2015-08-02 16:44:39.0463 End passive write scan (110 file(s))
2015-08-02 16:46:21.0474 Begin passive write scan (43 file(s))
2015-08-02 16:45:33.0793 End passive write scan (17 file(s))
2015-08-02 16:45:35.0886 Begin passive write scan (19 file(s))
2015-08-02 16:45:36.0511 End passive write scan (19 file(s))
2015-08-02 16:45:38.0946 Begin passive write scan (50 file(s))
2015-08-02 16:45:40.0566 End passive write scan (50 file(s))
2015-08-02 16:45:45.0228 Begin passive write scan (1 file(s))
2015-08-02 16:45:45.0660 End passive write scan (1 file(s))
2015-08-02 16:46:12.0391 Begin passive write scan (5 file(s))
2015-08-02 16:46:13.0224 End passive write scan (5 file(s))
2015-08-02 16:46:15.0419 Begin passive write scan (15 file(s))
2015-08-02 16:46:16.0060 End passive write scan (15 file(s))
2015-08-02 16:46:18.0434 Begin passive write scan (29 file(s))
2015-08-02 16:46:19.0592 End passive write scan (29 file(s))
2015-08-02 16:46:21.0474 Begin passive write scan (43 file(s))
2015-08-02 16:46:22.0506 End passive write scan (43 file(s))
2015-08-02 16:49:31.0723 Begin passive write scan (35 file(s))
2015-08-02 16:49:34.0076 End passive write scan (35 file(s))
2015-08-02 16:49:34.0792 Begin passive write scan (5 file(s))
2015-08-02 16:49:36.0070 End passive write scan (5 file(s))
2015-08-02 16:55:43.0204 Begin passive write scan (15 file(s))
2015-08-02 16:55:44.0043 End passive write scan (15 file(s))
2015-08-02 16:55:46.0261 Begin passive write scan (19 file(s))
2015-08-02 16:55:47.0974 End passive write scan (19 file(s))
2015-08-02 16:55:49.0282 Begin passive write scan (5 file(s))
2015-08-02 16:55:50.0167 End passive write scan (5 file(s))
2015-08-02 16:55:52.0296 Begin passive write scan (78 file(s))
2015-08-02 16:55:54.0518 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe [MD5: C41867A20F89B1CD7B435C5BB70C65F0] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0519 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe [MD5: C41867A20F89B1CD7B435C5BB70C65F0, Size: 283552 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0555 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe [MD5: 8682405BA603C7CE7953D1A8C53EE571] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0555 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe [MD5: 8682405BA603C7CE7953D1A8C53EE571, Size: 425376 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0558 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe [MD5: C47553AF292C8C4CB8DC902431F9208F] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0558 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe [MD5: C47553AF292C8C4CB8DC902431F9208F, Size: 219040 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0561 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe [MD5: B859FAC6032B71FBD6AF411A2A3A1B1F] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0561 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe [MD5: B859FAC6032B71FBD6AF411A2A3A1B1F, Size: 416160 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0563 Infection detected: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe [MD5: BE5842C57FEFD8615CFF34B88E35F93B] [3/00081030] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0564 File blocked in realtime: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe [MD5: BE5842C57FEFD8615CFF34B88E35F93B, Size: 1011616 bytes] [528432/00000003] [Pua.Adware.Netfilter]
2015-08-02 16:55:54.0864 End passive write scan (78 file(s))
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxcuiservice.exe - MD5: C41867A20F89B1CD7B435C5BB70C65F0, Size: 283552 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxhk.exe - MD5: C47553AF292C8C4CB8DC902431F9208F, Size: 219040 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxem.exe - MD5: 8682405BA603C7CE7953D1A8C53EE571, Size: 425376 bytes, Flags: 00000020
2015-08-02 16:55:55.0033 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igfxtray.exe - MD5: B859FAC6032B71FBD6AF411A2A3A1B1F, Size: 416160 bytes, Flags: 00000020
2015-08-02 16:55:55.0034 Determination flags modified: c:$windows.~btdriversdu5f6f92f8-ba39-4a9c-9f4f-b9fe6a3a5077igxpun.exe - MD5: BE5842C57FEFD8615CFF34B88E35F93B, Size: 1011616 bytes, Flags: 00000020
2015-08-02 16:55:55.0057 Performing cleanup entry: 1
2015-08-02 16:55:55.0303 Begin passive write scan (10 file(s))
2015-08-02 16:55:56.0996 Performing cleanup entry: 2
2015-08-02 16:55:57.0426 Performing cleanup entry: 3
2015-08-02 16:55:57.0468 End passive write scan (10 file(s))
2015-08-02 16:55:57.0823 Performing cleanup entry: 4
2015-08-02 16:55:58.0445 Performing cleanup entry: 5
2015-08-02 16:55:58.0447 Begin passive write scan (1 file(s))
2015-08-02 16:55:58.0714 End passive write scan (1 file(s))
2015-08-02 16:55:59.0009 Scan Started: [ID: 39 - Flags: 1025/0]
2015-08-02 16:56:27.0134 Connected to A6
2015-08-02 16:56:27.0361 Scan Results: Files Scanned: 4009, Duration: 28s, Malicious Files: 0
2015-08-02 16:56:27.0387 Scan Finished: [ID: 39 - Seq: 39]
2015-08-02 16:56:37.0587 Begin passive write scan (1 file(s))
2015-08-02 16:56:37.0850 End passive write scan (1 file(s))
2015-08-02 17:02:20.0740 Scan Started: [ID: 40 - Flags: 1025/0]
2015-08-02 17:02:38.0463 Scan Results: Files Scanned: 4052, Duration: 17s, Malicious Files: 0
2015-08-02 17:02:38.0499 Scan Finished: [ID: 40 - Seq: 40]
2015-08-02 17:05:13.0938 Begin passive write scan (138 file(s))
2015-08-02 17:05:11.0542 End passive write scan (127 file(s))
2015-08-02 17:05:13.0938 Begin passive write scan (138 file(s))
2015-08-02 17:05:14.0305 End passive write scan (138 file(s))
2015-08-02 17:05:17.0001 Begin passive write scan (156 file(s))
2015-08-02 17:05:17.0355 End passive write scan (156 file(s))
2015-08-02 17:05:20.0008 Begin passive write scan (3 file(s))
2015-08-02 17:05:20.0269 End passive write scan (3 file(s))
2015-08-02 17:05:23.0021 Begin passive write scan (16 file(s))
2015-08-02 17:05:23.0279 End passive write scan (16 file(s))
2015-08-02 17:05:26.0023 Begin passive write scan (17 file(s))
2015-08-02 17:05:26.0282 End passive write scan (17 file(s))
2015-08-02 17:05:29.0031 Begin passive write scan (9 file(s))
2015-08-02 17:05:29.0390 End passive write scan (9 file(s))
2015-08-02 17:05:32.0038 Begin passive write scan (18 file(s))
2015-08-02 17:05:32.0391 End passive write scan (18 file(s))
2015-08-02 17:05:35.0048 Begin passive write scan (10 file(s))
2015-08-02 17:05:35.0352 End passive write scan (10 file(s))
2015-08-02 17:05:38.0058 Begin passive write scan (143 file(s))
2015-08-02 17:05:38.0517 End passive write scan (143 file(s))
2015-08-02 17:05:41.0065 Begin passive write scan (156 file(s))
2015-08-02 17:05:41.0525 End passive write scan (156 file(s))
2015-08-02 17:05:44.0071 Begin passive write scan (5 file(s))
2015-08-02 17:05:44.0431 End passive write scan (5 file(s))
2015-08-02 17:05:47.0079 Begin passive write scan (4 file(s))
2015-08-02 17:05:47.0441 End passive write scan (4 file(s))
2015-08-02 17:05:50.0085 Begin passive write scan (1 file(s))
2015-08-02 17:05:50.0355 End passive write scan (1 file(s))
2015-08-02 17:05:53.0095 Begin passive write scan (2 file(s))
2015-08-02 17:05:53.0357 End passive write scan (2 file(s))
2015-08-02 17:10:47.0720 Begin passive write scan (9 file(s))
2015-08-02 17:10:47.0979 End passive write scan (9 file(s))
2015-08-02 17:11:04.0809 Begin passive write scan (38 file(s))
2015-08-02 17:11:05.0719 End passive write scan (38 file(s))
2015-08-02 17:11:08.0567 Begin passive write scan (100 file(s))
2015-08-02 17:11:08.0923 End passive write scan (100 file(s))
2015-08-02 17:11:14.0580 Begin passive write scan (2 file(s))
2015-08-02 17:11:14.0841 End passive write scan (2 file(s))
2015-08-02 17:11:46.0120 System shutting down.
2015-08-02 17:11:47.0541 Configuration Saved: CSCS53B53C5408E2772A6EA9A1582CDE065C,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001027,001149,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F3,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00790,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B51,00B61,00B71,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
2015-08-02 17:11:47.0541 Keycode: SAACONLN5A2E52544F3B
2015-08-02 17:11:47.0541 <<< Service shut down successfully. Uptime: 60 minute(s)
can't upgrade to windows 10 because new driver (igfxtray.exe et al.) in W.10 gets deleted by webroot
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.